Merge pull request #83 from advanced-security/knewbury01/extra-cds-sinks-code-injection

Add cap cxn parse sink model and test

Author: knewbury01

javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CDS.qll

@@ -131,4 +131,13 @@ module CDS {
   class CdsFacade extends API::Node {
     CdsFacade() { this = API::moduleImport("@sap/cds") }
   }
+
+
+  /**
+   * Methods that parse source strings into a CQL expression
+   */
+  class ParseSink extends DataFlow::Node {
+    ParseSink() { this = any(CdsFacade cds).getMember("parse").getMember(["expr", "ref", "xpr"]).getACall().getAnArgument() }
+  }
+
 }

javascript/frameworks/cap/test/models/cds/cxn/parseexpr.expected

@@ -0,0 +1,3 @@
+| parseexpr.js:3:27:3:39 | `foo.bar > 9` |
+| parseexpr.js:4:26:4:38 | `foo.bar > 9` |
+| parseexpr.js:5:26:5:34 | `foo.bar` |

javascript/frameworks/cap/test/models/cds/cxn/parseexpr.js

@@ -0,0 +1,5 @@
+const cds = require("@sap/cds");
+
+let cxn = cds.parse.expr (`foo.bar > 9`)
+let xpr = cds.parse.xpr (`foo.bar > 9`)
+let ref = cds.parse.ref (`foo.bar`)

javascript/frameworks/cap/test/models/cds/cxn/parseexpr.ql

@@ -0,0 +1,5 @@
+import javascript
+import advanced_security.javascript.frameworks.cap.CDS
+
+from CDS::ParseSink sink
+select sink