-
Notifications
You must be signed in to change notification settings - Fork 2
Cover CAP's Fluent API to construct cds.ql queries
#29
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
74 commits
Select commit
Hold shift + click to select a range
cbc1991
Initial commit
jeongsoolee09 33a987a
Add CDSFacade class
jeongsoolee09 f30750a
Merge branch 'main' into jeongsolee09/CAP-first-draft
jeongsoolee09 192553b
Merge branch 'main' into jeongsolee09/CAP-first-draft
jeongsoolee09 f683c70
Merge branch 'main' into jeongsolee09/CAP-first-draft
jeongsoolee09 cb83f6d
Merge branch 'main' into jeongsolee09/CAP-first-draft
jeongsoolee09 c9b67dd
Merge branch 'main' into jeongsolee09/CAP-first-draft
jeongsoolee09 bc66c4f
Merge branch 'main' into jeongsolee09/CAP-first-draft
jeongsoolee09 b4559c3
Add scaffolding
jeongsoolee09 57ab4ef
Merge branch 'jeongsolee09/CAP-first-draft' of github.com:advanced-se…
jeongsoolee09 b4b2ae5
Add SelectBuilder
jeongsoolee09 0ba335e
Checkpoint: Under construction
jeongsoolee09 86bc412
Add more
jeongsoolee09 340af89
Add some test cases
jeongsoolee09 302b329
Add `groupBy` and `having`
jeongsoolee09 ebb110e
Finalize SELECT draft except CQN and CQL obj
jeongsoolee09 c1e0b9b
Add orderBy to SELECT with propaccess and methodcall
jeongsoolee09 a1005b9
Add parsed CQL object cases
jeongsoolee09 f251685
Rename cql_test to select and nest folders
jeongsoolee09 71dc61b
Add test for Select
jeongsoolee09 66a72b0
Capture `SELECT.one.from` syntax
jeongsoolee09 b03babb
Turn more tests to green
jeongsoolee09 8d3ea62
Add variants which uses TaggedTemplate instead of MethodCall and vice…
jeongsoolee09 cf6bf1a
Add `isTaggedTemplateSelect` and `isMethodCallSelect`
jeongsoolee09 7cd3d01
Add comments to each branch
jeongsoolee09 6e8fbc3
Establish CqlExpression hierarchy
jeongsoolee09 71536fc
Make isMethodCallSelect and isTaggedTemplateSelect private
jeongsoolee09 390b8fb
Fix a minor error in explaining comment
jeongsoolee09 8b9c54b
Fix another minor error in comment
jeongsoolee09 536b3c8
Add `getLocation` for clickable results
jeongsoolee09 e44abc1
Factor out shared member predicates to a class
jeongsoolee09 9dfccb7
Match on property names and method names
jeongsoolee09 8c3661d
Move CQL models to separate file
jeongsoolee09 c17958b
Fix syntactical mistakes on unit tests for SELECT
jeongsoolee09 80f7223
Add test for INSERT CQL query expressions
jeongsoolee09 d09b1c0
Update tests for SELECT
jeongsoolee09 f046ab5
Implement classes for INSERT and add tests
jeongsoolee09 aed2d87
Refactor class hierarchy
jeongsoolee09 bb0030a
Loosen definitions and add modeling of `DELETE`, `UPDATE` and `UPSERT`
jeongsoolee09 3c8c76d
Debug `getAnAPIName/0`
jeongsoolee09 d8ae9f1
Make similar member predicates close to each other
jeongsoolee09 b5f0beb
Add tests for `UPDATE`
jeongsoolee09 71ae19e
Add a single case for `INSERT`
jeongsoolee09 2d6620b
Add minor delimiting comments
jeongsoolee09 4731166
Remove unnecessary comment
jeongsoolee09 4310fa5
Add unit tests for `DELETE`
jeongsoolee09 66eccc5
Add delete.expected and correct other unit test drivers
jeongsoolee09 7a1a52b
Add cases for INSERT
jeongsoolee09 7619b95
Add tests for upsert and add `.expected`
jeongsoolee09 d230597
Merge branch 'main' into jeongsolee09/CAP-first-draft
jeongsoolee09 1d96665
Move contents of cap/ according to new repository structure
jeongsoolee09 a128396
Add lock files for dependency versions
jeongsoolee09 5e124b5
Add subfolders for correct import paths
jeongsoolee09 3bfc433
Update import path for unit tests
jeongsoolee09 f3a9594
Cover cases where the base obj acts as shortcut
jeongsoolee09 588581f
Add cases where SELECT and UPDATE act as shortcut calls
jeongsoolee09 ddf1223
Update .expected and remove unneeded code in update.js
jeongsoolee09 79f6a6f
Merge branch 'main' into jeongsolee09/CAP-first-draft
jeongsoolee09 2af251f
Merge branch 'main' into jeongsolee09/CAP-first-draft
knewbury01 c3c949b
Upgrade CodeQL dependencies and bump pack versions
knewbury01 4eef003
Minor additions
knewbury01 cf2b390
Refactor CDS
knewbury01 fa7a6bb
Improve cds request handler model
knewbury01 eead8db
Refactor cql test locations
knewbury01 09334a5
Fix cql query base representations
knewbury01 17e99e4
Update CQL models and add basic sql injection query and test for sql …
knewbury01 f774013
Improve cap sql model
knewbury01 baae66b
Improve cap cql taint steps and testing
knewbury01 3246352
Add comments and query format to CDS and CQL library
knewbury01 47965f0
Merge branch 'main' into jeongsolee09/CAP-first-draft
knewbury01 3bb6ec3
Merge branch 'main' into jeongsolee09/CAP-first-draft
knewbury01 beb10fb
Fix cap query test location
knewbury01 156d325
Merge branch 'jeongsolee09/CAP-first-draft' of https://github.com/adv…
knewbury01 1288c81
Fix naming in cap query qlref file
knewbury01 File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| --- | ||
| lockVersion: 1.0.0 | ||
| dependencies: {} | ||
| compiled: false |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,9 @@ | ||
| --- | ||
| library: true | ||
| name: advanced-security/javascript-sap-cap-models | ||
| version: 0.3.0 | ||
| extensionTargets: | ||
| codeql/javascript-all: "^0.8.1" | ||
| codeql/javascript-queries: "^0.8.1" | ||
| dataExtensions: | ||
| - "*.model.yml" | ||
134 changes: 134 additions & 0 deletions
134
javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CDS.qll
knewbury01 marked this conversation as resolved.
