Model DF edge for sanitized HTML setContent->getContent

[mbaluda]

What This PR Contributes

This pull request improves the UI5 XSS detection, particularly around the tracking and sanitization of HTML content in UI5 controls.

• Adds support for tracking flows through setContent/getContent for UI5HTMLControl
• Model for control sanitization
• Adds a comprehensive test case to verify the new logic.

[Copilot]

Pull request overview

This pull request implements data flow modeling for UI5 HTML controls with sanitization support, specifically tracking taint flow from setContent to getContent method calls while accounting for the sanitizeContent property.

Changes:

• Adds comprehensive test cases demonstrating sanitized and unsanitized HTML control scenarios
• Implements barrier logic to block taint flow through sanitized HTML controls
• Adds flow step to propagate taint from setContent to getContent on unsanitized controls
• Enhances type model with control inheritance relationships and marks getContent as a remote source
• Improves setter name detection to check both control references and direct control instances

Reviewed changes

Copilot reviewed 12 out of 13 changed files in this pull request and generated 1 comment.

Show a summary per file

File	Description
javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-sanitized/webapp/view/app.view.xml	Adds XML view with sanitized HTML control binding
javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-sanitized/webapp/controller/app.controller.js	Test controller demonstrating sanitized vs unsanitized control behavior
javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-sanitized/webapp/manifest.json	Application manifest configuration
javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-sanitized/webapp/index.js	Application entry point
javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-sanitized/webapp/index.html	HTML bootstrap file
javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-sanitized/ui5.yaml	UI5 project configuration
javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-sanitized/package.json	NPM package configuration
javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-sanitized/package-lock.json	NPM lock file
javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-sanitized/UI5Xss.qlref	Query reference file
javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-sanitized/UI5Xss.expected	Expected query results showing proper detection of unsafe flows
javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5XssQuery.qll	Adds barrier for sanitized controls and flow step for unsanitized setContent->getContent; removes unused HTMLControlInstantiation class
javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5View.qll	Extends control detection to ModelOutput types, updates getQualifiedType to handle module imports, improves setter detection logic
javascript/frameworks/ui5/ext/ui5.model.yml	Adds Control type hierarchy and marks getContent return value as remote source

Files not reviewed (1)

• javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-sanitized/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

Pull request overview

Copilot reviewed 12 out of 14 changed files in this pull request and generated no new comments.

Files not reviewed (1)

• javascript/frameworks/ui5/test/queries/UI5Xss/xss-html-control-sanitized/package-lock.json: Language not supported

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[data-douser]

Verified that all UI5 unit tests pass and also tested against UI5 sample DBs.

LGTM! @mbaluda