Add more tests

Author: mbaluda

javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5View.qll

@@ -653,7 +653,7 @@ class XmlView extends UI5View instanceof XmlFile {
         getASuperType(type) = "UI5HTMLControl" and
         // `sap.ui.core.HTML` controls are not sinks if the `sanitizeContent` attribute set to true
         control.getAttribute("sanitizeContent").getValue() = "true"
-        // TODO: unless progeammatically set ot false
+        // TODO: unless progeammatically set to false
       )
     )
   }

javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df sanitized-disable/webapp/controller/app.controller.js

@@ -13,7 +13,6 @@ sap.ui.define([
             this.getView().setModel(oModel);
 
             // enable sanitization programmatically
-            this.getView().setProperty("sanitizeContent", false);
             this.getView().byId("htmlControl").setProperty("sanitizeContent", false);
             this.getView().byId("htmlControl").sanitizeContent = false;
 

javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-df sanitized/webapp/controller/app.controller.js

@@ -13,9 +13,8 @@ sap.ui.define([
             this.getView().setModel(oModel);
 
             // enable sanitization programmatically
-            //this.getView().setProperty("sanitizeContent", true);
-            this.getView().byId("htmlControl").setProperty("sanitizeContent", true);
-            this.getView().byId("htmlControl").sanitizeContent = true;
+            this.getView().byId("htmlControl").setProperty("sanitizeContent", false);
+            this.getView().byId("htmlControl").sanitizeContent = false;
 
             var input = oModel.getProperty('/input');
             oModel.setProperty('/output', input);

javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view sanitized/UI5Xss.expected

@@ -0,0 +1,13 @@
+nodes
+| webapp/controller/app.controller.js:9:17:9:27 | input: null |
+| webapp/view/app.view.html:5:11:5:31 | data-value={/input} |
+| webapp/view/app.view.html:8:11:8:33 | data-content={/input} |
+edges
+| webapp/controller/app.controller.js:9:17:9:27 | input: null | webapp/view/app.view.html:5:11:5:31 | data-value={/input} |
+| webapp/controller/app.controller.js:9:17:9:27 | input: null | webapp/view/app.view.html:8:11:8:33 | data-content={/input} |
+| webapp/controller/app.controller.js:11:26:11:45 | new JSONModel(oData) | webapp/view/app.view.html:8:11:8:33 | data-content={/input} |
+| webapp/view/app.view.html:5:11:5:31 | data-value={/input} | webapp/controller/app.controller.js:9:17:9:27 | input: null |
+| webapp/view/app.view.html:5:11:5:31 | data-value={/input} | webapp/controller/app.controller.js:11:26:11:45 | new JSONModel(oData) |
+| webapp/view/app.view.html:8:11:8:33 | data-content={/input} | webapp/controller/app.controller.js:9:17:9:27 | input: null |
+#select
+| webapp/view/app.view.html:8:11:8:33 | data-content={/input} | webapp/view/app.view.html:5:11:5:31 | data-value={/input} | webapp/view/app.view.html:8:11:8:33 | data-content={/input} | XSS vulnerability due to $@. | webapp/view/app.view.html:5:11:5:31 | data-value={/input} | user-provided value |

javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view sanitized/UI5Xss.qlref

@@ -0,0 +1 @@
+UI5Xss/UI5Xss.ql

javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view sanitized/package-lock.json

@@ -0,0 +1,5 @@
+{
+  "name": "sap-ui5-xss",
+  "version": "1.0.0",
+  "main": "index.js"
+}

javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view sanitized/package.json

@@ -0,0 +1,7 @@
+specVersion: '3.0'
+metadata:
+  name: sap-ui5-xss
+type: application
+framework:
+  name: SAPUI5
+  version: "1.115.0"

javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view sanitized/ui5.yaml

@@ -0,0 +1,15 @@
+sap.ui.define([
+    "sap/ui/core/mvc/Controller",
+    "sap/ui/model/json/JSONModel"
+], function (Controller, JSONModel) {
+    "use strict"
+    return Controller.extend("codeql-sap-js.controller.app", {
+        onInit: function () {
+            var oData = {
+                input: null
+            };
+            var oModel = new JSONModel(oData);
+            this.getView().setModel(oModel);
+        }
+    });
+})

javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-view sanitized/webapp/controller/app.controller.js

@@ -0,0 +1,21 @@
+<!DOCTYPE html>
+<html>
+
+<head>
+
+    <meta charset="utf-8">
+    <title>SAPUI5 XSS</title>
+    <script src="https://sdk.openui5.org/resources/sap-ui-core.js" 
+        data-sap-ui-libs="sap.m"
+        data-sap-ui-onInit="module:codeql-sap-js/index" 
+        data-sap-ui-resourceroots='{
+            "codeql-sap-js": "./"
+        }'>
+        </script>
+</head>
+
+<body class="sapUiBody" id="content">
+
+</body>
+
+</html>