Address review feedback RemoteFlowSources types

add more testcases for all entity spec scenarios
add extra ability to know name in one case for ServiceinCDSHandlerParameterWithName

Author: knewbury01

javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/RemoteFlowSources.qll

@@ -59,7 +59,11 @@ class ServiceinCDSHandlerParameterWithName extends ParameterNode, RemoteFlowSour
   ServiceinCDSHandlerParameterWithName() {
     exists(MethodCallNode m, CdlEntity entity, string entityName |
       entity.getName().regexpReplaceAll(".*\\.", "") = entityName and
-      m.getArgument(1).asExpr().getStringValue().regexpReplaceAll("'", "") = entityName and
+      (
+        m.getArgument(1).asExpr().getStringValue().regexpReplaceAll("'", "") = entityName
+        or
+        m.getArgument(1).asExpr().(ArrayExpr).getAnElement().toString() = entityName
+      ) and
       this = m.getArgument(m.getNumArgument() - 1).(FunctionNode).getParameter(0) and
       m.getMethodName() in ["on", "before", "after"]
     )

javascript/frameworks/cap/test/models/cds/remoteflowsources/db/schema.cds

@@ -8,4 +8,8 @@ entity Entity1 {
 entity Entity2 {
   Attribute3 : String(100);
   Attribute4 : String(100)
+}
+
+entity Entity4 {
+  Attribute4 : String(100)
 }

javascript/frameworks/cap/test/models/cds/remoteflowsources/remoteflowsource.expected

@@ -5,4 +5,8 @@
 | srv/service3nocds.js:11:28:11:30 | req |
 | srv/service3nocds.js:12:26:12:28 | req |
 | srv/service3nocds.js:19:34:19:36 | req |
-| srv/service3nocds.js:23:33:23:35 | req |
+| srv/service4withcds.js:5:38:5:40 | req |
+| srv/service4withcds.js:6:43:6:45 | req |
+| srv/service4withcds.js:14:33:14:35 | req |
+| srv/service4withcds.js:15:38:15:40 | req |
+| srv/service4withcds.js:16:23:16:25 | req |

javascript/frameworks/cap/test/models/cds/remoteflowsources/srv/service3nocds.js

@@ -17,8 +17,4 @@ module.exports = BooksService
 
 cds.serve('./test-service').with((srv) => {
     srv.before('READ', 'Books', (req) => req.reply([])) //req
-})
-
-cds.serve('./test-service').with((srv) => {
-    srv.before('READ', 'Test', (req) => req.reply([])) //req
 })

javascript/frameworks/cap/test/models/cds/remoteflowsources/srv/service4.cds

@@ -0,0 +1,11 @@
+using { advanced_security.log_injection.sample_entities as db_schema } from '../db/schema';
+
+service Service4 @(path: '/service-4') {
+  /* Entity to send READ/GET about. */
+  entity Service4Entity as projection on db_schema.Entity4 excluding { Attribute4 }
+
+  /* API to talk to other services. */
+  action send4 (
+    messageToPass: String
+  ) returns String;
+}

javascript/frameworks/cap/test/models/cds/remoteflowsources/srv/service4withcds.js

@@ -0,0 +1,17 @@
+const cds = require("@sap/cds");
+
+class TestService extends cds.ApplicationService {
+    init() {
+        this.before('READ', 'Test', (req) => req.reply([])) //req
+        this.after('READ', this.entities, req => req.target.data) //req
+        return super.init()
+    }
+}
+module.exports = TestService
+
+cds.serve('./test-service').with((srv) => {
+    const { Test, Service4 } = this.entities
+    srv.before('READ', 'Test', (req) => req.reply([])) //req
+    srv.on('READ', [Test, Service4], req => req.target.data) //req
+    srv.after('READ', req => req.target.data) //req
+})