improve and fix bugs and add Form Flow Sources test files

javascript/ql/test/library-tests/frameworks/FormParsers/RemoteFlowSource.ql

@@ -0,0 +1,33 @@
+/**
+ * @name Remote Form Flow Sources
+ * @description Using remote user controlled sources from Forms
+ * @kind path-problem
+ * @problem.severity error
+ * @security-severity 5
+ * @precision high
+ * @id js/remote-flow-source
+ * @tags correctness
+ *       security
+ */
+
+import javascript
+import DataFlow::PathGraph
+
+/**
+ * A taint-tracking configuration for test
+ */
+class Configuration extends TaintTracking::Configuration {
+  Configuration() { this = "RemoteFlowSourcesOUserForm" }
+
+  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
+
+  override predicate isSink(DataFlow::Node sink) {
+    sink = API::moduleImport("sink").getAParameter().asSink() or
+    sink = API::moduleImport("sink").getReturn().asSource()
+  }
+}
+
+from Configuration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
+where cfg.hasFlowPath(source, sink)
+select sink.getNode(), source, sink, "This entity depends on a $@.", source.getNode(),
+  "user-provided value"