hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-27 09:45:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Added modeling of rds v2 and v3 for sql injections

Browse Source
This commit is contained in:
Napalys Klicius
2025-07-29 14:50:19 +02:00
parent 5b5c17100c
commit e5f02852e1
3 changed files with 71 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
javascript/ql/lib/ext/rds-client.model.yml Normal file
View File

@@ -0,0 +1,23 @@
extensions:
- addsTo:
pack: codeql/javascript-all
extensible: sinkModel
data:
- ["RDSDataClientV3", "ReturnValue.Member[send].Argument[0]", "sql-injection"]
- ["RDSDataClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement].Argument[0].Member[sql]", "sql-injection"]
- ["RDSDataClientV2", "ReturnValue.Member[batchExecuteStatement].Argument[0].Member[parameterSets].ArrayElement.Member[sql]", "sql-injection"]
- addsTo:
pack: codeql/javascript-all
extensible: summaryModel
data:
- ["@aws-sdk/client-rds-data", "Member[ExecuteStatementCommand,BatchExecuteStatementCommand]", "Argument[0].Member[sql]", "ReturnValue", "taint"]
- ["@aws-sdk/client-rds-data", "Member[BatchExecuteStatementCommand]", "Argument[0].Member[parameterSets].ArrayElement.Member[sql]", "ReturnValue", "taint"]
- ["@aws-sdk/client-rds-data", "Member[ExecuteSqlCommand]", "Argument[0].Member[sqlStatements]", "ReturnValue", "taint"]
- addsTo:
pack: codeql/javascript-all
extensible: typeModel
data:
- ["RDSDataClientV3", "@aws-sdk/client-rds-data", "Member[RDSDataClient]"]
- ["RDSDataClientV2", "aws-sdk", "Member[RDSDataService]"]