Add dot.jssupport

Co-authored-by: Kevin Stubbings <[email protected]>

Author: jorgectf

javascript/extractor/src/com/semmle/js/extractor/FileExtractor.java

@@ -103,7 +103,7 @@ private static int skipBOM(byte[] bytes, int length) {
 
   /** Information about supported file types. */
   public static enum FileType {
-    HTML(".htm", ".html", ".xhtm", ".xhtml", ".vue", ".hbs", ".ejs", ".njk", ".erb") {
+    HTML(".htm", ".html", ".xhtm", ".xhtml", ".vue", ".hbs", ".ejs", ".njk", ".erb", ".dot") {
       @Override
       public IExtractor mkExtractor(ExtractorConfig config, ExtractorState state) {
         return new HTMLExtractor(config, state);

javascript/ql/lib/semmle/javascript/frameworks/Templating.qll

@@ -580,6 +580,22 @@ module Templating {
     override string getAPackageName() { result = "ejs" }
   }
 
+  /**
+   * doT-style syntax, using `{{! }}` for safe interpolation, and `{{= }}` for
+   * unsafe interpolation.
+   */
+  private class DotStyleSyntax extends TemplateSyntax {
+    DotStyleSyntax() { this = "dot" }
+
+    override string getRawInterpolationRegexp() { result = "(?s)\\{\\{!(.*?)\\}\\}" }
+
+    override string getEscapingInterpolationRegexp() { result = "(?s)\\{\\{=(.*?)\\}\\}" }
+
+    override string getAFileExtension() { result = "dot" }
+
+    override string getAPackageName() { result = "dot" }
+  }
+
   private TemplateSyntax getOwnTemplateSyntaxInFolder(Folder f) {
     exists(PackageDependencies deps |
       deps.getADependency(result.getAPackageName(), _) and

javascript/ql/test/library-tests/frameworks/Templating/app.js

@@ -66,3 +66,9 @@ app.get('/angularjs', (req, res) => {
         rawHtml: req.query.rawHtml,
     });
 });
+
+app.get('/dotjs', (req, res) => {
+    res.render('dot_sinks', {
+        tainted: req.query.foo,
+    });
+});

javascript/ql/test/library-tests/frameworks/Templating/views/dot_sinks.dot

@@ -0,0 +1,6 @@
+<html>
+    <body>
+        {{! tainted }}
+        {{= tainted }}
+    </body>
+</html>