Skip to content

Create query for vulnerability not specific to webapp security #78

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 35 commits into from
Feb 5, 2024
Merged

Create query for vulnerability not specific to webapp security #78

Show file tree
Hide file tree
Changes from 11 commits
Commits
Show all changes
35 commits
Select commit Hold shift + click to select a range
213dda7
Add UI5-specific path injection sinks
jeongsoolee09 Jan 25, 2024
732f945
Add `UI5PathInjection.ql`
jeongsoolee09 Jan 25, 2024
b604fb9
Debug ui5.model.yml and update .expected for `pathSinkTest`
jeongsoolee09 Jan 26, 2024
9c32bc0
Initialize query and test suite
jeongsoolee09 Jan 26, 2024
5e7ab05
Merge branch 'main' into jeongsoolee09/non-webapp-specific-vulns
jeongsoolee09 Jan 26, 2024
8929c67
Update .expected of UI5PathInjection
jeongsoolee09 Jan 26, 2024
403b776
Update .expected of logSinkTest and xssSinkTest
jeongsoolee09 Jan 26, 2024
8c20c2f
Merge branch 'main' into jeongsoolee09/non-webapp-specific-vulns
jeongsoolee09 Jan 30, 2024
7370afe
Change description, imported stdlib query, and error message
jeongsoolee09 Jan 30, 2024
51623f4
Adapt existing `UI5PathInjection` to `UI5FormulaInjection`
jeongsoolee09 Jan 30, 2024
7c98f92
Minor change to the message
jeongsoolee09 Jan 30, 2024
979fb67
Initialize test suite for UI5FormulaInjection
jeongsoolee09 Jan 31, 2024
2283cdf
Specify argument index instead of range denoting all
jeongsoolee09 Jan 31, 2024
7648517
Add first draft of `UI5FormulaInjection`
jeongsoolee09 Jan 31, 2024
5e4110d
Fix test suites for TDD
jeongsoolee09 Jan 31, 2024
90a2c29
Add model sink test for `formulaSinkTest`
jeongsoolee09 Jan 31, 2024
2991500
Change `sap.ui.require` to `sap.ui.define`
jeongsoolee09 Jan 31, 2024
668370a
Debug query and update `.expected` of `UI5FormulaInjection`
jeongsoolee09 Jan 31, 2024
ab98adc
Update `.expected` of `pathSinkTest`
jeongsoolee09 Feb 1, 2024
fef382b
Fix unit test suite and update `.expected`
jeongsoolee09 Feb 1, 2024
2df53a6
Fix test suites, fix query, update `.expected`
jeongsoolee09 Feb 1, 2024
de92260
Merge branch 'main' into jeongsoolee09/non-webapp-specific-vulns
jeongsoolee09 Feb 1, 2024
ef2f323
Merge branch 'main' into jeongsoolee09/non-webapp-specific-vulns
mbaluda Feb 1, 2024
ad0cbab
Scaffold qhelp files
jeongsoolee09 Feb 2, 2024
b9eb6be
Complete first draft of `UI5PathInjection.md`
jeongsoolee09 Feb 3, 2024
13df4ad
update
jeongsoolee09 Feb 3, 2024
b02bbdf
Merge branch 'main' into jeongsoolee09/non-webapp-specific-vulns
jeongsoolee09 Feb 5, 2024
e611865
Update javascript/frameworks/ui5/src/UI5FormulaInjection/UI5FormulaIn…
jeongsoolee09 Feb 5, 2024
80fce3e
Update javascript/frameworks/ui5/src/UI5FormulaInjection/UI5FormulaIn…
jeongsoolee09 Feb 5, 2024
5b65c4f
Update javascript/frameworks/ui5/src/UI5FormulaInjection/UI5FormulaIn…
jeongsoolee09 Feb 5, 2024
4598870
Update javascript/frameworks/ui5/src/UI5PathInjection/UI5PathInjectio…
jeongsoolee09 Feb 5, 2024
b72787e
Update javascript/frameworks/ui5/src/UI5PathInjection/UI5PathInjectio…
jeongsoolee09 Feb 5, 2024
bda7969
Update javascript/frameworks/ui5/src/UI5PathInjection/UI5PathInjectio…
jeongsoolee09 Feb 5, 2024
e5b4b78
Update javascript/frameworks/ui5/src/UI5PathInjection/UI5PathInjectio…
jeongsoolee09 Feb 5, 2024
7b19d39
Update javascript/frameworks/ui5/src/UI5PathInjection/UI5PathInjectio…
jeongsoolee09 Feb 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
9 changes: 9 additions & 0 deletions javascript/frameworks/ui5/ext/ui5.model.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,6 +57,13 @@ extensions:
- ["UI5Control", "sap/ui/richtexteditor/RichTextEditor", ""]
- ["UI5CodeEditor", "UI5CodeEditor", "Instance"]
- ["UI5CodeEditor", "sap/ui/codeeditor/CodeEditor", ""]
# Classes that provide Path injection APIs
- ["UI5ClientStorage", "sap/ui/util/Storage", ""]
- ["UI5ClientStorage", "global", "Member[sap].Member[ui].Member[util].Member[Storage]"]
- ["UI5ClientStorage", "global", "Member[jQuery].Member[sap].Member[storage]"]
- ["UI5ClientStorage", "sap/ui/core/util/File", ""]
- ["UI5ClientStorage", "global", "Member[sap].Member[ui].Member[core].Member[util].Member[File]"]


