JS: Port DomBasedXss

javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.expected

@@ -0,0 +1,3 @@
+| query-tests/Security/CWE-079/DomBasedXss/sanitiser.js:25 | did not expect an alert, but found an alert for HtmlInjection | OK | ConsistencyConfig |
+| query-tests/Security/CWE-079/DomBasedXss/sanitiser.js:28 | did not expect an alert, but found an alert for HtmlInjection | OK | ConsistencyConfig |
+| query-tests/Security/CWE-079/DomBasedXss/sanitiser.js:35 | did not expect an alert, but found an alert for HtmlInjection | OK | ConsistencyConfig |

javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/ConsistencyDomBasedXss.ql

@@ -1,3 +1,9 @@
 import javascript
 import testUtilities.ConsistencyChecking
-import semmle.javascript.security.dataflow.DomBasedXssQuery as DomXss
+import semmle.javascript.security.dataflow.DomBasedXssQuery
+
+class ConsistencyConfig extends ConsistencyConfiguration {
+  ConsistencyConfig() { this = "ConsistencyConfig" }
+
+  override DataFlow::Node getAnAlert() { DomBasedXssFlow::flow(_, result) }
+}

javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.ql

@@ -13,11 +13,13 @@
 
 import javascript
 import semmle.javascript.security.dataflow.DomBasedXssQuery
-import DataFlow::PathGraph
+import DataFlow::DeduplicatePathGraph<DomBasedXssFlow::PathNode, DomBasedXssFlow::PathGraph>
 import semmle.javascript.heuristics.AdditionalSources
 
-from DataFlow::Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
-where cfg.hasFlowPath(source, sink) and source.getNode() instanceof HeuristicSource
+from PathNode source, PathNode sink
+where
+  DomBasedXssFlow::flowPath(source.getAnOriginalPathNode(), sink.getAnOriginalPathNode()) and
+  source.getNode() instanceof HeuristicSource
 select sink.getNode(), source, sink,
   sink.getNode().(Sink).getVulnerabilityKind() + " vulnerability due to $@.", source.getNode(),
   "user-provided value"