Merge pull request #253 from advanced-security/knewbury01/update-ui5-models

Add to ui5 model

Author: knewbury01

javascript/frameworks/ui5/ext/ui5.model.yml

@@ -56,6 +56,7 @@ extensions:
       - ["UI5InputControl", "sap/m/MaskEnabler", ""]
       - ["UI5InputControl", "sap/m/MaskInput", ""]
       - ["UI5InputControl", "sap/m/TextArea", ""]
+      - ["UI5InputControl", "sap/m/DatePicker", ""]
       - ["UI5InputControl", "sap/m/ComboBoxBase", ""]
       - ["UI5InputControl", "sap/m/MultiInput", ""]
       - ["UI5InputControl", "sap/ui/webc/main/MultiInput", ""]

javascript/frameworks/ui5/test/models/source/UI5ViewSourceTest.expected

@@ -1 +1,11 @@
 | source1.xml:5:5:7:28 | value={/input} | The binding path `/input` is a user input source. |
+| source1.xml:8:5:10:28 | value={/input} | The binding path `/input` is a user input source. |
+| source1.xml:11:5:13:28 | value={/input} | The binding path `/input` is a user input source. |
+| source1.xml:14:5:16:28 | value={/input} | The binding path `/input` is a user input source. |
+| source1.xml:17:5:19:28 | value={/input} | The binding path `/input` is a user input source. |
+| source1.xml:20:5:22:28 | value={/input} | The binding path `/input` is a user input source. |
+| source1.xml:23:5:25:28 | value={/input} | The binding path `/input` is a user input source. |
+| source1.xml:26:5:28:28 | value={/input} | The binding path `/input` is a user input source. |
+| source1.xml:29:5:31:28 | value={/input} | The binding path `/input` is a user input source. |
+| source1.xml:32:5:34:28 | value={/input} | The binding path `/input` is a user input source. |
+| source1.xml:35:5:37:28 | value={/input} | The binding path `/input` is a user input source. |

javascript/frameworks/ui5/test/models/source/source1.xml

@@ -5,4 +5,34 @@
     <Input placeholder="Enter Payload" 
         description="Try: &lt;img src=x onerror=alert(&quot;XSS&quot;)&gt;" 
         value="{/input}" />  <!--User input source sap.m.Input.value -->
+    <ComboBoxTextField placeholder="Enter Payload" 
+        description="Try: &lt;img src=x onerror=alert(&quot;XSS&quot;)&gt;" 
+        value="{/input}" />  <!--User input source sap.m.ComboBoxTextField.value -->
+    <MaskEnabler placeholder="Enter Payload" 
+        description="Try: &lt;img src=x onerror=alert(&quot;XSS&quot;)&gt;" 
+        value="{/input}" />  <!--User input source sap.m.MaskEnabler.value -->
+    <MaskInput placeholder="Enter Payload" 
+        description="Try: &lt;img src=x onerror=alert(&quot;XSS&quot;)&gt;" 
+        value="{/input}" />  <!--User input source sap.m.MaskInput.value -->
+    <TextArea placeholder="Enter Payload" 
+        description="Try: &lt;img src=x onerror=alert(&quot;XSS&quot;)&gt;" 
+        value="{/input}" />  <!--User input source sap.m.TextArea.value -->
+    <DatePicker placeholder="Enter Payload" 
+        description="Try: &lt;img src=x onerror=alert(&quot;XSS&quot;)&gt;" 
+        value="{/input}" />  <!--User input source sap.m.DatePicker.value -->
+    <ComboBoxBase placeholder="Enter Payload" 
+        description="Try: &lt;img src=x onerror=alert(&quot;XSS&quot;)&gt;" 
+        value="{/input}" />  <!--User input source sap.m.ComboBoxBase.value -->
+    <SearchField placeholder="Enter Payload" 
+        description="Try: &lt;img src=x onerror=alert(&quot;XSS&quot;)&gt;" 
+        value="{/input}" />  <!--User input source sap.m.SearchField.value -->
+    <MultiInput placeholder="Enter Payload" 
+        description="Try: &lt;img src=x onerror=alert(&quot;XSS&quot;)&gt;" 
+        value="{/input}" />  <!--User input source sap.m.MultiInput.value -->
+    <FeedInput placeholder="Enter Payload" 
+        description="Try: &lt;img src=x onerror=alert(&quot;XSS&quot;)&gt;" 
+        value="{/input}" />  <!--User input source sap.m.FeedInput.value -->
+    <InputBase placeholder="Enter Payload" 
+        description="Try: &lt;img src=x onerror=alert(&quot;XSS&quot;)&gt;" 
+        value="{/input}" />  <!--User input source sap.m.InputBase.value -->
 </mvc:View>

javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/UI5Xss.expected

@@ -1,13 +1,53 @@
 nodes
 | webapp/controller/app.controller.js:9:17:9:27 | input: null |
-| webapp/view/app.view.xml:5:5:7:28 | value={/input} |
-| webapp/view/app.view.xml:8:5:8:36 | content={/input} |
+| webapp/view/app.view.xml:5:6:7:28 | value={/input} |
+| webapp/view/app.view.xml:8:5:9:28 | value={/input} |
+| webapp/view/app.view.xml:10:5:11:28 | value={/input} |
+| webapp/view/app.view.xml:12:5:13:28 | value={/input} |
+| webapp/view/app.view.xml:14:5:15:28 | value={/input} |
+| webapp/view/app.view.xml:16:5:17:28 | value={/input} |
+| webapp/view/app.view.xml:18:5:19:28 | value={/input} |
+| webapp/view/app.view.xml:20:5:21:28 | value={/input} |
+| webapp/view/app.view.xml:22:5:23:28 | value={/input} |
+| webapp/view/app.view.xml:24:5:24:36 | content={/input} |
 edges
-| webapp/controller/app.controller.js:9:17:9:27 | input: null | webapp/view/app.view.xml:5:5:7:28 | value={/input} |
-| webapp/controller/app.controller.js:9:17:9:27 | input: null | webapp/view/app.view.xml:8:5:8:36 | content={/input} |
-| webapp/controller/app.controller.js:11:26:11:45 | new JSONModel(oData) | webapp/view/app.view.xml:8:5:8:36 | content={/input} |
-| webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/controller/app.controller.js:9:17:9:27 | input: null |
-| webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/controller/app.controller.js:11:26:11:45 | new JSONModel(oData) |
-| webapp/view/app.view.xml:8:5:8:36 | content={/input} | webapp/controller/app.controller.js:9:17:9:27 | input: null |
+| webapp/controller/app.controller.js:9:17:9:27 | input: null | webapp/view/app.view.xml:5:6:7:28 | value={/input} |
+| webapp/controller/app.controller.js:9:17:9:27 | input: null | webapp/view/app.view.xml:8:5:9:28 | value={/input} |
+| webapp/controller/app.controller.js:9:17:9:27 | input: null | webapp/view/app.view.xml:10:5:11:28 | value={/input} |
+| webapp/controller/app.controller.js:9:17:9:27 | input: null | webapp/view/app.view.xml:12:5:13:28 | value={/input} |
+| webapp/controller/app.controller.js:9:17:9:27 | input: null | webapp/view/app.view.xml:14:5:15:28 | value={/input} |
+| webapp/controller/app.controller.js:9:17:9:27 | input: null | webapp/view/app.view.xml:16:5:17:28 | value={/input} |
+| webapp/controller/app.controller.js:9:17:9:27 | input: null | webapp/view/app.view.xml:18:5:19:28 | value={/input} |
+| webapp/controller/app.controller.js:9:17:9:27 | input: null | webapp/view/app.view.xml:20:5:21:28 | value={/input} |
+| webapp/controller/app.controller.js:9:17:9:27 | input: null | webapp/view/app.view.xml:22:5:23:28 | value={/input} |
+| webapp/controller/app.controller.js:9:17:9:27 | input: null | webapp/view/app.view.xml:24:5:24:36 | content={/input} |
+| webapp/controller/app.controller.js:11:26:11:45 | new JSONModel(oData) | webapp/view/app.view.xml:24:5:24:36 | content={/input} |
+| webapp/view/app.view.xml:5:6:7:28 | value={/input} | webapp/controller/app.controller.js:9:17:9:27 | input: null |
+| webapp/view/app.view.xml:5:6:7:28 | value={/input} | webapp/controller/app.controller.js:11:26:11:45 | new JSONModel(oData) |
+| webapp/view/app.view.xml:8:5:9:28 | value={/input} | webapp/controller/app.controller.js:9:17:9:27 | input: null |
+| webapp/view/app.view.xml:8:5:9:28 | value={/input} | webapp/controller/app.controller.js:11:26:11:45 | new JSONModel(oData) |
+| webapp/view/app.view.xml:10:5:11:28 | value={/input} | webapp/controller/app.controller.js:9:17:9:27 | input: null |
+| webapp/view/app.view.xml:10:5:11:28 | value={/input} | webapp/controller/app.controller.js:11:26:11:45 | new JSONModel(oData) |
+| webapp/view/app.view.xml:12:5:13:28 | value={/input} | webapp/controller/app.controller.js:9:17:9:27 | input: null |
+| webapp/view/app.view.xml:12:5:13:28 | value={/input} | webapp/controller/app.controller.js:11:26:11:45 | new JSONModel(oData) |
+| webapp/view/app.view.xml:14:5:15:28 | value={/input} | webapp/controller/app.controller.js:9:17:9:27 | input: null |