- addsTo:
pack: codeql/javascript-all
Expand Down Expand Up @@ -94,6 +101,8 @@ extensions:
- ["ResourceBundle", "Member[create].Argument[0]", "ui5-path-injection"]
- ["Properties", "Member[create].Argument[0]", "ui5-path-injection"]
- ["LoaderExtensions", "Member[registerResourcePath].Argument[1]", "ui5-path-injection"]
- ["UI5ClientStorage", "Member[put].Argument[0..]", "ui5-path-injection"]
- ["UI5ClientStorage", "Member[save].Argument[0..]", "ui5-path-injection"]

- addsTo:
pack: codeql/javascript-all
Expand Down
35 changes: 35 additions & 0 deletions javascript/frameworks/ui5/src/UI5FormulaInjection/UI5FormulaInjection.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
/**
* @name UI5 Formula Injection
* @description Saving data from an uncontrolled remote source using filesystem or local storage
* leads to disclosure of sensitive information or forgery of entry.
* @kind path-problem
* @problem.severity error
* @security-severity 7.8
* @precision medium
* @id js/ui5-formula-injection
* @tags security
* external/cwe/cwe-1236
*/

import javascript
import advanced_security.javascript.frameworks.ui5.dataflow.DataFlow
import advanced_security.javascript.frameworks.ui5.dataflow.DataFlow::UI5PathGraph

class UI5FormulaInjectionConfiguration extends TaintTracking::Configuration {
UI5FormulaInjectionConfiguration() { this = "UI5 Formula Injection" }

override predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource }

override predicate isSink(DataFlow::Node node) {
node = ModelOutput::getASinkNode("ui5-formula-injection").asSink()
}
}

from
UI5FormulaInjectionConfiguration config, UI5PathNode source, UI5PathNode sink,
UI5PathNode primarySource
where
config.hasFlowPath(source.getPathNode(), sink.getPathNode()) and
primarySource = source.getAPrimarySource()
select sink, primarySource, sink, "The content of a saved file depends on a $@.", primarySource,
"user-provided value"
35 changes: 35 additions & 0 deletions javascript/frameworks/ui5/src/UI5PathInjection/UI5PathInjection.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
/**
* @name UI5 Path Injection
* @description Constructing path from an uncontrolled remote source to be passed
* to a filesystem API allows for manipulation of the local filesystem.
* @kind path-problem
* @problem.severity error
* @security-severity 7.8
* @precision medium
* @id js/ui5-path-injection
* @tags security
* external/cwe/cwe-022
* external/cwe/cwe-035
*/

import javascript
import advanced_security.javascript.frameworks.ui5.dataflow.DataFlow
import advanced_security.javascript.frameworks.ui5.dataflow.DataFlow::UI5PathGraph
import semmle.javascript.security.dataflow.TaintedPathQuery as TaintedPathQuery

