Merge pull request #161 from advanced-security/lcartey/remove-binding-path-cartesian-product

Remove cartesian product in `MkConstBindingPathComponentList`

Author: knewbury01

javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/BindingStringParser.qll

@@ -839,18 +839,18 @@ module BindingStringParser<BindingStringReaderSig BindingStringReader> {
       then
         exists(BindingPathComponentList tail |
           mkBindingPathComponentList(getNextSkippingWhitespace(nextToken), tail, last) and
-          list = MkConstBindingPathComponentList(name, tail, first)
+          list = MkConstBindingPathComponentList(name, tail)
         )
       else (
-        list = MkConstBindingPathComponentList(name, MkEmptyBindingPathComponentList(), first) and
+        list = MkConstBindingPathComponentList(name, MkEmptyBindingPathComponentList()) and
         last = name
       )
     )
   }
 
   private newtype TBindingPathComponentList =
     MkEmptyBindingPathComponentList() or
-    MkConstBindingPathComponentList(NameToken headToken, BindingPathComponentList tail, Token source) {
+    MkConstBindingPathComponentList(NameToken headToken, BindingPathComponentList tail) {
       exists(Token nextToken | nextToken = getNextSkippingWhitespace(headToken) |
         if nextToken instanceof ForwardSlashToken or nextToken instanceof DotToken
         then mkBindingPathComponentList(getNextSkippingWhitespace(nextToken), tail, _)
@@ -863,18 +863,16 @@ module BindingStringParser<BindingStringReaderSig BindingStringReader> {
       this = MkEmptyBindingPathComponentList() and result = ""
       or
       exists(NameToken head, BindingPathComponentList tail |
-        this = MkConstBindingPathComponentList(head, tail, _) and
+        this = MkConstBindingPathComponentList(head, tail) and
         if tail instanceof MkEmptyBindingPathComponentList
         then result = head.toString()
         else result = head.toString() + "/" + tail.toString()
       )
     }
 
-    NameToken getHead() { this = MkConstBindingPathComponentList(result, _, _) }
+    NameToken getHead() { this = MkConstBindingPathComponentList(result, _) }
 
-    BindingPathComponentList getTail() { this = MkConstBindingPathComponentList(_, result, _) }
-
-    Token getSource() { this = MkConstBindingPathComponentList(_, _, result) }
+    BindingPathComponentList getTail() { this = MkConstBindingPathComponentList(_, result) }
   }
 
   predicate mkAbsoluteBindingPath(Token first, BindingPath path, Token last) {

javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/Bindings.qll

@@ -4,6 +4,7 @@
 
 import javascript
 import advanced_security.javascript.frameworks.ui5.BindingStringParser as MakeBindingStringParser
+import advanced_security.javascript.frameworks.ui5.UI5View
 
 private class ContextBindingAttribute extends XmlAttribute {
   ContextBindingAttribute() { this.getName() = "binding" }
@@ -15,8 +16,12 @@ private class ContextBindingAttribute extends XmlAttribute {
 // TODO: add support for binding strings in strings such as `description: "Some {/description}"`
 private newtype TBindingString =
   TBindingStringFromLiteral(StringLiteral stringLiteral) { stringLiteral.getValue().matches("{%}") } or
-  TBindingStringFromXmlAttribute(XmlAttribute attribute) { attribute.getValue().matches("{%}") } or
+  TBindingStringFromXmlAttribute(XmlAttribute attribute) {
+    attribute.getLocation().getFile() instanceof UI5View and
+    attribute.getValue().matches("{%}")
+  } or
   TBindingStringFromJsonProperty(JsonObject object, string propertyName) {
+    object.getFile() instanceof UI5View and
     object.getPropStringValue(propertyName).matches("{%}")
   } or
   TBindingStringFromBindElementMethodCall(BindElementMethodCallNode bindElement) {

javascript/frameworks/ui5/test/lib/Bindings/Bindings.expected

@@ -1,22 +1,22 @@
-| test.html:5:11:5:31 | XML property binding: data-value to {/input} |
-| test.html:8:11:8:33 | XML property binding: data-content to {/input} |
 | test.js:10:20:10:33 | Early JavaScript property binding: value to "{/root/name}" |
 | test.js:21:28:21:34 | JavaScript context binding: oInput to "/root" |
 | test.js:23:38:23:43 | Late JavaScript property binding: value to "name" |
 | test.js:27:19:33:12 | Early JavaScript property binding: value to {\\n      ...       } |
 | test.js:38:48:44:9 | Late JavaScript property binding: value to {\\n      ...       } |
 | test.js:48:19:48:42 | Early JavaScript property binding: text to "{/#foo ... label}" |
-| test.json:5:9:22:9 | JSON property binding: items to {/Base} |
-| test.json:11:17:16:17 | JSON property binding: value to {input} |
-| test.json:17:17:20:17 | JSON property binding: content to {path : /input, formatter : ".valueFormatter"} |
-| test.xml:2:5:2:28 | XML property binding: value to {foo} |
-| test.xml:3:5:3:29 | XML property binding: value to {/foo} |
-| test.xml:4:5:4:34 | XML property binding: value to {model>foo} |
-| test.xml:5:5:5:35 | XML property binding: value to {model>/foo} |
-| test.xml:6:5:8:29 | XML context binding: binding to {/root} |
-| test.xml:6:5:8:29 | XML property binding: value to {foo} |
-| test.xml:9:5:9:70 | XML property binding: value to {path : foo, type : "sap.ui.model.type.String"} |
-| test.xml:10:5:10:71 | XML property binding: value to {path : /foo, type : "sap.ui.model.type.String"} |
-| test.xml:11:5:11:77 | XML property binding: value to {path : model>/foo, type : "sap.ui.model.type.String"} |
-| test.xml:12:5:12:76 | XML property binding: value to {path : model>foo, type : "sap.ui.model.type.String"} |
-| test.xml:14:5:22:45 | XML property binding: value to {parts : [{path : foo}, {path : bar/baz}, {path : quux}], formatter : "some.formatter"} |
+| test.view.html:5:11:5:31 | XML property binding: data-value to {/input} |
+| test.view.html:8:11:8:33 | XML property binding: data-content to {/input} |
+| test.view.json:5:9:22:9 | JSON property binding: items to {/Base} |
+| test.view.json:11:17:16:17 | JSON property binding: value to {input} |
+| test.view.json:17:17:20:17 | JSON property binding: content to {path : /input, formatter : ".valueFormatter"} |
+| test.view.xml:2:5:2:28 | XML property binding: value to {foo} |
+| test.view.xml:3:5:3:29 | XML property binding: value to {/foo} |
+| test.view.xml:4:5:4:34 | XML property binding: value to {model>foo} |
+| test.view.xml:5:5:5:35 | XML property binding: value to {model>/foo} |
+| test.view.xml:6:5:8:29 | XML context binding: binding to {/root} |
+| test.view.xml:6:5:8:29 | XML property binding: value to {foo} |
+| test.view.xml:9:5:9:70 | XML property binding: value to {path : foo, type : "sap.ui.model.type.String"} |
+| test.view.xml:10:5:10:71 | XML property binding: value to {path : /foo, type : "sap.ui.model.type.String"} |
+| test.view.xml:11:5:11:77 | XML property binding: value to {path : model>/foo, type : "sap.ui.model.type.String"} |
+| test.view.xml:12:5:12:76 | XML property binding: value to {path : model>foo, type : "sap.ui.model.type.String"} |
+| test.view.xml:14:5:22:45 | XML property binding: value to {parts : [{path : foo}, {path : bar/baz}, {path : quux}], formatter : "some.formatter"} |