From f6b759dfe6d1bf647d6418b54e5b4a58c8fad3d3 Mon Sep 17 00:00:00 2001
From: Kristen Newbury <knewbury01@github.com>
Date: Tue, 2 Dec 2025 17:05:03 -0500
Subject: [PATCH 1/3] Restrict definition of ui5 xml control slightly

---
 .../lib/advanced_security/javascript/frameworks/ui5/UI5View.qll | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5View.qll b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5View.qll
index b7b57c7dc..5b7117803 100644
--- a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5View.qll
+++ b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5View.qll
@@ -684,7 +684,7 @@ class XmlView extends UI5View instanceof XmlFile {
 }
 
 private newtype TUI5Control =
-  TXmlControl(XmlElement control) or
+  TXmlControl(XmlElement control) { control.getFile().getName().matches("%.view.xml") } or
   TJsonControl(JsonObject control) {
     exists(JsonView view | control.getParent() = view.getRoot().getPropValue("content"))
   } or

From 5a3aed3aec23b844f1eb3a2c4f4a767d6280333b Mon Sep 17 00:00:00 2001
From: Kristen Newbury <knewbury01@github.com>
Date: Tue, 2 Dec 2025 17:17:27 -0500
Subject: [PATCH 2/3] Restrict definition of ui5 xml control slightly

---
 .../advanced_security/javascript/frameworks/ui5/UI5View.qll  | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5View.qll b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5View.qll
index 5b7117803..4fe2e0379 100644
--- a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5View.qll
+++ b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5View.qll
@@ -684,7 +684,10 @@ class XmlView extends UI5View instanceof XmlFile {
 }
 
 private newtype TUI5Control =
-  TXmlControl(XmlElement control) { control.getFile().getName().matches("%.view.xml") } or
+  TXmlControl(XmlElement control) {
+    control.getFile().getName().matches("%.view.xml") and
+    control.getNamespace().toString().matches("%sap%")
+  } or
   TJsonControl(JsonObject control) {
     exists(JsonView view | control.getParent() = view.getRoot().getPropValue("content"))
   } or

From 46c715d229ff30cb67df7515fa2faaf4ff5f853a Mon Sep 17 00:00:00 2001
From: Kristen Newbury <knewbury01@github.com>
Date: Wed, 3 Dec 2025 11:18:27 -0500
Subject: [PATCH 3/3] Remove more restrictive potentially false xml view
 control condition

---
 .../advanced_security/javascript/frameworks/ui5/UI5View.qll  | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5View.qll b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5View.qll
index 4fe2e0379..5b7117803 100644
--- a/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5View.qll
+++ b/javascript/frameworks/ui5/lib/advanced_security/javascript/frameworks/ui5/UI5View.qll
@@ -684,10 +684,7 @@ class XmlView extends UI5View instanceof XmlFile {
 }
 
 private newtype TUI5Control =
-  TXmlControl(XmlElement control) {
-    control.getFile().getName().matches("%.view.xml") and
-    control.getNamespace().toString().matches("%sap%")
-  } or
+  TXmlControl(XmlElement control) { control.getFile().getName().matches("%.view.xml") } or
   TJsonControl(JsonObject control) {
     exists(JsonView view | control.getParent() = view.getRoot().getPropValue("content"))
   } or