Added test cases for tanstack-vue useQueries.

Napalys · Napalys · commit 4917d64ce712 · 2025-03-13T12:45:05.000+01:00
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat/Xss.expected b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat/Xss.expected
@@ -130,3 +130,6 @@ nodes
 | testReactRelay.tsx:136:16:136:39 | readFra ... y, key) | semmle.label | readFra ... y, key) |
 | testReactRelay.tsx:137:50:137:53 | data | semmle.label | data |
 subpaths
+testFailures
+| testUseQueries2.vue:6:66:6:76 | // $ Source | Missing result: Source |
+| testUseQueries2.vue:35:32:35:46 | <!--$ Alert --> | Missing result: Alert |
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat/testUseQueries.vue b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat/testUseQueries.vue
@@ -0,0 +1,27 @@
+<script>
+import { useQueries } from "@tanstack/vue-query";
+
+export default {
+  data() {
+    const ids = [1, 2, 3]
+    const results = useQueries({
+    queries: ids.map((id) => ({
+        queryKey: ['post', id],
+        queryFn: async () => {
+            const response = await fetch("${id}"); // $ MISSING: Source
+            return response.json();
+        },
+        staleTime: Infinity,
+    })),
+    });
+    
+    return { data2 : results[0].data };
+  }
+}
+</script>
+
+<template>
+  <VueQueryClientProvider :client="queryClient">
+    <div v-html="data2"></div> <!--$ MISSING: Alert -->
+  </VueQueryClientProvider>
+</template>
diff --git a/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat/testUseQueries2.vue b/javascript/ql/test/query-tests/Security/CWE-079/DomBasedXssWithResponseThreat/testUseQueries2.vue
@@ -0,0 +1,37 @@
+<script>
+import { useQueries } from "@tanstack/vue-query";
+import { computed } from "vue";
+
+const fetchContent = async () => {
+    const response = await fetch("https://example.com/content"); // $ Source
+    const data = await response.json();
+    return data;
+};
+
+export default {
+  data() {
+    const results = useQueries({
+      queries: [
+        {
+          queryKey: ["post", 1],
+          queryFn: fetchContent,
+          staleTime: Infinity,
+        },
+        {
+          queryKey: ["post", 2],
+          queryFn: () => fetchPost(2),
+          staleTime: Infinity,
+        },
+      ],
+    });
+
+    return { data3 : results[0].data };
+  },
+};
+</script>
+
+<template>
+  <VueQueryClientProvider :client="queryClient">
+    <div v-html="data3"></div> <!--$ Alert -->
+  </VueQueryClientProvider>
+</template>
