diff --git a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/BindingStringParser.qll b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/BindingStringParser.qll index 9d9d103ae..629d76365 100644 --- a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/BindingStringParser.qll +++ b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/BindingStringParser.qll @@ -839,10 +839,10 @@ module BindingStringParser { then exists(BindingPathComponentList tail | mkBindingPathComponentList(getNextSkippingWhitespace(nextToken), tail, last) and - list = MkConstBindingPathComponentList(name, tail, first) + list = MkConstBindingPathComponentList(name, tail) ) else ( - list = MkConstBindingPathComponentList(name, MkEmptyBindingPathComponentList(), first) and + list = MkConstBindingPathComponentList(name, MkEmptyBindingPathComponentList()) and last = name ) ) @@ -850,7 +850,7 @@ module BindingStringParser { private newtype TBindingPathComponentList = MkEmptyBindingPathComponentList() or - MkConstBindingPathComponentList(NameToken headToken, BindingPathComponentList tail, Token source) { + MkConstBindingPathComponentList(NameToken headToken, BindingPathComponentList tail) { exists(Token nextToken | nextToken = getNextSkippingWhitespace(headToken) | if nextToken instanceof ForwardSlashToken or nextToken instanceof DotToken then mkBindingPathComponentList(getNextSkippingWhitespace(nextToken), tail, _) @@ -863,18 +863,16 @@ module BindingStringParser { this = MkEmptyBindingPathComponentList() and result = "" or exists(NameToken head, BindingPathComponentList tail | - this = MkConstBindingPathComponentList(head, tail, _) and + this = MkConstBindingPathComponentList(head, tail) and if tail instanceof MkEmptyBindingPathComponentList then result = head.toString() else result = head.toString() + "/" + tail.toString() ) } - NameToken getHead() { this = MkConstBindingPathComponentList(result, _, _) } + NameToken getHead() { this = MkConstBindingPathComponentList(result, _) } - BindingPathComponentList getTail() { this = MkConstBindingPathComponentList(_, result, _) } - - Token getSource() { this = MkConstBindingPathComponentList(_, _, result) } + BindingPathComponentList getTail() { this = MkConstBindingPathComponentList(_, result) } } predicate mkAbsoluteBindingPath(Token first, BindingPath path, Token last) { diff --git a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/Bindings.qll b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/Bindings.qll index 032d41a87..b03048dd6 100644 --- a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/Bindings.qll +++ b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/Bindings.qll @@ -4,6 +4,7 @@ import javascript import advanced_security.javascript.frameworks.ui5.BindingStringParser as MakeBindingStringParser +import advanced_security.javascript.frameworks.ui5.UI5View private class ContextBindingAttribute extends XmlAttribute { ContextBindingAttribute() { this.getName() = "binding" } @@ -15,8 +16,12 @@ private class ContextBindingAttribute extends XmlAttribute { // TODO: add support for binding strings in strings such as `description: "Some {/description}"` private newtype TBindingString = TBindingStringFromLiteral(StringLiteral stringLiteral) { stringLiteral.getValue().matches("{%}") } or - TBindingStringFromXmlAttribute(XmlAttribute attribute) { attribute.getValue().matches("{%}") } or + TBindingStringFromXmlAttribute(XmlAttribute attribute) { + attribute.getLocation().getFile() instanceof UI5View and + attribute.getValue().matches("{%}") + } or TBindingStringFromJsonProperty(JsonObject object, string propertyName) { + object.getFile() instanceof UI5View and object.getPropStringValue(propertyName).matches("{%}") } or TBindingStringFromBindElementMethodCall(BindElementMethodCallNode bindElement) { diff --git a/javascript/frameworks/ui5/test/lib/Bindings/Bindings.expected b/javascript/frameworks/ui5/test/lib/Bindings/Bindings.expected index 6620e64ca..94372d340 100644 --- a/javascript/frameworks/ui5/test/lib/Bindings/Bindings.expected +++ b/javascript/frameworks/ui5/test/lib/Bindings/Bindings.expected @@ -1,22 +1,22 @@ -| test.html:5:11:5:31 | XML property binding: data-value to {/input} | -| test.html:8:11:8:33 | XML property binding: data-content to {/input} | | test.js:10:20:10:33 | Early JavaScript property binding: value to "{/root/name}" | | test.js:21:28:21:34 | JavaScript context binding: oInput to "/root" | | test.js:23:38:23:43 | Late JavaScript property binding: value to "name" | | test.js:27:19:33:12 | Early JavaScript property binding: value to {\\n ... } | | test.js:38:48:44:9 | Late JavaScript property binding: value to {\\n ... } | | test.js:48:19:48:42 | Early JavaScript property binding: text to "{/#foo ... label}" | -| test.json:5:9:22:9 | JSON property binding: items to {/Base} | -| test.json:11:17:16:17 | JSON property binding: value to {input} | -| test.json:17:17:20:17 | JSON property binding: content to {path : /input, formatter : ".valueFormatter"} | -| test.xml:2:5:2:28 | XML property binding: value to {foo} | -| test.xml:3:5:3:29 | XML property binding: value to {/foo} | -| test.xml:4:5:4:34 | XML property binding: value to {model>foo} | -| test.xml:5:5:5:35 | XML property binding: value to {model>/foo} | -| test.xml:6:5:8:29 | XML context binding: binding to {/root} | -| test.xml:6:5:8:29 | XML property binding: value to {foo} | -| test.xml:9:5:9:70 | XML property binding: value to {path : foo, type : "sap.ui.model.type.String"} | -| test.xml:10:5:10:71 | XML property binding: value to {path : /foo, type : "sap.ui.model.type.String"} | -| test.xml:11:5:11:77 | XML property binding: value to {path : model>/foo, type : "sap.ui.model.type.String"} | -| test.xml:12:5:12:76 | XML property binding: value to {path : model>foo, type : "sap.ui.model.type.String"} | -| test.xml:14:5:22:45 | XML property binding: value to {parts : [{path : foo}, {path : bar/baz}, {path : quux}], formatter : "some.formatter"} | +| test.view.html:5:11:5:31 | XML property binding: data-value to {/input} | +| test.view.html:8:11:8:33 | XML property binding: data-content to {/input} | +| test.view.json:5:9:22:9 | JSON property binding: items to {/Base} | +| test.view.json:11:17:16:17 | JSON property binding: value to {input} | +| test.view.json:17:17:20:17 | JSON property binding: content to {path : /input, formatter : ".valueFormatter"} | +| test.view.xml:2:5:2:28 | XML property binding: value to {foo} | +| test.view.xml:3:5:3:29 | XML property binding: value to {/foo} | +| test.view.xml:4:5:4:34 | XML property binding: value to {model>foo} | +| test.view.xml:5:5:5:35 | XML property binding: value to {model>/foo} | +| test.view.xml:6:5:8:29 | XML context binding: binding to {/root} | +| test.view.xml:6:5:8:29 | XML property binding: value to {foo} | +| test.view.xml:9:5:9:70 | XML property binding: value to {path : foo, type : "sap.ui.model.type.String"} | +| test.view.xml:10:5:10:71 | XML property binding: value to {path : /foo, type : "sap.ui.model.type.String"} | +| test.view.xml:11:5:11:77 | XML property binding: value to {path : model>/foo, type : "sap.ui.model.type.String"} | +| test.view.xml:12:5:12:76 | XML property binding: value to {path : model>foo, type : "sap.ui.model.type.String"} | +| test.view.xml:14:5:22:45 | XML property binding: value to {parts : [{path : foo}, {path : bar/baz}, {path : quux}], formatter : "some.formatter"} | diff --git a/javascript/frameworks/ui5/test/lib/Bindings/test.html b/javascript/frameworks/ui5/test/lib/Bindings/test.view.html similarity index 100% rename from javascript/frameworks/ui5/test/lib/Bindings/test.html rename to javascript/frameworks/ui5/test/lib/Bindings/test.view.html diff --git a/javascript/frameworks/ui5/test/lib/Bindings/test.json b/javascript/frameworks/ui5/test/lib/Bindings/test.view.json similarity index 100% rename from javascript/frameworks/ui5/test/lib/Bindings/test.json rename to javascript/frameworks/ui5/test/lib/Bindings/test.view.json diff --git a/javascript/frameworks/ui5/test/lib/Bindings/test.xml b/javascript/frameworks/ui5/test/lib/Bindings/test.view.xml similarity index 100% rename from javascript/frameworks/ui5/test/lib/Bindings/test.xml rename to javascript/frameworks/ui5/test/lib/Bindings/test.view.xml