Fix test case and code

jeongsoolee09 · jeongsoolee09 · commit 1e83f5a75e66 · 2025-06-23T20:07:01.000-04:00
diff --git a/javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CDS.qll b/javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CDS.qll
@@ -148,11 +148,8 @@ class ServiceInstanceFromCdsServe extends ServiceInstance {
  */
 class ServiceInstanceFromCdsConnectTo extends ServiceInstance {
   string serviceDesignator;
-  string serviceName;
 
-  ServiceInstanceFromCdsConnectTo() {
-    this = serviceInstanceFromCdsConnectTo(serviceDesignator).getAPropertyRead(serviceName)
-  }
+  ServiceInstanceFromCdsConnectTo() { this = serviceInstanceFromCdsConnectTo(serviceDesignator) }
 
   override UserDefinedApplicationService getDefinition() {
     exists(RequiredService serviceDecl |
@@ -164,8 +161,6 @@ class ServiceInstanceFromCdsConnectTo extends ServiceInstance {
   }
 
   string getServiceDesignator() { result = serviceDesignator }
-
-  string getServiceName() { result = serviceName }
 }
 
 /**
@@ -280,8 +275,7 @@ class GloballyAccessedCdsDbService extends CdsDbService {
   }
 }
 
-/* Note: This should not extend `ServiceInstanceFromCdsConnectTo`, as it does NOT do a property read! */
-class DbServiceInstanceFromCdsConnectTo extends CdsDbService {
+class DbServiceInstanceFromCdsConnectTo extends ServiceInstanceFromCdsConnectTo, CdsDbService {
   DbServiceInstanceFromCdsConnectTo() { this = serviceInstanceFromCdsConnectTo("db") }
 
   /* A DB service is implicitly defined. */
@@ -602,7 +596,7 @@ class CdsTransaction extends SourceNode {
 
   SourceNode getContextObject() {
     /* 1. An object node passed as the first argument to a call to `srv.tx`. */
-    result = txCall.getALocalSource() and not result instanceof FunctionNode
+    result = txCall.getAnArgument().getALocalSource() and not result instanceof FunctionNode
     or
     /* 2. A manually overriden `cds.context`. */
     exists(Stmt stmt, CdsFacade cds |
diff --git a/javascript/frameworks/cap/test/queries/cqlinjection/srv/service1.js b/javascript/frameworks/cap/test/queries/cqlinjection/srv/service1.js
@@ -110,51 +110,51 @@ module.exports = class Service1 extends cds.ApplicationService {
     /* ========== 4. Service1 running query on Service2 using `Service2.run` and friends ========== */
     this.on("send41", async (req) => {
       const { id } = req.data;
-      const { Service2 } = await cds.connect.to("Service2");
+      const Service2 = await cds.connect.to("Service2");
       const query = SELECT.from`Service1Entity`.where("ID=" + id);
       Service2.run(query);
     });
 
     this.on("send42", async (req) => {
       const { id } = req.data;
-      const { Service2 } = await cds.connect.to("Service2");
+      const Service2 = await cds.connect.to("Service2");
       Service2.read(`Service2Entity`).where("ID =" + id);
     });
 
     this.on("send43", async (req) => {
       const { id } = req.data;
-      const { Service2 } = await cds.connect.to("Service2");
+      const Service2 = await cds.connect.to("Service2");
       Service2.create(`Service2Entity`).entries({id: "" + id});
     });
 
     this.on("send44", async (req) => {
       const { id, amount } = req.data;
-      const { Service2 } = await cds.connect.to("Service2");
+      const Service2 = await cds.connect.to("Service2");
       Service2.update(`Service2Entity`).set("col1 = col1" + amount).where("col1 = " + id);
     });
 
     this.on("send45", async (req) => {
       const { id } = req.data;
-      const { Service2 } = await cds.connect.to("Service2");
+      const Service2 = await cds.connect.to("Service2");
       Service2.insert(`Service2Entity`).entries({id: "" + id});
     });
 
     this.on("send46", async (req) => {
       const { id } = req.data;
-      const { Service2 } = await cds.connect.to("Service2");
+      const Service2 = await cds.connect.to("Service2");
       Service2.upsert(`Service2Entity`).entries({id: "" + id});
     });
 
     this.on("send47", async (req) => {
       const { id } = req.data;
-      const { Service2 } = await cds.connect.to("Service2");
+      const Service2 = await cds.connect.to("Service2");
       Service2.delete(`Service2Entity`).where("ID =" + id);
     });
 
