Add test setup (temp) for xss-input-dangerouslySetInnerHTML

Author: knewbury01

javascript/frameworks/ui5-webcomponents/test/queries/xss-input-dangerouslySetInnerHTML/XssThroughDom.expected

@@ -0,0 +1,14 @@
+edges
+| src/App.tsx:7:10:7:13 | todo | src/App.tsx:7:10:7:13 | todo | provenance |  |
+| src/App.tsx:7:10:7:13 | todo | src/App.tsx:27:46:27:49 | todo | provenance |  |
+| src/App.tsx:12:22:12:45 | todoInp ... ?.value | src/App.tsx:12:22:12:51 | todoInp ... e \|\| "" | provenance |  |
+| src/App.tsx:12:22:12:51 | todoInp ... e \|\| "" | src/App.tsx:7:10:7:13 | todo | provenance |  |
+nodes
+| src/App.tsx:7:10:7:13 | todo | semmle.label | todo |
+| src/App.tsx:7:10:7:13 | todo | semmle.label | todo |
+| src/App.tsx:12:22:12:45 | todoInp ... ?.value | semmle.label | todoInp ... ?.value |
+| src/App.tsx:12:22:12:51 | todoInp ... e \|\| "" | semmle.label | todoInp ... e \|\| "" |
+| src/App.tsx:27:46:27:49 | todo | semmle.label | todo |
+subpaths
+#select
+| src/App.tsx:27:46:27:49 | todo | src/App.tsx:12:22:12:45 | todoInp ... ?.value | src/App.tsx:27:46:27:49 | todo | $@ is reinterpreted as HTML without escaping meta-characters. | src/App.tsx:12:22:12:45 | todoInp ... ?.value | DOM text |

javascript/frameworks/ui5-webcomponents/test/queries/xss-input-dangerouslySetInnerHTML/XssThroughDom.ql

@@ -0,0 +1,27 @@
+/**
+ * @name DOM text reinterpreted as HTML
+ * @description Reinterpreting text from the DOM as HTML
+ *              can lead to a cross-site scripting vulnerability.
+ * @kind path-problem
+ * @problem.severity warning
+ * @security-severity 6.1
+ * @precision high
+ * @id js/xss-through-dom
+ * @tags security
+ *       external/cwe/cwe-079
+ *       external/cwe/cwe-116
+ */
+
+//an exact copy of - https://github.com/github/codeql/blob/main/javascript/ql/src/Security/CWE-079/XssThroughDom.ql
+//included for testing purposes only
+
+import javascript
+import semmle.javascript.security.dataflow.XssThroughDomQuery
+import XssThroughDomFlow::PathGraph
+
+from XssThroughDomFlow::PathNode source, XssThroughDomFlow::PathNode sink
+where
+  XssThroughDomFlow::flowPath(source, sink) and
+  not isIgnoredSourceSinkPair(source.getNode(), sink.getNode())
+select sink.getNode(), source, sink,
+  "$@ is reinterpreted as HTML without escaping meta-characters.", source.getNode(), "DOM text"

javascript/frameworks/ui5-webcomponents/test/queries/xss-input-dangerouslySetInnerHTML/XssThroughDom.qlref

@@ -0,0 +1 @@
+XssThroughDom.ql

javascript/frameworks/ui5-webcomponents/test/queries/xss-input-dangerouslySetInnerHTML/codeql-pack.lock.yml

@@ -0,0 +1,30 @@
+---
+lockVersion: 1.0.0
+dependencies:
+  codeql/concepts:
+    version: 0.0.7
+  codeql/controlflow:
+    version: 2.0.17
+  codeql/dataflow:
+    version: 2.0.17
+  codeql/javascript-all:
+    version: 2.6.13
+  codeql/mad:
+    version: 1.0.33
+  codeql/regex:
+    version: 1.0.33
+  codeql/ssa:
+    version: 2.0.9
+  codeql/threat-models:
+    version: 1.0.33
+  codeql/tutorial:
+    version: 1.0.33
+  codeql/typetracking:
+    version: 2.0.17
+  codeql/util:
+    version: 2.0.20
+  codeql/xml:
+    version: 1.0.33
+  codeql/yaml:
+    version: 1.0.33
+compiled: false

javascript/frameworks/ui5-webcomponents/test/queries/xss-input-dangerouslySetInnerHTML/qlpack.yml

@@ -0,0 +1,5 @@
+name: advanced-security/javascript-sap-ui5-webcomponents-for-react-test
+version: 2.3.0
+extractor: javascript
+dependencies:
+  codeql/javascript-all: "^2.4.0"