Update test cases inline docs and test case and expected result

knewbury01 · knewbury01 · commit 3ca167d7ffd6 · 2025-10-21T14:31:54.000-04:00
diff --git a/javascript/frameworks/ui5/src/Diagnostics/InvestigateReact.ql b/javascript/frameworks/ui5/src/Diagnostics/InvestigateReact.ql
@@ -9,7 +9,9 @@
  */
 
 import javascript
-import semmle.javascript.frameworks.React
+import semmle.javascript.security.dataflow.XssThroughDomQuery
+import semmle.javascript.security.dataflow.XssThroughDomCustomizations
 
-from ViewComponentInput v
-select v, v.getSourceType()
+from DataFlow::Node source
+where source instanceof XssThroughDom::Source
+select source, ""
diff --git a/javascript/frameworks/ui5/test/models/source-react/controlledcomponent.tsx b/javascript/frameworks/ui5/test/models/source-react/controlledcomponent.tsx
@@ -8,12 +8,12 @@ function ControlledComponent( { props }) {
 
     const handleButtonPress1 = () => {
         // Access the input value via the hook
-            console.log('Current input value:', inputRef1.current.value); // SOURCE
+            console.log('Current input value:', inputRef1.current.value); // SOURCE - not detected
     };
 
     const handleButtonPress2 = event => {
-        setInputValue(event.target.value); // SOURCE
-        console.log('Current input value:', inputRef2);  // SOURCE - only because of setInputValue
+        setInputValue(event.target.value); // SOURCE - detected
+        console.log('Current input value:', inputRef2);  // not directly a source
     };
 
     return (
diff --git a/javascript/frameworks/ui5/test/models/source-react/functionalcomponentsetstate.tsx b/javascript/frameworks/ui5/test/models/source-react/functionalcomponentsetstate.tsx
@@ -4,7 +4,7 @@ function MyFunctionalComponent({ props }) {
   const [count, setState] = useState({ count: 0 });
 
   const handleClick = event => {
-    setState({ count: event.target.value + 1 }); // Directly update the state
+    setState({ count: event.target.value + 1 }); // SOURCE - detected as event.target.value
     console.log('Current input value:', count);
   };
 
diff --git a/javascript/frameworks/ui5/test/models/source-react/sourceTest.expected b/javascript/frameworks/ui5/test/models/source-react/sourceTest.expected
@@ -0,0 +1,3 @@
+| controlledcomponent.tsx:15:23:15:40 | event.target.value |  |
+| functionalcomponentsetstate.tsx:7:23:7:40 | event.target.value |  |
+| uncontrolledcomponent.tsx:9:24:9:41 | event.target.value |  |
diff --git a/javascript/frameworks/ui5/test/models/source-react/uncontrolledcomponent.tsx b/javascript/frameworks/ui5/test/models/source-react/uncontrolledcomponent.tsx
@@ -6,7 +6,7 @@ function UncontrolledComponent({ props }) {
 
   //direct event value access, no hook/react specific function
   const handleClick = (event: Ui5CustomEvent<InputDomRef>) => {
-    const finalValue = event.target.value; // SOURCE
+    const finalValue = event.target.value; // SOURCE - detected
     console.log('Input finalized with value:', finalValue);
   };
 

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+\| controlledcomponent.tsx:15:23:15:40 \| event.target.value \| \|`
	`2`	`+\| functionalcomponentsetstate.tsx:7:23:7:40 \| event.target.value \| \|`
	`3`	`+\| uncontrolledcomponent.tsx:9:24:9:41 \| event.target.value \| \|`