improved sink tests

Author: mbaluda

javascript/frameworks/ui5/test/models/sink/UI5ViewSinkTest.expected

@@ -1 +1,4 @@
-| sink1.xml:5:5:5:44 | content={path: '/input'} | The binding path `content={path: '/input'}` is an HTML injection sink. |
+| sink1.xml:6:5:6:44 | content={path: '/input'} | The binding path `content={path: '/input'}` is an HTML injection sink. |
+| sink1.xml:7:5:7:67 | content={path: '/input'} | The binding path `content={path: '/input'}` is an HTML injection sink. |
+| sink1.xml:8:5:8:51 | value={path: '/input'} | The binding path `value={path: '/input'}` is an HTML injection sink. |
+| sink1.xml:9:5:9:72 | value={path: '/input'} | The binding path `value={path: '/input'}` is an HTML injection sink. |

javascript/frameworks/ui5/test/models/sink/UI5ViewSinkTest.ql

@@ -9,7 +9,5 @@ import javascript
 import advanced_security.javascript.frameworks.ui5.UI5View
 
 from UI5BindingPath bp
-where
-  bp = any(UI5View ui5v).getAnHtmlISink() and
-  not bp.getControlDeclaration().isSanitizedControl()
+where bp = any(UI5View ui5v).getAnHtmlISink()
 select bp, "The binding path `" + bp.toString() + "` is an HTML injection sink."

javascript/frameworks/ui5/test/models/sink/logSinkTest.expected

@@ -1,12 +1,12 @@
-| sink.js:24:38:24:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
-| sink.js:24:45:24:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
-| sink.js:24:52:24:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
-| sink.js:25:38:25:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
-| sink.js:25:45:25:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
-| sink.js:25:52:25:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
-| sink.js:27:40:27:44 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
-| sink.js:27:47:27:51 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
-| sink.js:27:54:27:58 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:26:38:26:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:26:45:26:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:26:52:26:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:27:38:27:42 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:27:45:27:49 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:27:52:27:56 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:28:40:28:44 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:28:47:28:51 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
+| sink.js:28:54:28:58 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |
 | sink.js:29:37:29:41 | code0 | SAP UI5 log injection sink with kind: ui5-log-injection |
 | sink.js:29:44:29:48 | code1 | SAP UI5 log injection sink with kind: ui5-log-injection |
 | sink.js:29:51:29:55 | code2 | SAP UI5 log injection sink with kind: ui5-log-injection |

javascript/frameworks/ui5/test/models/sink/sink.js

@@ -8,7 +8,8 @@ sap.ui.define(
     "sap/base/util/Properties",
     "sap/ui/core/RenderManager",
     "sap/ui/util/Storage",
-    "sap/ui/core/util/File"
+    "sap/ui/core/util/File",
+    "sap/ui/richtexteditor/RichTextEditor"
   ],
   function (
     LoaderExtensions,
@@ -19,13 +20,12 @@ sap.ui.define(
     Properties,
     RenderManager,
     Storage,
-    File
+    File,
+    RichTextEditor
   ) {
     var value = jQuery.sap.log.fatal(code0, code1, code2);
     var value = jQuery.sap.log.error(code0, code1, code2);
-
     var value = jQuery.sap.log.warning(code0, code1, code2);
-
     var value = jQuery.sap.log.info(code0, code1, code2);
 
     var value = jQuery.sap.log.debug(code0, code1, code2);
@@ -94,7 +94,7 @@ sap.ui.define(
     var value = obj.registerResourcePath(code0, code1);
     var obj = new Properties();
     var value = obj.create(code0);
-    var obj = new HTML({content: code0});
+    var obj = new HTML({ content: code0 });
     obj.content = code0;
     obj.setContent(code0);
     var obj = new Patcher();
@@ -125,5 +125,12 @@ sap.ui.define(
     var value = sap.ui.core.util.File.save(code0, code1, "csv", "text/csv", code4, code5);
     var value = sap.ui.core.util.File.save(code0, code1, "csv", "text/plain", code4, code5);
     var value = sap.ui.core.util.File.save(code0, code1, code2, code3, code4, code5);
+
+    var obj = new HTML({ content: code0, sanitizeContent: true });
+    var obj = new HTML({ content: code0, sanitizeContent: false });
+
+    var obj = new RichTextEditor({ value: code0 });
+    var obj = new RichTextEditor({ value: code0, sanitizeValue: true });
+    var obj = new RichTextEditor({ value: code0, sanitizeValue: false });
   },
 );

javascript/frameworks/ui5/test/models/sink/sink1.xml

@@ -1,7 +1,10 @@
 <mvc:View controllerName="codeql-sap-js.controller.app"
     xmlns="sap.m"
     xmlns:core="sap.ui.core"
-    xmlns:mvc="sap.ui.core.mvc">
+    xmlns:mvc="sap.ui.core.mvc"
+    xmlns:rte="sap.ui.richtexteditor">
     <core:HTML content="{path: '/input'}"/> <!--XSS sink sap.ui.core.HTML.content -->
     <core:HTML content="{path: '/input'}" sanitizeContent="true"/> <!--sanitized XSS sink sap.ui.core.HTML.content -->
+    <rte:RichTextEditor value="{path: '/input'}"/> <!--XSS sink sap.ui.core.HTML.content -->
+    <rte:RichTextEditor value="{path: '/input'}" sanitizeValue="true"/> <!--sanitized XSS sink sap.ui.core.HTML.content -->
 </mvc:View>

javascript/frameworks/ui5/test/models/sink/xssSinkTest.expected

@@ -1,5 +1,5 @@
 | sink.js:61:39:61:43 | code0 | code0 |
-| sink.js:97:34:97:38 | code0 | code0 |
+| sink.js:97:35:97:39 | code0 | code0 |
 | sink.js:98:19:98:23 | code0 | code0 |
 | sink.js:99:20:99:24 | code0 | code0 |
 | sink.js:101:32:101:36 | code0 | code0 |
@@ -10,3 +10,8 @@
 | sink.js:109:37:109:41 | code1 | code1 |
 | sink.js:111:30:111:34 | code0 | code0 |
 | sink.js:113:32:113:36 | code0 | code0 |
+| sink.js:129:35:129:39 | code0 | code0 |
+| sink.js:130:35:130:39 | code0 | code0 |
+| sink.js:132:43:132:47 | code0 | code0 |
+| sink.js:133:43:133:47 | code0 | code0 |
+| sink.js:134:43:134:47 | code0 | code0 |