class UI5PathInjectionConfiguration extends TaintedPathQuery::Configuration {
override predicate isSource(DataFlow::Node node) { node instanceof RemoteFlowSource }

override predicate isSink(DataFlow::Node node) {
node = ModelOutput::getASinkNode("ui5-path-injection").asSink()
}
}

from
UI5PathInjectionConfiguration config, UI5PathNode source, UI5PathNode sink,
UI5PathNode primarySource
where
config.hasFlowPath(source.getPathNode(), sink.getPathNode()) and
primarySource = source.getAPrimarySource()
select sink, primarySource, sink, "The path of a saved file depends on a $@.", primarySource,
"user-provided value"
100 changes: 50 additions & 50 deletions javascript/frameworks/ui5/test/models/sink/logSinkTest.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,56 +1,56 @@
| sink.js:20:38:20:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:20:45:20:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:20:52:20:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:21:38:21:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:21:45:21:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:21:52:21:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:23:40:23:44 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:23:47:23:51 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:23:54:23:58 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:25:37:25:41 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:25:44:25:48 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:25:51:25:55 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:27:38:27:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:27:45:27:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:27:52:27:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:29:38:29:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:29:45:29:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:29:52:29:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:33:27:33:31 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:33:34:33:38 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:33:41:33:45 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:35:27:35:31 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:35:34:35:38 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:35:41:35:45 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:37:29:37:33 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:37:36:37:40 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:37:43:37:47 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:39:26:39:30 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:39:33:39:37 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:39:40:39:44 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:41:27:41:31 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:41:34:41:38 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:41:41:41:45 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:43:27:43:31 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:43:34:43:38 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:43:41:43:45 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:45:42:45:46 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:74:36:74:40 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:74:43:74:47 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:74:50:74:54 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:75:36:75:40 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:75:43:75:47 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:75:50:75:54 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:76:38:76:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:76:45:76:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:76:52:76:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:77:35:77:39 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:77:42:77:46 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:77:49:77:53 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:24:38:24:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:24:45:24:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:24:52:24:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:25:38:25:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:25:45:25:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:25:52:25:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:27:40:27:44 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:27:47:27:51 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:27:54:27:58 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:29:37:29:41 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:29:44:29:48 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:29:51:29:55 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:31:38:31:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:31:45:31:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:31:52:31:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:33:38:33:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:33:45:33:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:33:52:33:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:37:27:37:31 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:37:34:37:38 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:37:41:37:45 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:39:27:39:31 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:39:34:39:38 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:39:41:39:45 