-
Notifications
You must be signed in to change notification settings - Fork 1.9k
JS: Modeling of aws-sdk clients*
#20135
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
Show all changes
20 commits
Select commit
Hold shift + click to select a range
0a3343a
Added test cases for v2 and v3 sql injection of dynamodb
Napalys ae2e8b1
Added modeling of dynamodb v3 for sql injections
Napalys 06ab918
Added modeling for V2 of dynamoDB
Napalys 1149617
Added change note
Napalys 5e6118e
Added test cases for client-s v2 and v3 sql injection
Napalys ee1af43
Added modeling of client-s3 v2 and v3
Napalys af97b0e
Added test cases for athena v2 and v3 for sql injections
Napalys 0e6bac7
Added modeling of athena v2 and v3 for sql injections
Napalys 5b5c171
Added test cases for client-rds-data for sql injections
Napalys e5f0285
Added modeling of rds v2 and v3 for sql injections
Napalys 93d9ae7
Updated change note
Napalys 5b31350
Added tests and modeling of database-access-result
Napalys 9beac51
Unified aws-db modeling into singular file
Napalys 801a34f
Moved typeModel at the start of the file
Napalys b89e70b
Added test cases for aws sources
Napalys 872b6d8
Added test case for `CreatePreparedStatementCommand`
Napalys 9ca4773
Added modeling for `CreatePreparedStatementCommand`
Napalys 10f3a83
Fixed model type names
Napalys 4df8db0
Renamed `AWS-V3-Common` to `@aws-sdk/client.Client`
Napalys ca667b5
JS: fix test expectations from rebasing
Napalys File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,4 @@ | ||
| --- | ||
| category: minorAnalysis | ||
| --- | ||
| * Added support for the `aws-sdk` and `@aws-sdk/client-dynamodb`, `@aws-sdk/client-athena`, `@aws-sdk/client-s3`, and `@aws-sdk/client-rds-data` packages. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,52 @@ | ||
| extensions: | ||
| - addsTo: | ||
| pack: codeql/javascript-all | ||
| extensible: typeModel | ||
| data: | ||
| - ["aws-sdk.Athena", "aws-sdk", "Member[Athena]"] | ||
| - ["aws-sdk.S3", "aws-sdk", "Member[S3]"] | ||
| - ["aws-sdk.RDSDataService", "aws-sdk", "Member[RDSDataService]"] | ||
| - ["aws-sdk.DynamoDB", "aws-sdk", "Member[DynamoDB]"] | ||
| - ["@aws-sdk/client.Client", "@aws-sdk/client-athena", "Member[AthenaClient]"] | ||
| - ["@aws-sdk/client.Client", "@aws-sdk/client-s3", "Member[S3Client]"] | ||
| - ["@aws-sdk/client.Client", "@aws-sdk/client-dynamodb", "Member[DynamoDBClient,DynamoDB]"] | ||
| - ["@aws-sdk/client.Client", "@aws-sdk/client-rds-data", "Member[RDSDataClient]"] | ||
| - addsTo: | ||
| pack: codeql/javascript-all | ||
| extensible: sinkModel | ||
| data: | ||
| - ["aws-sdk", "AnyMember.Argument[0].Member[secretAccessKey,accessKeyId]", "credentials-key"] | ||
| - ["aws-sdk", "AnyMember.Member[secretAccessKey,accessKeyId]", "credentials-key"] | ||
| - ["aws-sdk", "Member[Credentials].Argument[0,1]", "credentials-key"] | ||
| - ["aws-sdk", "AnyMember.Argument[0].Member[secretAccessKey,accessKeyId]", "credentials-key"] | ||
| - ["aws-sdk", "AnyMember.Member[secretAccessKey,accessKeyId]", "credentials-key"] | ||
| - ["aws-sdk", "Member[Credentials].Argument[0,1]", "credentials-key"] | ||
| - ["@aws-sdk/client.Client", "ReturnValue.Member[send].Argument[0]", "sql-injection"] | ||
| - ["aws-sdk.Athena", "ReturnValue.Member[startQueryExecution,createNamedQuery,updateNamedQuery].Argument[0].Member[QueryString]", "sql-injection"] | ||
| - ["aws-sdk.S3", "ReturnValue.Member[selectObjectContent].Argument[0].Member[Expression]", "sql-injection"] | ||
