Skip to content

Commit d665b93

Browse files
jeongsoolee09jeongsoolee09
committed
Introduce hierarchy on control-related API calls
1 parent 6876bcb commit d665b93

1 file changed

Lines changed: 22 additions & 15 deletions

File tree

javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/RemoteFlowSources.qll

Lines changed: 22 additions & 15 deletions
Original file line numberDiff line numberDiff line change
@@ -4,34 +4,41 @@ import advanced_security.javascript.frameworks.ui5.UI5View
44
import semmle.javascript.security.dataflow.XssThroughDomCustomizations
55
private import semmle.javascript.frameworks.data.internal.ApiGraphModelsExtensions
66

7-
private class DataFromRemoteControlReference extends RemoteFlowSource {
8-
DataFromRemoteControlReference() {
9-
exists(UI5Control sourceControl, string typeAlias, ControlReference controlReference |
7+
abstract private class RemoteControlAPISource extends SourceNode { }
8+
9+
private class RemoteControlReference extends RemoteControlAPISource, ControlReference {
10+
RemoteControlReference() {
11+
exists(UI5Control sourceControl, string typeAlias |
1012
typeModel(typeAlias, sourceControl.getImportPath(), _) and
1113
sourceModel(typeAlias, _, "remote", _) and
12-
sourceControl.getAReference() = controlReference and
13-
(
14-
this = controlReference.getAMemberCall("getValue") or
15-
this = controlReference.getAMemberCall("getCurrentValue") or
16-
this = controlReference.getAPropertyRead("value")
17-
)
14+
sourceControl.getAReference() = this
1815
)
1916
}
20-
21-
override string getSourceType() { result = "Data from a remote control" }
2217
}
2318

24-
private class UI5ControlHandlerParameter extends RemoteFlowSource {
25-
UI5ControlHandlerParameter() {
19+
private class RemoteControlHandlerParameter extends RemoteControlAPISource, CallNode {
20+
RemoteControlHandlerParameter() {
2621
exists(UI5Control sourceControl, string typeAlias, UI5Handler handler |
2722
typeModel(typeAlias, sourceControl.getImportPath(), _) and
2823
sourceModel(typeAlias, _, "remote", _) and
2924
handler.getControl() = sourceControl and
30-
this = handler.getParameter(0).getAMemberCall("getSource").getAMemberCall("getValue")
25+
this = handler.getParameter(0).getAMemberCall("getSource")
26+
)
27+
}
28+
}
29+
30+
private class UserDataFromRemoteControlAPISource extends RemoteFlowSource {
31+
UserDataFromRemoteControlAPISource() {
32+
exists(RemoteControlAPISource remoteControlAPISource |
33+
this = remoteControlAPISource.getAMemberCall("getValue") or
34+
this = remoteControlAPISource.getAMemberCall("getCurrentValue") or
35+
this = remoteControlAPISource.getAPropertyRead("value")
3136
)
3237
}
3338

34-
override string getSourceType() { result = "Event parameter of a remote control" }
39+
override string getSourceType() {
40+
result = "User-provided data fetched from an input control via JavaScript API"
41+
}
3542
}
3643

3744
private class InputControlInstantiation extends ElementInstantiation {

0 commit comments

Comments
 (0)