Replace DataFlow::PathGraph with UI5PathGraph

Author: jeongsoolee09

javascript/frameworks/ui5/src/UI5LogInjection/UI5LogsToHttp.ql

@@ -15,6 +15,7 @@ import javascript
 import advanced_security.javascript.frameworks.ui5.dataflow.DataFlow
 import semmle.javascript.frameworks.data.internal.ApiGraphModels
 import advanced_security.javascript.frameworks.ui5.UI5LogInjectionQuery
+import advanced_security.javascript.frameworks.ui5.dataflow.DataFlow::UI5PathGraph
 
 class ClientRequestInjectionVector extends DataFlow::Node {
   ClientRequestInjectionVector() {
@@ -84,9 +85,9 @@ module UI5LogEntryToHttp implements DataFlow::ConfigSig {
   predicate isSink(DataFlow::Node node) { node instanceof ClientRequestInjectionVector }
 }
 
-import DataFlow::PathGraph
-
-from UI5LogEntryToHttp cfg, DataFlow::PathNode source, DataFlow::PathNode sink
-where cfg.hasFlowPath(source, sink)
-select sink, source, sink, "Outbound network request depends on $@ log data.", source,
+from UI5LogEntryToHttp cfg, UI5PathNode source, UI5PathNode sink, UI5PathNode primarySource
+where
+  cfg.hasFlowPath(source.getPathNode(), sink.getPathNode()) and
+  primarySource = source.getAPrimarySource()
+select sink, primarySource, sink, "Outbound network request depends on $@ log data.", primarySource,
   "user-provided"

javascript/frameworks/ui5/test/queries/UI5LogInjection/log-entry-flows-to-sinks/UI5UnsafeLogAccess.expected

@@ -1,21 +1,21 @@
 WARNING: type 'LogInjectionConfiguration' has been deprecated and may be removed in future (UI5UnsafeLogAccess.ql:18,44-83)
 nodes
-| webapp/controller/app.controller.js:8:11:8:21 | input: null |
-| webapp/controller/app.controller.js:14:13:14:48 | input |
-| webapp/controller/app.controller.js:14:21:14:48 | oModel. ... input") |
-| webapp/controller/app.controller.js:15:30:15:34 | input |
+| webapp/controller/app.controller.js:11:11:11:21 | input: null |
+| webapp/controller/app.controller.js:17:13:17:48 | input |
+| webapp/controller/app.controller.js:17:21:17:48 | oModel. ... input") |
+| webapp/controller/app.controller.js:18:30:18:34 | input |
 | webapp/view/app.view.xml:5:5:7:28 | value={/input} |
 | webapp/view/app.view.xml:8:5:8:37 | content={/output} |
 edges
-| webapp/controller/app.controller.js:8:11:8:21 | input: null | webapp/controller/app.controller.js:14:21:14:48 | oModel. ... input") |
-| webapp/controller/app.controller.js:8:11:8:21 | input: null | webapp/view/app.view.xml:5:5:7:28 | value={/input} |
-| webapp/controller/app.controller.js:9:11:9:22 | output: null | webapp/view/app.view.xml:8:5:8:37 | content={/output} |
-| webapp/controller/app.controller.js:11:22:11:41 | new JSONModel(oData) | webapp/view/app.view.xml:8:5:8:37 | content={/output} |
-| webapp/controller/app.controller.js:14:13:14:48 | input | webapp/controller/app.controller.js:15:30:15:34 | input |
-| webapp/controller/app.controller.js:14:21:14:48 | oModel. ... input") | webapp/controller/app.controller.js:14:13:14:48 | input |
-| webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/controller/app.controller.js:8:11:8:21 | input: null |
-| webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/controller/app.controller.js:11:22:11:41 | new JSONModel(oData) |
-| webapp/view/app.view.xml:8:5:8:37 | content={/output} | webapp/controller/app.controller.js:9:11:9:22 | output: null |
+| webapp/controller/app.controller.js:11:11:11:21 | input: null | webapp/controller/app.controller.js:17:21:17:48 | oModel. ... input") |
+| webapp/controller/app.controller.js:11:11:11:21 | input: null | webapp/view/app.view.xml:5:5:7:28 | value={/input} |
+| webapp/controller/app.controller.js:12:11:12:22 | output: null | webapp/view/app.view.xml:8:5:8:37 | content={/output} |
+| webapp/controller/app.controller.js:14:22:14:41 | new JSONModel(oData) | webapp/view/app.view.xml:8:5:8:37 | content={/output} |
+| webapp/controller/app.controller.js:17:13:17:48 | input | webapp/controller/app.controller.js:18:30:18:34 | input |
+| webapp/controller/app.controller.js:17:21:17:48 | oModel. ... input") | webapp/controller/app.controller.js:17:13:17:48 | input |
+| webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/controller/app.controller.js:11:11:11:21 | input: null |
+| webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/controller/app.controller.js:14:22:14:41 | new JSONModel(oData) |
+| webapp/view/app.view.xml:8:5:8:37 | content={/output} | webapp/controller/app.controller.js:12:11:12:22 | output: null |
 #select
-| webapp/utils/CustomLogListener.js:9:29:9:34 | oEvent | webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/controller/app.controller.js:15:30:15:34 | input | Accessed log entries depend on $@. | webapp/view/app.view.xml:5:5:7:28 | value={/input} | user-provided data |
-| webapp/utils/LogEntriesToHttp.js:7:23:7:41 | Log.getLogEntries() | webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/controller/app.controller.js:15:30:15:34 | input | Accessed log entries depend on $@. | webapp/view/app.view.xml:5:5:7:28 | value={/input} | user-provided data |
+| webapp/utils/CustomLogListener.js:9:29:9:34 | oEvent | webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/controller/app.controller.js:18:30:18:34 | input | Accessed log entries depend on $@. | webapp/view/app.view.xml:5:5:7:28 | value={/input} | user-provided data |
+| webapp/utils/LogEntriesToHttp.js:7:23:7:41 | Log.getLogEntries() | webapp/view/app.view.xml:5:5:7:28 | value={/input} | webapp/controller/app.controller.js:18:30:18:34 | input | Accessed log entries depend on $@. | webapp/view/app.view.xml:5:5:7:28 | value={/input} | user-provided data |