JS: Add test with NgForm.value

Author: asgerf

javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/XssThroughDom.expected

@@ -1,10 +1,10 @@
 nodes
-| angular.ts:11:24:11:41 | event.target.value |
-| angular.ts:11:24:11:41 | event.target.value |
-| angular.ts:11:24:11:41 | event.target.value |
-| angular.ts:15:24:15:35 | target.value |
-| angular.ts:15:24:15:35 | target.value |
-| angular.ts:15:24:15:35 | target.value |
+| angular.ts:12:24:12:41 | event.target.value |
+| angular.ts:12:24:12:41 | event.target.value |
+| angular.ts:12:24:12:41 | event.target.value |
+| angular.ts:16:24:16:35 | target.value |
+| angular.ts:16:24:16:35 | target.value |
+| angular.ts:16:24:16:35 | target.value |
 | forms.js:8:23:8:28 | values |
 | forms.js:8:23:8:28 | values |
 | forms.js:9:31:9:36 | values |
@@ -171,8 +171,8 @@ nodes
 | xss-through-dom.js:159:34:159:52 | $("textarea").val() |
 | xss-through-dom.js:159:34:159:52 | $("textarea").val() |
 edges
-| angular.ts:11:24:11:41 | event.target.value | angular.ts:11:24:11:41 | event.target.value |
-| angular.ts:15:24:15:35 | target.value | angular.ts:15:24:15:35 | target.value |
+| angular.ts:12:24:12:41 | event.target.value | angular.ts:12:24:12:41 | event.target.value |
+| angular.ts:16:24:16:35 | target.value | angular.ts:16:24:16:35 | target.value |
 | forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values |
 | forms.js:8:23:8:28 | values | forms.js:9:31:9:36 | values |
 | forms.js:9:31:9:36 | values | forms.js:9:31:9:40 | values.foo |
@@ -281,8 +281,8 @@ edges
 | xss-through-dom.js:159:34:159:52 | $("textarea").val() | xss-through-dom.js:154:25:154:27 | msg |
 | xss-through-dom.js:159:34:159:52 | $("textarea").val() | xss-through-dom.js:154:25:154:27 | msg |
 #select
-| angular.ts:11:24:11:41 | event.target.value | angular.ts:11:24:11:41 | event.target.value | angular.ts:11:24:11:41 | event.target.value | $@ is reinterpreted as HTML without escaping meta-characters. | angular.ts:11:24:11:41 | event.target.value | DOM text |
-| angular.ts:15:24:15:35 | target.value | angular.ts:15:24:15:35 | target.value | angular.ts:15:24:15:35 | target.value | $@ is reinterpreted as HTML without escaping meta-characters. | angular.ts:15:24:15:35 | target.value | DOM text |
+| angular.ts:12:24:12:41 | event.target.value | angular.ts:12:24:12:41 | event.target.value | angular.ts:12:24:12:41 | event.target.value | $@ is reinterpreted as HTML without escaping meta-characters. | angular.ts:12:24:12:41 | event.target.value | DOM text |
+| angular.ts:16:24:16:35 | target.value | angular.ts:16:24:16:35 | target.value | angular.ts:16:24:16:35 | target.value | $@ is reinterpreted as HTML without escaping meta-characters. | angular.ts:16:24:16:35 | target.value | DOM text |
 | forms.js:9:31:9:40 | values.foo | forms.js:8:23:8:28 | values | forms.js:9:31:9:40 | values.foo | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:8:23:8:28 | values | DOM text |
 | forms.js:12:31:12:40 | values.bar | forms.js:11:24:11:29 | values | forms.js:12:31:12:40 | values.bar | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:11:24:11:29 | values | DOM text |
 | forms.js:25:23:25:34 | values.email | forms.js:24:15:24:20 | values | forms.js:25:23:25:34 | values.email | $@ is reinterpreted as HTML without escaping meta-characters. | forms.js:24:15:24:20 | values | DOM text |

javascript/ql/test/query-tests/Security/CWE-079/XssThroughDom/angular.ts

@@ -1,4 +1,5 @@
 import { Component } from "@angular/core";
+import { NgForm } from "@angular/forms";
 
 @Component({
     template: `
@@ -14,4 +15,8 @@ export class Foo {
     setInput2(target) {
         document.write(target.value); // NOT OK
     }
+
+    blah(form: NgForm) {
+        document.write(form.value.foo); // NOT OK [INCONSISTENCY]
+    }
 }