Enhance remote flow sources for CAP #201
Merged
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
add test cases to cover cap event handler registrations that were previously missing add remote flow source type to cover more cases of event handler registration
javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CDS.qll
Outdated
Show resolved
Hide resolved
javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/RemoteFlowSources.qll
Outdated
Show resolved
Hide resolved
javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/RemoteFlowSources.qll
Outdated
Show resolved
Hide resolved
javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/RemoteFlowSources.qll
Outdated
Show resolved
Hide resolved
javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/RemoteFlowSources.qll
Outdated
Show resolved
Hide resolved
jeongsoolee09
requested changes
Jul 14, 2025
javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/RemoteFlowSources.qll
Outdated
Show resolved
Hide resolved
add more testcases for all entity spec scenarios add extra ability to know name in one case for ServiceinCDSHandlerParameterWithName
refactor remoteflowsources
javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/CDS.qll
Show resolved
Hide resolved
javascript/frameworks/cap/lib/advanced_security/javascript/frameworks/cap/RemoteFlowSources.qll
Outdated
Show resolved
Hide resolved
jeongsoolee09
requested changes
Jul 17, 2025
jeongsoolee09
approved these changes
Jul 17, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
New approach
This PR refactors the remoteflowsource types to a simpler type that captures explicit known exposed service handlers OR general event handlers that are registered but not necessarily tied to services
This PR also enhances unit tests for the different ways that handlers can be specified
Old (deprecated) approach
this PR aims to address the following previously missing scenarios:this.on ('UPDATE', '*', req => {...}))specifically the PR:
the current approach enumerates over service + event handler pairing cases and follows closely with the previous technique of adding remote flow sources as event handler request objects
an alternative potential approach would be to consider making
ServiceInstancemore responsible for its event handler registration (if we can assume that all/base service types may have event handlers) and then make their request object params exposed on the implementing types (and still extendRemoteFlowSource)this approach may be more assured to cover all ways of specifying services and their handlers/looks more generic
But may not make sense if many implementing types are redundant or do not indeed allow event handler registration