hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity

Unified aws-db modeling into singular file

Browse Source
This commit is contained in:
Napalys Klicius
2025-07-29 16:50:42 +02:00
parent 5b31350e83
commit 9beac51586
5 changed files with 46 additions and 121 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
javascript/ql/lib/ext/athena.model.yml
View File

@@ -1,29 +0,0 @@
extensions:
- addsTo:
pack: codeql/javascript-all
extensible: sinkModel
data:
- ["AthenaClientV3", "ReturnValue.Member[send].Argument[0]", "sql-injection"]
- ["AthenaClientV2", "ReturnValue.Member[startQueryExecution,createNamedQuery,updateNamedQuery].Argument[0].Member[QueryString]", "sql-injection"]
- addsTo:
pack: codeql/javascript-all
extensible: summaryModel
data:
- ["@aws-sdk/client-athena", "Member[StartQueryExecutionCommand,CreateNamedQueryCommand,UpdateNamedQueryCommand]", "Argument[0].Member[QueryString]", "ReturnValue", "taint"]
- addsTo:
pack: codeql/javascript-all
extensible: typeModel
data:
- ["AthenaClientV3", "@aws-sdk/client-athena", "Member[AthenaClient]"]
- ["AthenaClientV2", "aws-sdk", "Member[Athena]"]
- addsTo:
pack: codeql/javascript-all
extensible: sourceModel
data:
- ["AthenaClientV3", "ReturnValue.Member[send].ReturnValue.Awaited", "database-access-result"]
- ["AthenaClientV2", "ReturnValue.Member[getQueryResults].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"]
- ["AthenaClientV2", "ReturnValue.Member[getQueryResults].Argument[1].Parameter[1]", "database-access-result"]

