Skip to content

Commit fbc4be8

Browse files
jeongsoolee09jeongsoolee09
committed
Add an XSS example that uses sap/ui/core/EventBus 
1 parent 378d564 commit fbc4be8

File tree

10 files changed

+6156
-0
lines changed

10 files changed

+6156
-0
lines changed

javascript/frameworks/ui5/test/queries/UI5Xss/xss-eventbus-with-data/UI5Xss.expected

Lines changed: 46 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,46 @@
1+
nodes
2+
| webapp/controller/app.controller.js:8:26:8:50 | this.ge ... Model() |
3+
| webapp/controller/app.controller.js:9:17:9:21 | input |
4+
| webapp/controller/app.controller.js:9:25:9:52 | oModel. ... input') |
5+
| webapp/controller/app.controller.js:10:44:10:48 | input |
6+
| webapp/controller/app.controller.js:18:17:18:27 | sInputValue |
7+
| webapp/controller/app.controller.js:18:31:18:59 | oEvent. ... Value() |
8+
| webapp/controller/app.controller.js:19:44:19:54 | sInputValue |
9+
| webapp/controller/app.controller.js:26:17:26:21 | value |
10+
| webapp/controller/app.controller.js:26:25:26:41 | oInput.getValue() |
11+
| webapp/controller/app.controller.js:27:36:27:40 | value |
12+
| webapp/controller/app.controller.js:31:17:31:27 | input: null |
13+
| webapp/controller/app.controller.js:32:17:32:29 | output1: null |
14+
| webapp/controller/app.controller.js:34:17:34:29 | output3: null |
15+
| webapp/view/app.view.xml:5:5:7:28 | value={/input} |
16+
| webapp/view/app.view.xml:9:5:9:39 | content={/output1} |
17+
| webapp/view/app.view.xml:12:5:12:39 | content={/output2} |
18+
| webapp/view/app.view.xml:17:5:17:39 | content={/output3} |
19+
edges
20+
| webapp/controller/app.controller.js:8:26:8:50 | this.ge ... Model() | webapp/controller/app.controller.js:9:25:9:52 | oModel. ... input') |
21+
| webapp/controller/app.controller.js:9:17:9:21 | input | webapp/controller/app.controller.js:10:44:10:48 | input |
22+
| webapp/controller/app.controller.js:9:25:9:52 | oModel. ... input') | webapp/controller/app.controller.js:9:17:9:21 | input |
23+
| webapp/controller/app.controller.js:10:44:10:48 | input | webapp/controller/app.controller.js:8:26:8:50 | this.ge ... Model() |
24+
| webapp/controller/app.controller.js:10:44:10:48 | input | webapp/controller/app.controller.js:32:17:32:29 | output1: null |
25+
| webapp/controller/app.controller.js:18:17:18:27 | sInputValue | webapp/controller/app.controller.js:19:44:19:54 | sInputValue |
26+
| webapp/controller/app.controller.js:18:31:18:59 | oEvent. ... Value() | webapp/controller/app.controller.js:18:17:18:27 | sInputValue |
27+
| webapp/controller/app.controller.js:19:44:19:54 | sInputValue | webapp/controller/app.controller.js:34:17:34:29 | output3: null |
28+
| webapp/controller/app.controller.js:26:17:26:21 | value | webapp/controller/app.controller.js:27:36:27:40 | value |
29+
| webapp/controller/app.controller.js:26:25:26:41 | oInput.getValue() | webapp/controller/app.controller.js:26:17:26:21 | value |
30+
| webapp/controller/app.controller.js:31:17:31:27 | input: null | webapp/controller/app.controller.js:9:25:9:52 | oModel. ... input') |
31+
| webapp/controller/app.controller.js:31:17:31:27 | input: null | webapp/view/app.view.xml:5:5:7:28 | value={/input} |
32+
| webapp/controller/app.controller.js:32:17:32:29 | output1: null | webapp/view/app.view.xml:9:5:9:39 | content={/output1} |
33+
| webapp/controller/app.controller.js:33:17:33:29 | output2: null | webapp/view/app.view.xml:12:5:12:39 | content={/output2} |
34+
| webapp/controller/app.controller.js:34:17:34:29 | output3: null | webapp/view/app.view.xml:17:5:17:39 | content={/output3} |
35+
| webapp/controller/app.controller.js:36:26:36:45 | new JSONModel(oData) | webapp/view/app.view.xml:9:5:9:39 | content={/output1} |
36+
| webapp/controller/app.controller.js:36:26:36:45 | new JSONModel(oData) | webapp/view/app.view.xml:12:5:12:39 | content={/output2} |
37+
| webapp/controller/app.controller.js:36:26:36:45 | new JSONModel(oData) | webapp/view/app.view.xml:17:5:17:39 | content={/output3} |
38+
| webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/controller/app.controller.js:31:17:31:27 | input: null |
39+
| webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/controller/app.controller.js:36:26:36:45 | new JSONModel(oData) |
40+
| webapp/view/app.view.xml:9:5:9:39 | content={/output1} | webapp/controller/app.controller.js:32:17:32:29 | output1: null |
41+
| webapp/view/app.view.xml:12:5:12:39 | content={/output2} | webapp/controller/app.controller.js:33:17:33:29 | output2: null |
42+
| webapp/view/app.view.xml:17:5:17:39 | content={/output3} | webapp/controller/app.controller.js:34:17:34:29 | output3: null |
43+
#select
44+
| webapp/controller/app.controller.js:27:36:27:40 | value | webapp/controller/app.controller.js:26:25:26:41 | oInput.getValue() | webapp/controller/app.controller.js:27:36:27:40 | value | XSS vulnerability due to $@. | webapp/controller/app.controller.js:26:25:26:41 | oInput.getValue() | user-provided value |
45+
| webapp/view/app.view.xml:9:5:9:39 | content={/output1} | webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/view/app.view.xml:9:5:9:39 | content={/output1} | XSS vulnerability due to $@. | webapp/view/app.view.xml:5:5:7:28 | value={/input} | user-provided value |
46+
| webapp/view/app.view.xml:17:5:17:39 | content={/output3} | webapp/controller/app.controller.js:18:31:18:59 | oEvent. ... Value() | webapp/view/app.view.xml:17:5:17:39 | content={/output3} | XSS vulnerability due to $@. | webapp/controller/app.controller.js:18:31:18:59 | oEvent. ... Value() | user-provided value |

javascript/frameworks/ui5/test/queries/UI5Xss/xss-eventbus-with-data/UI5Xss.qlref

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
UI5Xss/UI5Xss.ql

0 commit comments

Comments
 (0)