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:41:29:41:33 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:41:36:41:40 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:41:43:41:47 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:43:26:43:30 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:43:33:43:37 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:43:40:43:44 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:45:27:45:31 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:45:34:45:38 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:45:41:45:45 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:47:27:47:31 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:47:34:47:38 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:47:41:47:45 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:49:42:49:46 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:78:36:78:40 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:78:43:78:47 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:78:50:78:54 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:79:36:79:40 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:79:43:79:47 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:79:50:79:54 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:86:40:86:44 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:80:38:80:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:80:45:80:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:80:52:80:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:81:35:81:39 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:81:42:81:46 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:81:49:81:53 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:82:36:82:40 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:82:43:82:47 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:82:50:82:54 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:83:36:83:40 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:83:43:83:47 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:83:50:83:54 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
| sink.js:90:40:90:44 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
58 changes: 38 additions & 20 deletions javascript/frameworks/ui5/test/models/sink/pathSinkTest.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,40 @@
| sink.js:47:54:47:58 | code1 | code1 |
| sink.js:49:56:49:60 | code1 | code1 |
| sink.js:51:36:51:40 | code0 | code0 |
| sink.js:53:42:53:46 | code0 | code0 |
| sink.js:55:46:55:50 | code0 | code0 |
| sink.js:59:39:59:43 | code0 | code0 |
| sink.js:61:38:61:42 | code0 | code0 |
| sink.js:63:33:63:37 | code0 | code0 |
| sink.js:65:37:65:41 | code0 | code0 |
| sink.js:67:36:67:40 | code0 | code0 |
| sink.js:67:43:67:47 | code1 | code1 |
| sink.js:51:54:51:58 | code1 | code1 |
| sink.js:53:56:53:60 | code1 | code1 |
| sink.js:55:36:55:40 | code0 | code0 |
| sink.js:57:42:57:46 | code0 | code0 |
| sink.js:59:46:59:50 | code0 | code0 |
| sink.js:63:39:63:43 | code0 | code0 |
| sink.js:65:38:65:42 | code0 | code0 |
| sink.js:67:33:67:37 | code0 | code0 |
| sink.js:69:37:69:41 | code0 | code0 |
| sink.js:69:44:69:48 | code1 | code1 |
| sink.js:71:40:71:44 | code0 | code0 |
| sink.js:71:47:71:51 | code1 | code1 |
| sink.js:73:40:73:44 | code0 | code0 |
| sink.js:73:47:73:51 | code1 | code1 |
| sink.js:88:28:88:32 | code0 | code0 |
| sink.js:90:49:90:53 | code1 | code1 |
| sink.js:71:36:71:40 | code0 | code0 |
| sink.js:71:43:71:47 | code1 | code1 |
| sink.js:73:37:73:41 | code0 | code0 |
| sink.js:73:44:73:48 | code1 | code1 |
| sink.js:75:40:75:44 | code0 | code0 |
| sink.js:75:47:75:51 | code1 | code1 |
| sink.js:77:40:77:44 | code0 | code0 |
| sink.js:77:47:77:51 | code1 | code1 |
| sink.js:92:28:92:32 | code0 | code0 |
| sink.js:111:42:111:46 | code0 | code0 |
| sink.js:112:46:112:50 | code0 | code0 |
| sink.js:94:49:94:53 | code1 | code1 |
| sink.js:96:28:96:32 | code0 | code0 |
| sink.js:115:42:115:46 | code0 | code0 |
| sink.js:116:46:116:50 | code0 | code0 |
| sink.js:118:29:118:33 | code0 | code0 |
| sink.js:118:36:118:40 | code1 | code1 |
| sink.js:119:41:119:45 | code0 | code0 |
| sink.js:119:48:119:52 | code1 | code1 |
| sink.js:120:40:120:44 | code0 | code0 |
| sink.js:120:47:120:51 | code1 | code1 |
| sink.js:122:27:122:31 | code0 | code0 |
| sink.js:122:34:122:38 | code1 | code1 |
| sink.js:122:41:122:45 | code2 | code2 |
| sink.js:122:48:122:52 | code3 | code3 |
| sink.js:122:55:122:59 | code4 | code4 |
| sink.js:122:62:122:66 | code5 | code5 |
| sink.js:123:44:123:48 | code0 | code0 |
| sink.js:123:51:123:55 | code1 | code1 |
| sink.js:123:58:123:62 | code2 | code2 |
| sink.js:123:65:123:69 | code3 | code3 |
| sink.js:123:72:123:76 | code4 | code4 |
| sink.js:123:79:123:83 | code5 | code5 |
11 changes: 11 additions & 0 deletions javascript/frameworks/ui5/test/models/sink/sink.js
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,8 @@ sap.ui.require(
"sap/ui/core/HTML",
"sap/base/util/Properties",
"sap/ui/core/RenderManager",
"sap/ui/util/Storage",
"sap/ui/core/util/File"
],
function (
LoaderExtensions,
Expand All @@ -16,6 +18,8 @@ sap.ui.require(
HTML,
Properties,
RenderManager,
Storage,
File
) {
var value = jQuery.sap.log.fatal(code0, code1, code2);
var value = jQuery.sap.log.error(code0, code1, code2);
Expand Down Expand Up @@ -110,5 +114,12 @@ sap.ui.require(

