Remove refereence to Controller

mbaluda · mbaluda · commit 3e102b1890e7 · 2026-03-12T15:45:51.000+01:00
diff --git a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/dataflow/UI5DataFlow.qll b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/dataflow/UI5DataFlow.qll
@@ -66,14 +66,7 @@ class LocalModelContentBoundBidirectionallyToHtmlISinkControl extends DomBasedXs
  */
 class LocalModelStringPropertySource extends DomBasedXss::Source {
   LocalModelStringPropertySource() {
-    exists(UI5BindingPath bindingPath |
-      this =
-        bindingPath
-            .getControlDeclaration()
-            .getDefinition()
-            .getMetadata()
-            .getProperty(bindingPath.getPropertyName())
-    )
+    this = any(PropertyMetadata propMeta | propMeta.isUnrestrictedStringType())
   }
 }
 
diff --git a/javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/UI5Xss.expected b/javascript/frameworks/ui5/test/queries/UI5Xss/xss-book-example/UI5Xss.expected
@@ -13,3 +13,4 @@ edges
 | webapp/controls/Book.js:133:8:133:26 | oControl.getTitle() | webapp/controls/Book.js:132:7:134:15 | "<div>T ... </div>" |
 #select
 | webapp/controls/Book.js:132:7:134:15 | "<div>T ... </div>" | webapp/controller/App.Controller.js:23:25:23:47 | oSearch ... Value() | webapp/controls/Book.js:132:7:134:15 | "<div>T ... </div>" | XSS vulnerability due to $@. | webapp/controller/App.Controller.js:23:25:23:47 | oSearch ... Value() | user-provided value |
+| webapp/controls/Book.js:132:7:134:15 | "<div>T ... </div>" | webapp/controls/Book.js:17:13:17:30 | { type: "string" } | webapp/controls/Book.js:132:7:134:15 | "<div>T ... </div>" | XSS vulnerability due to $@. | webapp/controls/Book.js:17:13:17:30 | { type: "string" } | user-provided value |
