Improve UI5Xss detection for fragments_samples 1

[data-douser]

Purpose

Proposes changes to the UI5Xss.ql query implementation and associated unit tests in order to better detect provided UI5 XSS vulnerabilities as initially demonstrated in fragments_samples apps. This PR also builds on the philosophy of using MaD wherever possible, in accordance with #277 .

Summary of Changes

This pull request enhances the UI5 static analysis by adding support for recognizing and tracking the usage of the static Fragment.byId(viewId, controlId) pattern for control references. It also introduces a new test case to verify detection of XSS vulnerabilities involving this pattern. The changes improve the accuracy of control resolution in UI5 codebases and ensure security queries can detect vulnerabilities in more real-world scenarios.

Framework enhancements:

• Added a new FragmentModule class in UI5.qll to model static imports of the sap/ui/core/Fragment module, enabling tracking of static Fragment.byId() calls.
• Updated the ControlReference logic in UI5.qll to recognize both standard and static Fragment.byId(viewId, controlId) usages, extracting the correct control ID argument for both cases. [1] [2]
• Enhanced the UI5Control.getAReference() method in UI5View.qll to support matching controls referenced via either standard or static byId calls, handling the different argument positions.
• Updated the UI5 model extensions to include the static Fragment.byId() API for control resolution.

Testing improvements:

• Added a new test case (xss-fragment-static-byid) with a sample UI5 application demonstrating an XSS vulnerability via Fragment.byId(), including all supporting files, expected results, and configuration. [1] [2] [3] [4] [5] [6] [7] [8] [9] [10]