var value = sap.ui.dom.includeScript(code0);
var value = sap.ui.dom.includeStyleSheet(code0);

var value = Storage.put(code0, code1);
var value = sap.ui.util.Storage.put(code0, code1);
var value = jQuery.sap.storage.put(code0, code1);

var value = File.save(code0, code1, code2, code3, code4, code5);
var value = sap.ui.core.util.File.save(code0, code1, code2, code3, code4, code5);
},
);
24 changes: 12 additions & 12 deletions javascript/frameworks/ui5/test/models/sink/xssSinkTest.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,12 +1,12 @@
| sink.js:57:39:57:43 | code0 | code0 |
| sink.js:93:34:93:38 | code0 | code0 |
| sink.js:94:19:94:23 | code0 | code0 |
| sink.js:95:20:95:24 | code0 | code0 |
| sink.js:97:32:97:36 | code0 | code0 |
| sink.js:99:27:99:31 | code0 | code0 |
| sink.js:101:36:101:40 | code0 | code0 |
| sink.js:101:43:101:47 | code1 | code1 |
| sink.js:105:30:105:34 | code0 | code0 |
| sink.js:105:37:105:41 | code1 | code1 |
| sink.js:107:30:107:34 | code0 | code0 |
| sink.js:109:32:109:36 | code0 | code0 |
| sink.js:61:39:61:43 | code0 | code0 |
| sink.js:97:34:97:38 | code0 | code0 |
| sink.js:98:19:98:23 | code0 | code0 |
| sink.js:99:20:99:24 | code0 | code0 |
| sink.js:101:32:101:36 | code0 | code0 |
| sink.js:103:27:103:31 | code0 | code0 |
| sink.js:105:36:105:40 | code0 | code0 |
| sink.js:105:43:105:47 | code1 | code1 |
| sink.js:109:30:109:34 | code0 | code0 |
| sink.js:109:37:109:41 | code1 | code1 |
| sink.js:111:30:111:34 | code0 | code0 |
| sink.js:113:32:113:36 | code0 | code0 |
17 changes: 17 additions & 0 deletions ...queries/UI5PathInjection/path-custom-control-property-sanitized/UI5PathInjection.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
nodes
| webapp/control/xss.js:7:23:7:37 | { type: "int" } |
| webapp/control/xss.js:13:54:13:71 | oControl.getText() |
| webapp/controller/app.controller.js:9:17:9:27 | input: null |
| webapp/view/app.view.xml:5:5:7:28 | value={/input} |
| webapp/view/app.view.xml:8:5:8:38 | text={/input} |
edges
| webapp/control/xss.js:7:23:7:37 | { type: "int" } | webapp/control/xss.js:13:54:13:71 | oControl.getText() |
| webapp/control/xss.js:7:23:7:37 | { type: "int" } | webapp/controller/app.controller.js:9:17:9:27 | input: null |
| webapp/controller/app.controller.js:9:17:9:27 | input: null | webapp/control/xss.js:7:23:7:37 | { type: "int" } |
| webapp/controller/app.controller.js:9:17:9:27 | input: null | webapp/view/app.view.xml:5:5:7:28 | value={/input} |
| webapp/controller/app.controller.js:9:17:9:27 | input: null | webapp/view/app.view.xml:8:5:8:38 | text={/input} |
| webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/controller/app.controller.js:9:17:9:27 | input: null |
| webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/controller/app.controller.js:11:26:11:45 | new JSONModel(oData) |
| webapp/view/app.view.xml:8:5:8:38 | text={/input} | webapp/controller/app.controller.js:9:17:9:27 | input: null |
#select
| webapp/control/xss.js:13:54:13:71 | oControl.getText() | webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/control/xss.js:13:54:13:71 | oControl.getText() | Path or file content depends on a $@. | webapp/view/app.view.xml:5:5:7:28 | value={/input} | user-provided value |
1 change: 1 addition & 0 deletions ...st/queries/UI5PathInjection/path-custom-control-property-sanitized/UI5PathInjection.qlref
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
UI5PathInjection/UI5PathInjection.ql
12 changes: 12 additions & 0 deletions ...i5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/package-lock.json
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

5 changes: 5 additions & 0 deletions ...rks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/package.json
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
{
"name": "sap-ui5-xss",
"version": "1.0.0",
"main": "index.js"
}
7 changes: 7 additions & 0 deletions ...meworks/ui5/test/queries/UI5PathInjection/path-custom-control-property-sanitized/ui5.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
specVersion: '3.0'
metadata:
name: sap-ui5-xss
type: application
framework:
name: SAPUI5
version: "1.115.0"
Loading