49
javascript/ql/lib/ext/aws-sdk.model.yml
View File

@@ -3,6 +3,49 @@ extensions:
pack: codeql/javascript-all
extensible: sinkModel
data:
- ["aws-sdk", "AnyMember.Argument[0].Member[secretAccessKey,accessKeyId]", "credentials-key"]
- ["aws-sdk", "AnyMember.Member[secretAccessKey,accessKeyId]", "credentials-key"]
- ["aws-sdk", "Member[Credentials].Argument[0,1]", "credentials-key"]
- ["aws-sdk", "AnyMember.Argument[0].Member[secretAccessKey,accessKeyId]", "credentials-key"]
- ["aws-sdk", "AnyMember.Member[secretAccessKey,accessKeyId]", "credentials-key"]
- ["aws-sdk", "Member[Credentials].Argument[0,1]", "credentials-key"]
- ["AWS-V3-Common", "ReturnValue.Member[send].Argument[0]", "sql-injection"]
- ["AthenaClientV2", "ReturnValue.Member[startQueryExecution,createNamedQuery,updateNamedQuery].Argument[0].Member[QueryString]", "sql-injection"]
- ["S3ClientV2", "ReturnValue.Member[selectObjectContent].Argument[0].Member[Expression]", "sql-injection"]
- ["RDSDataClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement].Argument[0].Member[sql]", "sql-injection"]
- ["RDSDataClientV2", "ReturnValue.Member[batchExecuteStatement].Argument[0].Member[parameterSets].ArrayElement.Member[sql]", "sql-injection"]
- ["DynamoDBClientV2", "ReturnValue.Member[executeStatement].Argument[0].Member[Statement]", "sql-injection"]
- ["DynamoDBClientV2", "ReturnValue.Member[batchExecuteStatement].Argument[0].Member[Statements].ArrayElement.Member[Statement]", "sql-injection"]
- addsTo:
pack: codeql/javascript-all
extensible: summaryModel
data:
- ["@aws-sdk/client-athena", "Member[StartQueryExecutionCommand,CreateNamedQueryCommand,UpdateNamedQueryCommand]", "Argument[0].Member[QueryString]", "ReturnValue", "taint"]
- ["@aws-sdk/client-s3", "Member[SelectObjectContentCommand]", "Argument[0].Member[Expression]", "ReturnValue", "taint"]
- ["@aws-sdk/client-rds-data", "Member[ExecuteStatementCommand,BatchExecuteStatementCommand]", "Argument[0].Member[sql]", "ReturnValue", "taint"]
- ["@aws-sdk/client-rds-data", "Member[BatchExecuteStatementCommand]", "Argument[0].Member[parameterSets].ArrayElement.Member[sql]", "ReturnValue", "taint"]
- ["@aws-sdk/client-rds-data", "Member[ExecuteSqlCommand]", "Argument[0].Member[sqlStatements]", "ReturnValue", "taint"]
- ["@aws-sdk/client-dynamodb", "Member[ExecuteStatementCommand]", "Argument[0].Member[Statement]", "ReturnValue", "taint"]
- ["@aws-sdk/client-dynamodb", "Member[BatchExecuteStatementCommand]", "Argument[0].Member[Statements].ArrayElement.Member[Statement]", "ReturnValue", "taint"]
- addsTo:
pack: codeql/javascript-all
extensible: typeModel
data:
- ["AthenaClientV2", "aws-sdk", "Member[Athena]"]
- ["S3ClientV2", "aws-sdk", "Member[S3]"]
- ["RDSDataClientV2", "aws-sdk", "Member[RDSDataService]"]
- ["DynamoDBClientV2", "aws-sdk", "Member[DynamoDB]"]
- ["AWS-V3-Common", "@aws-sdk/client-athena", "Member[AthenaClient]"]
- ["AWS-V3-Common", "@aws-sdk/client-s3", "Member[S3Client]"]
- ["AWS-V3-Common", "@aws-sdk/client-dynamodb", "Member[DynamoDBClient,DynamoDB]"]
- ["AWS-V3-Common", "@aws-sdk/client-rds-data", "Member[RDSDataClient]"]
- addsTo:
pack: codeql/javascript-all
extensible: sourceModel
data:
- ["AWS-V3-Common", "ReturnValue.Member[send].ReturnValue.Awaited", "database-access-result"]
- ["AthenaClientV2", "ReturnValue.Member[getQueryResults].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"]
- ["AthenaClientV2", "ReturnValue.Member[getQueryResults].Argument[1].Parameter[1]", "database-access-result"]
- ["S3ClientV2", "ReturnValue.Member[getObject].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"]
- ["S3ClientV2", "ReturnValue.Member[getObject].Argument[1].Parameter[1]", "database-access-result"]
- ["RDSDataClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"]
- ["RDSDataClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement].Argument[1].Parameter[1]", "database-access-result"]
- ["DynamoDBClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement,query,scan,getItem,batchGetItem].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"]
- ["DynamoDBClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement,query,scan,getItem,batchGetItem].Argument[1].Parameter[1]", "database-access-result"]

28
javascript/ql/lib/ext/client-s3.model.yml
View File

@@ -1,28 +0,0 @@
extensions:
- addsTo:
pack: codeql/javascript-all
extensible: sinkModel
data:
- ["S3ClientV3", "ReturnValue.Member[send].Argument[0]", "sql-injection"]
- ["S3ClientV2", "ReturnValue.Member[selectObjectContent].Argument[0].Member[Expression]", "sql-injection"]
- addsTo:
pack: codeql/javascript-all
extensible: summaryModel
data:
- ["@aws-sdk/client-s3", "Member[SelectObjectContentCommand]", "Argument[0].Member[Expression]", "ReturnValue", "taint"]
- addsTo:
pack: codeql/javascript-all
extensible: typeModel
data:
- ["S3ClientV3", "@aws-sdk/client-s3", "Member[S3Client]"]
- ["S3ClientV2", "aws-sdk", "Member[S3]"]
- addsTo:
pack: codeql/javascript-all
extensible: sourceModel
data:
- ["S3ClientV3", "ReturnValue.Member[send].ReturnValue.Awaited", "database-access-result"]
- ["S3ClientV2", "ReturnValue.Member[getObject].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"]
- ["S3ClientV2", "ReturnValue.Member[getObject].Argument[1].Parameter[1]", "database-access-result"]

