Merge pull request #69 from advanced-security/rvermeulen/bindings

Extend bindings modeling

Author: jeongsoolee09

javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/BindingStringParser.qll

@@ -0,0 +1,6 @@
+| test.js:1:30:1:45 | {/foo/bar/baz} |
+| test.js:2:30:2:44 | {foo/bar/baz} |
+| test.js:4:41:4:62 | {model>/foo/bar/baz} |
+| test.js:5:41:5:61 | {model>foo/bar/baz} |
+| test.js:7:41:7:98 | {path : /foo/bar/baz, type : "sap.ui.model.type.String"} |
+| test.js:8:41:8:97 | {path : foo/bar/baz, type : "sap.ui.model.type.String"} |

javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/Bindings.qll

@@ -0,0 +1,20 @@
+import javascript
+import advanced_security.javascript.frameworks.ui5.Bindings
+import advanced_security.javascript.frameworks.ui5.BindingStringParser as Make
+
+class BindingStringReader extends StringLiteral {
+    BindingStringReader() {
+        this.getValue().matches("{%}")
+    }
+
+    string getBindingString() {
+        result = this.getValue()
+    }
+}
+
+module BindingStringParser = Make::BindingStringParser<BindingStringReader>;
+
+from BindingStringParser::Binding binding
+select binding
+
+

javascript/frameworks/ui5/test/lib/BindingStringParser/BindingStringParser.expected

@@ -0,0 +1,8 @@
+const simple_absolute_path = '{/foo/bar/baz}';
+const simple_relative_path = '{foo/bar/baz}';
+
+const simple_absolute_path_with_model = '{model>/foo/bar/baz}';
+const simple_relative_path_with_model = '{model>foo/bar/baz}';
+
+const simple_absolute_with_properties = "{path: '/foo/bar/baz', type: 'sap.ui.model.type.String'}";
+const simple_relative_with_properties = "{path: 'foo/bar/baz', type: 'sap.ui.model.type.String'}";

javascript/frameworks/ui5/test/lib/BindingStringParser/BindingStringParser.ql

@@ -0,0 +1,22 @@
+| test.html:5:11:5:31 | XML property binding: data-value to {/input} |
+| test.html:8:11:8:33 | XML property binding: data-content to {/input} |
+| test.js:10:20:10:33 | Early JavaScript property binding: {\\n      ...       } to "{/root/name}" |
+| test.js:21:28:21:34 | JavaScript context binding: oInput to "/root" |
+| test.js:23:38:23:43 | Late JavaScript property binding: value to "name" |
+| test.js:26:60:34:9 | Early JavaScript property binding: {\\n      ...       } to {\\n      ...       } |
+| test.js:38:48:44:9 | Late JavaScript property binding: value to {\\n      ...       } |
+| test.js:48:19:48:42 | Early JavaScript property binding: {\\n      ...       } to "{/#foo ... label}" |
+| test.json:5:9:22:9 | JSON property binding: items to {/Base} |
+| test.json:11:17:16:17 | JSON property binding: value to {input} |
+| test.json:17:17:20:17 | JSON property binding: content to {path : /input, formatter : ".valueFormatter"} |
+| test.xml:2:5:2:28 | XML property binding: value to {foo} |
+| test.xml:3:5:3:29 | XML property binding: value to {/foo} |
+| test.xml:4:5:4:34 | XML property binding: value to {model>foo} |
+| test.xml:5:5:5:35 | XML property binding: value to {model>/foo} |
+| test.xml:6:5:8:29 | XML context binding: binding to {/root} |
+| test.xml:6:5:8:29 | XML property binding: value to {foo} |
+| test.xml:9:5:9:70 | XML property binding: value to {path : foo, type : "sap.ui.model.type.String"} |
+| test.xml:10:5:10:71 | XML property binding: value to {path : /foo, type : "sap.ui.model.type.String"} |
+| test.xml:11:5:11:77 | XML property binding: value to {path : model>/foo, type : "sap.ui.model.type.String"} |
+| test.xml:12:5:12:76 | XML property binding: value to {path : model>foo, type : "sap.ui.model.type.String"} |
+| test.xml:14:5:22:45 | XML property binding: value to {parts : [{path : foo}, {path : bar/baz}, {path : quux}], formatter : "some.formatter"} |

javascript/frameworks/ui5/test/lib/BindingStringParser/test.js

@@ -0,0 +1,4 @@
+import javascript
+import advanced_security.javascript.frameworks.ui5.Bindings
+
+select any(Binding b)

javascript/frameworks/ui5/test/lib/Bindings/Bindings.expected

@@ -0,0 +1,10 @@
+<template data-controller-name="codeql-sap-js.controller.app">
+     <div data-sap-ui-type="sap.m.Input" 
+          data-placeholder="Enter Payload"
+          data-description="Try: &lt;img src=x onerror=alert(&quot;XSS&quot;)&gt;" 
+          data-value="{/input}">
+     </div>
+     <div data-sap-ui-type="sap.ui.core.HTML" 
+          data-content="{/input}">
+     </div>
+</template>

javascript/frameworks/ui5/test/lib/Bindings/Bindings.ql

@@ -0,0 +1,52 @@
+sap.ui.define([
+    "sap/ui/core/mvc/Controller"
+], function(Controller) {
+    "use strict";
+
+    return Controller.extend("foo", {
+       onInit: function() {
+        // Early property binding
+        var oInputWithEarlyPropertyBinding = new sap.m.Input({
+            value: "{/root/name}"
+        });
+
+        // Early dynamic property binding
+        const model = "model";
+        var oInputWithEarlyDynamicPropertyBinding = new sap.m.Input({
+            value: "{" + model + "</root/name}"
+        });
+
+        var oInputWithLateBinding = this.byId("foo");
+        // Late context binding
+        oInput.bindElement("/root");
+        // Late property binding
+        oInput.bindProperty("value", "name");
+
+       // Early composite binding
+       var oInputWithEarlyContextBinding = new sap.m.Input({
+           value: {
+               parts: [
+                   { path: "/foo", type: new sap.ui.model.type.String() },
+                   { path: "/bar" },
+                   { path: "baz>/quux", type: new sap.ui.model.type.Float() }
+               ]
+           }
+        });
+
+        // Late composite binding
+        var oInputWithLateContextBinding = this.byId("foo");
+        oInputWithLateContextBinding.bindValue({
+            parts: [
+                { path: "/foo", type: new sap.ui.model.type.String() },
+                { path: "/bar" },
+                { path: "baz>/quux", type: new sap.ui.model.type.Float() }
+            ]
+        });
+
+        // Early property metadata binding
+        var oLabel = new sap.m.Label({
+            text: "{/#foo/bar/@sap:label}"
+        });
+       }
+    });
+});

javascript/frameworks/ui5/test/lib/Bindings/test.html

@@ -0,0 +1,24 @@
+{
+    "Type": "sap.ui.core.mvc.JSONView",
+    "controllerName": "codeql-sap-js.controller.app",
+    "content": [
+        {
+            "Type": "sap.ui.commons.Carousel",
+            "width": "100%",
+            "orientation": "horizontal",
+            "items":"{/Base}",
+            "content": [
+                {
+                    "Type": "sap.m.Input",
+                    "placeholder": "Enter Payload",
+                    "description": "Try: <img src=x onerror=alert(\"XSS\")>",
+                    "value": "{input}"
+                },
+                {
+                    "Type": "sap.ui.core.HTML",
+                    "content": "{path:'/input', formatter: '.valueFormatter'}"
+                }
+            ]
+        }
+    ]
+}