     /* ========== 5. Service1 running query on Service2 using CQN parsed with `cds.ql` ========== */
     this.on("send5", async (req) => {
       const { id } = req.data;
-      const { Service2 } = await cds.connect.to("Service2");
+      const Service2 = await cds.connect.to("Service2");
       const query = cds.ql("SELECT * from Service1Entity where ID =" + id);
       Service2.run(query);
     });
@@ -176,22 +176,22 @@ module.exports = class Service1 extends cds.ApplicationService {
     /* ========== 8. Service1 running query on Service2 using an unparsed CDL string (only valid in old versions of CAP) ========== */
     this.on("send71", async (req) => {
       const { id } = req.data;
-      const { Service2 } = await cds.connect.to("Service2");
+      const Service2 = await cds.connect.to("Service2");
       const query = "SELECT * from Entity1 where ID =" + id;
       Service2.run(query);
     });
 
     this.on("send72", async (req) => {
       const { id } = req.data;
-      const { Service2 } = await cds.connect.to("Service2");
+      const Service2 = await cds.connect.to("Service2");
       const query = `SELECT * from Entity1 where ID =` + id;
       Service2.run(query);
     });
 
     /* ========== 9. Service1 running query on Service2 using `Service2.tx( tx => tx.run(...) )` and friends ========== */
     this.on("send91", async (req) => {
       const { id } = req.data;
-      const { Service2 } = await cds.connect.to("Service2");
+      const Service2 = await cds.connect.to("Service2");
       const query = SELECT.from`Service2Entity`.where("ID=" + id);
       Service2.tx(async (tx) => {
         tx.run(query);
@@ -200,47 +200,47 @@ module.exports = class Service1 extends cds.ApplicationService {
 
     this.on("send92", async (req) => {
       const { id } = req.data;
-      const { Service2 } = await cds.connect.to("Service2");
+      const Service2 = await cds.connect.to("Service2");
       Service2.tx(async (tx) => {
         tx.read(`Service2Entity`).where("ID =" + id);
       });
     });
 
     this.on("send93", async (req) => {
       const { id } = req.data;
-      const { Service2 } = await cds.connect.to("Service2");
+      const Service2 = await cds.connect.to("Service2");
       Service2.tx(async (tx) => {
         tx.create(`Service2Entity`).entries({id: "" + id});
       });
     });
 
     this.on("send94", async (req) => {
       const { id, amount } = req.data;
-      const { Service2 } = await cds.connect.to("Service2");
+      const Service2 = await cds.connect.to("Service2");
       Service2.tx(async (tx) => {
         tx.update(`Service2Entity`).set("col1 = col1" + amount).where("col1 = " + id);
       });
     });
 
     this.on("send95", async (req) => {
       const { id } = req.data;
-      const { Service2 } = await cds.connect.to("Service2");
+      const Service2 = await cds.connect.to("Service2");
       Service2.tx(async (tx) => {
         tx.insert(`Service2Entity`).entries({id: "" + id});
       });
     });
 
     this.on("send96", async (req) => {
       const { id } = req.data;
-      const { Service2 } = await cds.connect.to("Service2");
+      const Service2 = await cds.connect.to("Service2");
       Service2.tx(async (tx) => {
         tx.upsert(`Service2Entity`).entries({id: "" + id});
       });
     });
 
     this.on("send97", async (req) => {
       const { id } = req.data;
-      const { Service2 } = await cds.connect.to("Service2");
+      const Service2 = await cds.connect.to("Service2");
       Service2.tx(async (tx) => {
         tx.delete(`Service2Entity`).where("ID =" + id);
       });