| - ["aws-sdk.RDSDataService", "ReturnValue.Member[executeStatement,batchExecuteStatement].Argument[0].Member[sql]", "sql-injection"] | ||
| - ["aws-sdk.RDSDataService", "ReturnValue.Member[batchExecuteStatement].Argument[0].Member[parameterSets].ArrayElement.Member[sql]", "sql-injection"] | ||
| - ["aws-sdk.DynamoDB", "ReturnValue.Member[executeStatement].Argument[0].Member[Statement]", "sql-injection"] | ||
| - ["aws-sdk.DynamoDB", "ReturnValue.Member[batchExecuteStatement].Argument[0].Member[Statements].ArrayElement.Member[Statement]", "sql-injection"] | ||
| - addsTo: | ||
| pack: codeql/javascript-all | ||
| extensible: summaryModel | ||
| data: | ||
| - ["@aws-sdk/client-athena", "Member[StartQueryExecutionCommand,CreateNamedQueryCommand,UpdateNamedQueryCommand]", "Argument[0].Member[QueryString]", "ReturnValue", "taint"] | ||
| - ["@aws-sdk/client-athena", "Member[CreatePreparedStatementCommand]", "Argument[0].Member[QueryStatement]", "ReturnValue", "taint"] | ||
| - ["@aws-sdk/client-s3", "Member[SelectObjectContentCommand]", "Argument[0].Member[Expression]", "ReturnValue", "taint"] | ||
| - ["@aws-sdk/client-rds-data", "Member[ExecuteStatementCommand,BatchExecuteStatementCommand]", "Argument[0].Member[sql]", "ReturnValue", "taint"] | ||
| - ["@aws-sdk/client-rds-data", "Member[BatchExecuteStatementCommand]", "Argument[0].Member[parameterSets].ArrayElement.Member[sql]", "ReturnValue", "taint"] | ||
| - ["@aws-sdk/client-rds-data", "Member[ExecuteSqlCommand]", "Argument[0].Member[sqlStatements]", "ReturnValue", "taint"] | ||
| - ["@aws-sdk/client-dynamodb", "Member[ExecuteStatementCommand]", "Argument[0].Member[Statement]", "ReturnValue", "taint"] | ||
| - ["@aws-sdk/client-dynamodb", "Member[BatchExecuteStatementCommand]", "Argument[0].Member[Statements].ArrayElement.Member[Statement]", "ReturnValue", "taint"] | ||
| - addsTo: | ||
| pack: codeql/javascript-all | ||
| extensible: sourceModel | ||
| data: | ||
| - ["@aws-sdk/client.Client", "ReturnValue.Member[send].ReturnValue.Awaited", "database-access-result"] | ||
| - ["aws-sdk.Athena", "ReturnValue.Member[getQueryResults].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"] | ||
| - ["aws-sdk.Athena", "ReturnValue.Member[getQueryResults].Argument[1].Parameter[1]", "database-access-result"] | ||
| - ["aws-sdk.S3", "ReturnValue.Member[getObject].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"] | ||
| - ["aws-sdk.S3", "ReturnValue.Member[getObject].Argument[1].Parameter[1]", "database-access-result"] | ||
| - ["aws-sdk.RDSDataService", "ReturnValue.Member[executeStatement,batchExecuteStatement].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"] | ||
| - ["aws-sdk.RDSDataService", "ReturnValue.Member[executeStatement,batchExecuteStatement].Argument[1].Parameter[1]", "database-access-result"] | ||
| - ["aws-sdk.DynamoDB", "ReturnValue.Member[executeStatement,batchExecuteStatement,query,scan,getItem,batchGetItem].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"] | ||
| - ["aws-sdk.DynamoDB", "ReturnValue.Member[executeStatement,batchExecuteStatement,query,scan,getItem,batchGetItem].Argument[1].Parameter[1]", "database-access-result"] | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
[nitpick] The existing credentials-related sink models appear to be indented differently from the new entries. Consider maintaining consistent indentation throughout the file for better readability.