Skip to content

Add test cases ui5/webcomponents-react explore #244

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft
wants to merge 4 commits into
base: main
Choose a base branch
from
Draft

Add test cases ui5/webcomponents-react explore #244

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
56bc60e
Add test cases ui5/webcomponents-react explore
knewbury01 Oct 9, 2025
4c2351f
Add event target value source to test cases
knewbury01 Oct 20, 2025
7a51865
Fix test case to include previously missing handler
knewbury01 Oct 20, 2025
3ca167d
Update test cases inline docs and test case and expected result
knewbury01 Oct 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
17 changes: 17 additions & 0 deletions javascript/frameworks/ui5/src/Diagnostics/InvestigateReact.ql
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,17 @@
/**
* @name List properties of react modelling
* @description List properties of react modelling
* @ kind problem
* @problem.severity info
* @precision high
* @id js/ui5-investigate-react
* @tags diagnostics
*/

import javascript
import semmle.javascript.security.dataflow.XssThroughDomQuery
import semmle.javascript.security.dataflow.XssThroughDomCustomizations

from DataFlow::Node source
where source instanceof XssThroughDom::Source
select source, ""
38 changes: 38 additions & 0 deletions javascript/frameworks/ui5/test/models/source-react/controlledcomponent.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
import { Input, Button } from '@ui5/webcomponents-react';
import { useRef, useState } from 'react';
import type { InputDomRef } from '@ui5/webcomponents-react';

function ControlledComponent( { props }) {
const inputRef1 = useRef < InputDomRef > (null);
const [inputRef2, setInputValue] = useState('');

const handleButtonPress1 = () => {
// Access the input value via the hook
console.log('Current input value:', inputRef1.current.value); // SOURCE - not detected
};

const handleButtonPress2 = event => {
setInputValue(event.target.value); // SOURCE - detected
console.log('Current input value:', inputRef2); // not directly a source
};

return (
<div>
<Input
ref={inputRef1}
placeholder="Enter some text"
/>
<Button onClick={handleButtonPress1}>
Get Input Value
</Button>
<Input
placeholder="Enter some text"
value={inputRef2}
/>
<Button onClick={handleButtonPress2}>
Get Input Value
</Button>
</div>
);
}

16 changes: 16 additions & 0 deletions javascript/frameworks/ui5/test/models/source-react/functionalcomponentsetstate.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,16 @@
import React, { useState } from 'react';

function MyFunctionalComponent({ props }) {
const [count, setState] = useState({ count: 0 });

const handleClick = event => {
setState({ count: event.target.value + 1 }); // SOURCE - detected as event.target.value
console.log('Current input value:', count);
};

return (
<div>
<input value={count.count} onChange={handleClick}></input>
</div>
);
}
20 changes: 20 additions & 0 deletions javascript/frameworks/ui5/test/models/source-react/propscomponents.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
import { Input } from '@ui5/webcomponents-react';

// normal react component props
function ChildComponent({ value }) { // SOURCE

console.log('Input finalized with value:', value);

return (
<div>
<Input
placeholder={value}
/>
</div>
);
}

function ParentComponent() {
const data = "Hello from Parent";
return <ChildComponent value={data} />;
}
3 changes: 3 additions & 0 deletions javascript/frameworks/ui5/test/models/source-react/sourceTest.expected
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
| controlledcomponent.tsx:15:23:15:40 | event.target.value | |
| functionalcomponentsetstate.tsx:7:23:7:40 | event.target.value | |
| uncontrolledcomponent.tsx:9:24:9:41 | event.target.value | |
1 change: 1 addition & 0 deletions javascript/frameworks/ui5/test/models/source-react/sourceTest.qlref
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
Diagnostics/InvestigateReact.ql
25 changes: 25 additions & 0 deletions javascript/frameworks/ui5/test/models/source-react/uncontrolledcomponent.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
import { Input, Button } from '@ui5/webcomponents-react';
import type { InputDomRef } from '@ui5/webcomponents-react';
import type { Ui5CustomEvent } from '@ui5/webcomponents-react-base';

function UncontrolledComponent({ props }) {

//direct event value access, no hook/react specific function
const handleClick = (event: Ui5CustomEvent<InputDomRef>) => {
const finalValue = event.target.value; // SOURCE - detected
console.log('Input finalized with value:', finalValue);
};

return (
<div>
<Input
placeholder="Enter some text"
onChange={handleClick}
/>
<Button>
Get Input Value
</Button>
</div>
);
}