Added tests and modeling of database-access-result

2026-04-29 10:45:15 +02:00 · 2025-07-29 16:28:35 +02:00
parent 93d9ae73b7
commit 5b31350e83
7 changed files with 168 additions and 1 deletions
--- a/javascript/ql/lib/change-notes/2025-07-28-dynamodb.md
+++ b/javascript/ql/lib/change-notes/2025-07-28-dynamodb.md
@@ -1,4 +1,4 @@
 ---
 category: minorAnalysis
 ---
-* Added support for the `aws-sdk` and `@aws-sdk/client-dynamodb`, `@aws-sdk/client-athena`, `@aws-sdk/client-s3`, and `@aws-sdk/client-rds-data` packages. This enables detection of SQL injection vulnerabilities in DynamoDB PartiQL operations, Athena queries, S3 select expressions, and RDS Data API calls.
+* Added support for the `aws-sdk` and `@aws-sdk/client-dynamodb`, `@aws-sdk/client-athena`, `@aws-sdk/client-s3`, and `@aws-sdk/client-rds-data` packages.
--- a/javascript/ql/lib/ext/athena.model.yml
+++ b/javascript/ql/lib/ext/athena.model.yml
@@ -19,3 +19,11 @@ extensions:
    data:
      - ["AthenaClientV3", "@aws-sdk/client-athena", "Member[AthenaClient]"]
      - ["AthenaClientV2", "aws-sdk", "Member[Athena]"]
+
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: sourceModel
+    data:
+      - ["AthenaClientV3", "ReturnValue.Member[send].ReturnValue.Awaited", "database-access-result"]
+      - ["AthenaClientV2", "ReturnValue.Member[getQueryResults].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"]
+      - ["AthenaClientV2", "ReturnValue.Member[getQueryResults].Argument[1].Parameter[1]", "database-access-result"]
--- a/javascript/ql/lib/ext/client-s3.model.yml
+++ b/javascript/ql/lib/ext/client-s3.model.yml
@@ -18,3 +18,11 @@ extensions:
    data:
      - ["S3ClientV3", "@aws-sdk/client-s3", "Member[S3Client]"]
      - ["S3ClientV2", "aws-sdk", "Member[S3]"]
+
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: sourceModel
+    data:
+      - ["S3ClientV3", "ReturnValue.Member[send].ReturnValue.Awaited", "database-access-result"]
+      - ["S3ClientV2", "ReturnValue.Member[getObject].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"]
+      - ["S3ClientV2", "ReturnValue.Member[getObject].Argument[1].Parameter[1]", "database-access-result"]
--- a/javascript/ql/lib/ext/dynamodb.model.yml
+++ b/javascript/ql/lib/ext/dynamodb.model.yml
@@ -20,3 +20,11 @@ extensions:
    data:
      - ["DynamoDBClientV3", "@aws-sdk/client-dynamodb", "Member[DynamoDBClient,DynamoDB]"]
      - ["DynamoDBClientV2", "aws-sdk", "Member[DynamoDB]"]
+
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: sourceModel
+    data:
+      - ["DynamoDBClientV3", "ReturnValue.Member[send].ReturnValue.Awaited", "database-access-result"]
+      - ["DynamoDBClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"]
+      - ["DynamoDBClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement].Argument[1].Parameter[1]", "database-access-result"]
--- a/javascript/ql/lib/ext/rds-client.model.yml
+++ b/javascript/ql/lib/ext/rds-client.model.yml
@@ -21,3 +21,11 @@ extensions:
    data:
      - ["RDSDataClientV3", "@aws-sdk/client-rds-data", "Member[RDSDataClient]"]
      - ["RDSDataClientV2", "aws-sdk", "Member[RDSDataService]"]
+
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: sourceModel
+    data:
+      - ["RDSDataClientV3", "ReturnValue.Member[send].ReturnValue.Awaited", "database-access-result"]
+      - ["RDSDataClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"]
+      - ["RDSDataClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement].Argument[1].Parameter[1]", "database-access-result"]