hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-23 07:37:08 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
0cf72dd97a0ba2a199f8899e8bae1458ff068a50
codeql/javascript/ql/lib/semmle/javascript/frameworks/AWS.qll
Andrew Eisenberg 45d1fa7f01 Packaging: Rafactor Javascript core libraries 
Extract the external facing `qll` files into the codeql/javascript-all
query pack.
2021-08-25 12:15:56 -07:00

49 lines
1.4 KiB
Plaintext
Raw Blame History

/**
* Provides classes for working with [AWS-SDK](https://aws.amazon.com/sdk-for-node-js/) applications.
*/
import javascript
module AWS {
/**
* Holds if the `i`th argument of `invk` is an object hash for `AWS.Config`.
*/
private predicate takesConfigurationObject(InvokeExpr invk, int i) {
exists(DataFlow::ModuleImportNode mod | mod.getPath() = "aws-sdk" |
// `AWS.config.update(nd)`
invk = mod.getAPropertyRead("config").getAMemberCall("update").asExpr() and
i = 0
or
exists(DataFlow::SourceNode cfg | cfg = mod.getAConstructorInvocation("Config") |
// `new AWS.Config(nd)`
invk = cfg.asExpr() and
i = 0
or
// `var config = new AWS.Config(...); config.update(nd);`
invk = cfg.getAMemberCall("update").asExpr() and
i = 0
)
)
}
/**
* An expression that is used as an AWS config value: `{ accessKeyId: <user>, secretAccessKey: <password>}`.
*/
class Credentials extends CredentialsExpr {
string kind;
Credentials() {
exists(string prop, InvokeExpr invk, int i |
takesConfigurationObject(invk, i) and
invk.hasOptionArgument(i, prop, this)
|
prop = "accessKeyId" and kind = "user name"
or
prop = "secretAccessKey" and kind = "password"
)
}
override string getCredentialsKind() { result = kind }
}
}
Reference in New Issue View Git Blame Copy Permalink