30
javascript/ql/lib/ext/dynamodb.model.yml
View File

@@ -1,30 +0,0 @@
extensions:
- addsTo:
pack: codeql/javascript-all
extensible: sinkModel
data:
- ["DynamoDBClientV3", "ReturnValue.Member[send].Argument[0]", "sql-injection"]
- ["DynamoDBClientV2", "ReturnValue.Member[executeStatement].Argument[0].Member[Statement]", "sql-injection"]
- ["DynamoDBClientV2", "ReturnValue.Member[batchExecuteStatement].Argument[0].Member[Statements].ArrayElement.Member[Statement]", "sql-injection"]
- addsTo:
pack: codeql/javascript-all
extensible: summaryModel
data:
- ["@aws-sdk/client-dynamodb", "Member[ExecuteStatementCommand]", "Argument[0].Member[Statement]", "ReturnValue", "taint"]
- ["@aws-sdk/client-dynamodb", "Member[BatchExecuteStatementCommand]", "Argument[0].Member[Statements].ArrayElement.Member[Statement]", "ReturnValue", "taint"]
- addsTo:
pack: codeql/javascript-all
extensible: typeModel
data:
- ["DynamoDBClientV3", "@aws-sdk/client-dynamodb", "Member[DynamoDBClient,DynamoDB]"]
- ["DynamoDBClientV2", "aws-sdk", "Member[DynamoDB]"]
- addsTo:
pack: codeql/javascript-all
extensible: sourceModel
data:
- ["DynamoDBClientV3", "ReturnValue.Member[send].ReturnValue.Awaited", "database-access-result"]
- ["DynamoDBClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"]
- ["DynamoDBClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement].Argument[1].Parameter[1]", "database-access-result"]

31
javascript/ql/lib/ext/rds-client.model.yml
View File

@@ -1,31 +0,0 @@
extensions:
- addsTo:
pack: codeql/javascript-all
extensible: sinkModel
data:
- ["RDSDataClientV3", "ReturnValue.Member[send].Argument[0]", "sql-injection"]
- ["RDSDataClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement].Argument[0].Member[sql]", "sql-injection"]
- ["RDSDataClientV2", "ReturnValue.Member[batchExecuteStatement].Argument[0].Member[parameterSets].ArrayElement.Member[sql]", "sql-injection"]
- addsTo:
pack: codeql/javascript-all
extensible: summaryModel
data:
- ["@aws-sdk/client-rds-data", "Member[ExecuteStatementCommand,BatchExecuteStatementCommand]", "Argument[0].Member[sql]", "ReturnValue", "taint"]
- ["@aws-sdk/client-rds-data", "Member[BatchExecuteStatementCommand]", "Argument[0].Member[parameterSets].ArrayElement.Member[sql]", "ReturnValue", "taint"]
- ["@aws-sdk/client-rds-data", "Member[ExecuteSqlCommand]", "Argument[0].Member[sqlStatements]", "ReturnValue", "taint"]
- addsTo:
pack: codeql/javascript-all
extensible: typeModel
data:
- ["RDSDataClientV3", "@aws-sdk/client-rds-data", "Member[RDSDataClient]"]
- ["RDSDataClientV2", "aws-sdk", "Member[RDSDataService]"]
- addsTo:
pack: codeql/javascript-all
extensible: sourceModel
data:
- ["RDSDataClientV3", "ReturnValue.Member[send].ReturnValue.Awaited", "database-access-result"]
- ["RDSDataClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"]
- ["RDSDataClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement].Argument[1].Parameter[1]", "database-access-result"]