+| webapp/view/app.view.xml:14:5:15:28 | value={/input} | webapp/controller/app.controller.js:11:26:11:45 | new JSONModel(oData) |
+| webapp/view/app.view.xml:16:5:17:28 | value={/input} | webapp/controller/app.controller.js:9:17:9:27 | input: null |
+| webapp/view/app.view.xml:16:5:17:28 | value={/input} | webapp/controller/app.controller.js:11:26:11:45 | new JSONModel(oData) |
+| webapp/view/app.view.xml:18:5:19:28 | value={/input} | webapp/controller/app.controller.js:9:17:9:27 | input: null |
+| webapp/view/app.view.xml:18:5:19:28 | value={/input} | webapp/controller/app.controller.js:11:26:11:45 | new JSONModel(oData) |
+| webapp/view/app.view.xml:20:5:21:28 | value={/input} | webapp/controller/app.controller.js:9:17:9:27 | input: null |
+| webapp/view/app.view.xml:20:5:21:28 | value={/input} | webapp/controller/app.controller.js:11:26:11:45 | new JSONModel(oData) |
+| webapp/view/app.view.xml:22:5:23:28 | value={/input} | webapp/controller/app.controller.js:9:17:9:27 | input: null |
+| webapp/view/app.view.xml:22:5:23:28 | value={/input} | webapp/controller/app.controller.js:11:26:11:45 | new JSONModel(oData) |
+| webapp/view/app.view.xml:24:5:24:36 | content={/input} | webapp/controller/app.controller.js:9:17:9:27 | input: null |
 #select
-| webapp/view/app.view.xml:8:5:8:36 | content={/input} | webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/view/app.view.xml:8:5:8:36 | content={/input} | XSS vulnerability due to $@. | webapp/view/app.view.xml:5:5:7:28 | value={/input} | user-provided value |
+| webapp/view/app.view.xml:24:5:24:36 | content={/input} | webapp/view/app.view.xml:5:6:7:28 | value={/input} | webapp/view/app.view.xml:24:5:24:36 | content={/input} | XSS vulnerability due to $@. | webapp/view/app.view.xml:5:6:7:28 | value={/input} | user-provided value |
+| webapp/view/app.view.xml:24:5:24:36 | content={/input} | webapp/view/app.view.xml:8:5:9:28 | value={/input} | webapp/view/app.view.xml:24:5:24:36 | content={/input} | XSS vulnerability due to $@. | webapp/view/app.view.xml:8:5:9:28 | value={/input} | user-provided value |
+| webapp/view/app.view.xml:24:5:24:36 | content={/input} | webapp/view/app.view.xml:10:5:11:28 | value={/input} | webapp/view/app.view.xml:24:5:24:36 | content={/input} | XSS vulnerability due to $@. | webapp/view/app.view.xml:10:5:11:28 | value={/input} | user-provided value |
+| webapp/view/app.view.xml:24:5:24:36 | content={/input} | webapp/view/app.view.xml:12:5:13:28 | value={/input} | webapp/view/app.view.xml:24:5:24:36 | content={/input} | XSS vulnerability due to $@. | webapp/view/app.view.xml:12:5:13:28 | value={/input} | user-provided value |
+| webapp/view/app.view.xml:24:5:24:36 | content={/input} | webapp/view/app.view.xml:14:5:15:28 | value={/input} | webapp/view/app.view.xml:24:5:24:36 | content={/input} | XSS vulnerability due to $@. | webapp/view/app.view.xml:14:5:15:28 | value={/input} | user-provided value |
+| webapp/view/app.view.xml:24:5:24:36 | content={/input} | webapp/view/app.view.xml:16:5:17:28 | value={/input} | webapp/view/app.view.xml:24:5:24:36 | content={/input} | XSS vulnerability due to $@. | webapp/view/app.view.xml:16:5:17:28 | value={/input} | user-provided value |
+| webapp/view/app.view.xml:24:5:24:36 | content={/input} | webapp/view/app.view.xml:18:5:19:28 | value={/input} | webapp/view/app.view.xml:24:5:24:36 | content={/input} | XSS vulnerability due to $@. | webapp/view/app.view.xml:18:5:19:28 | value={/input} | user-provided value |
+| webapp/view/app.view.xml:24:5:24:36 | content={/input} | webapp/view/app.view.xml:20:5:21:28 | value={/input} | webapp/view/app.view.xml:24:5:24:36 | content={/input} | XSS vulnerability due to $@. | webapp/view/app.view.xml:20:5:21:28 | value={/input} | user-provided value |
+| webapp/view/app.view.xml:24:5:24:36 | content={/input} | webapp/view/app.view.xml:22:5:23:28 | value={/input} | webapp/view/app.view.xml:24:5:24:36 | content={/input} | XSS vulnerability due to $@. | webapp/view/app.view.xml:22:5:23:28 | value={/input} | user-provided value |

javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control/webapp/view/app.view.xml

@@ -2,8 +2,24 @@
     xmlns="sap.m"
     xmlns:core="sap.ui.core"
     xmlns:mvc="sap.ui.core.mvc">
-    <Input placeholder="Enter Payload" 
+     <Input placeholder="Enter Input Payload" 
         description="Try: &lt;img src=x onerror=alert(&quot;XSS&quot;)&gt;" 
         value="{/input}" />  <!--User input source sap.m.Input.value -->
+    <ComboBoxTextField placeholder="Enter ComboBoxTextField Payload" 
+        value="{/input}" />  <!--User input source sap.m.ComboBoxTextField.value -->    
+    <DatePicker placeholder="Enter DatePicker Payload" 
+        value="{/input}" />  <!--User input source sap.m.DatePicker.value -->
+    <TextArea placeholder="Enter TextArea Payload" 
+        value="{/input}" />  <!--User input source sap.m.TextArea.value -->
+    <ComboBoxBase placeholder="Enter ComboBoxBase Payload" 
+        value="{/input}" />  <!--User input source sap.m.ComboBoxBase.value -->
+    <SearchField placeholder="Enter SearchField Payload" 
+        value="{/input}" />  <!--User input source sap.m.SearchField.value -->
+    <MultiInput placeholder="Enter MultiInput Payload" 
+        value="{/input}" />  <!--User input source sap.m.MultiInput.value -->
+    <FeedInput placeholder="Enter FeedInput Payload" 
+        value="{/input}" />  <!--User input source sap.m.FeedInput.value -->
+    <InputBase placeholder="Enter InputBase Payload" 
+        value="{/input}" />  <!--User input source sap.m.InputBase.value -->
     <core:HTML content="{/input}"/> <!--XSS sink sap.ui.core.HTML.content -->
 </mvc:View>