Show resolved
Hide resolved
|
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,134 @@ | ||
| import javascript | ||
| import DataFlow | ||
|
|
||
| module CDS { | ||
| // TODO: should this base type be more specific? | ||
| abstract class ServiceInstance extends DataFlow::Node { } | ||
|
|
||
| /** | ||
| * Call to`cds.serve` | ||
| */ | ||
| class CdsServeCall extends ServiceInstance { | ||
| CdsServeCall() { this = any(CdsFacade cds).getMember("serve").getACall() } | ||
| } | ||
|
|
||
| /** | ||
| * call to: | ||
| * `new cds.ApplicationService` or `new cds.Service` | ||
| */ | ||
| class ServiceConstructor extends ServiceInstance { | ||
| ServiceConstructor() { this = any(ApplicationService cds).getAnInstantiation() } | ||
| } | ||
|
|
||
| /** | ||
| * return value of `cds.connect.to` | ||
| */ | ||
| class ConnectTo extends ServiceInstance { | ||
| ConnectTo() { this = any(CdsFacade cds).getMember("connect").getMember("to").getACall() } | ||
| } | ||
|
|
||
| /** Last argument to the service methods `srv.before`, `srv.on`, and `srv.after` */ | ||
| private class RequestHandler extends FunctionNode { } | ||
|
|
||
| private class ErrorHandler extends RequestHandler { } | ||
|
|
||
| /** | ||
| * Subclassing ApplicationService via `extends`: | ||
| * ```js | ||
| * class SomeService extends cds.ApplicationService | ||
| * ``` | ||
| */ | ||
| class UserDefinedApplicationService extends ClassNode { | ||
| UserDefinedApplicationService() { | ||
| exists(ApplicationService cdsApplicationService | | ||
| this.getASuperClassNode() = cdsApplicationService.asSource() | ||
| ) | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * Subclassing ApplicationService via `cds.service.impl`: | ||
| * ```js | ||
| * const cds = require('@sap/cds') | ||
| * module.exports = cds.service.impl (function() { ... }) | ||
| * ``` | ||
| */ | ||
| class OldStyleUserDefinedApplicationService extends MethodCallNode { | ||
| OldStyleUserDefinedApplicationService() { | ||
| exists(CdsFacade cds | this = cds.getMember("service").getMember("impl").getACall()) | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * Parameter of a `srv.with` method call: | ||
| * ```js | ||
| * cds.serve('./srv/cat-service') .with ((srv) => { | ||
| * srv.on ('READ','Books', (req) => req.reply([...])) | ||
| * }) | ||
| * ``` | ||
| * | ||
| * TODO expand this to capture request handlers registered inside the function | ||
| */ | ||
| class WithCallParameter extends RequestHandler { | ||
| WithCallParameter() { | ||
| exists(MethodCallNode withCall, ServiceInstance svc | | ||
| withCall.getArgument(0) = this and | ||
| withCall.getMethodName() = "with" and | ||
| withCall.getReceiver() = svc | ||
| ) | ||
| } | ||
| } | ||
|
|
||
| /** | ||
| * Parameter of request handler of `_.on`: | ||
| * ```js | ||
| * _.on ('READ','Books', (req) => req.reply([...])) | ||
| * ``` | ||
| */ | ||
| class OnNodeParam extends ValueNode, ParameterNode { | ||
| MethodCallNode on; | ||
|
|
||
| OnNodeParam() { | ||
| exists(FunctionNode handler | | ||
| on.getMethodName() = "on" and | ||
| on.getLastArgument() = handler and | ||
| handler.getLastParameter() = this | ||
| ) | ||
| } | ||
|
|
||
| MethodCallNode getOnNode() { result = on } | ||
| } | ||
|
|
||
| /** | ||
| * Parameter of request handler of `srv.on`: | ||
| * ```js | ||
| * this.on ('READ','Books', (req) => req.reply([...])) | ||
| * ``` | ||
| * not sure how else to know which service is registering the handler | ||
| */ | ||
| class RequestSource extends OnNodeParam { | ||
| RequestSource() { | ||
| // TODO : consider - do we need to actually ever know which service the handler is associated to? | ||
| exists(UserDefinedApplicationService svc, FunctionNode init | | ||
| svc.getAnInstanceMember() = init and | ||
| init.getName() = "init" and | ||
| this.getOnNode().getEnclosingFunction() = init.getAstNode() | ||
| ) | ||
| or | ||
| exists(WithCallParameter pa | this.getOnNode().getEnclosingFunction() = pa.getFunction()) | ||
| } | ||
| } | ||
|
|
||
| class ApplicationService extends API::Node { | ||
| ApplicationService() { exists(CdsFacade c | this = c.getMember("ApplicationService")) } | ||
| } | ||
|
|
||
| /** | ||
| * ```js | ||
| * const cds = require('@sap/cds') | ||
| * ``` | ||
| */ | ||
| class CdsFacade extends API::Node { | ||
| CdsFacade() { this = API::moduleImport("@sap/cds") } | ||
| } | ||
| } |
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.