Updated takesConfigurationObject with API graphs

2026-04-28 02:05:14 +02:00 · 2025-04-24 11:16:09 +02:00
parent 42d5b80e81
commit f7f9fb823a
1 changed files with 5 additions and 3 deletions
--- a/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll
+++ b/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll
@@ -65,12 +65,14 @@ module AWS {
   * Holds if the `i`th argument of `invk` is an object hash for `AWS.Config`.
   */
  private predicate takesConfigurationObject(DataFlow::InvokeNode invk, int i) {
-    exists(DataFlow::ModuleImportNode mod | mod.getPath() = "aws-sdk" |
+    exists(API::Node mod | mod = getAWSImport() |
      // `AWS.config.update(nd)`
-      invk = mod.getAPropertyRead("config").getAMemberCall("update") and
+      invk = mod.getMember("config").getMember("update").getACall() and
      i = 0
      or
-      exists(DataFlow::SourceNode cfg | cfg = mod.getAConstructorInvocation("Config") |
+      exists(DataFlow::SourceNode cfg |
+        cfg = mod.getMember("Config").getAnInstantiation().getReturn().asSource()
+      |
        // `new AWS.Config(nd)`
        invk = cfg and
        i = 0