Skip to content

JS: Modeling of aws-sdk clients* #20135

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 13 commits into
base: main
Choose a base branch
from
Open

JS: Modeling of aws-sdk clients* #20135

wants to merge 13 commits into from

Conversation

Napalys
Copy link
Contributor

@Napalys Napalys commented Jul 28, 2025
edited
Loading

This PR adds modeling for v2 and v3 AWS SDK clients:

  • client-dynamodb
  • client-s3
  • client-athena
  • client-rds-data

Important notes:

@Napalys Napalys marked this pull request as ready for review July 30, 2025 07:50
@Copilot Copilot AI review requested due to automatic review settings July 30, 2025 07:50
@Napalys Napalys requested a review from a team as a code owner July 30, 2025 07:50
Copilot
Copilot AI reviewed Jul 30, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull Request Overview

This PR adds modeling for SQL injection detection in AWS SDK clients for both v2 and v3 versions of the AWS SDK. The main purpose is to enable CodeQL to detect SQL injection vulnerabilities when using DynamoDB, S3, Athena, and RDS Data clients with user-provided input.

Key changes include:

  • Addition of sink models for SQL injection detection across multiple AWS services
  • Addition of source models for database access results (XSS detection)
  • Comprehensive test coverage for both v2 and v3 AWS SDK versions

Reviewed Changes

Copilot reviewed 9 out of 9 changed files in this pull request and generated 4 comments.

Show a summary per file
File Description
javascript/ql/lib/ext/aws-sdk.model.yml Core modeling definitions for sinks, sources, and type mappings for AWS SDK clients
javascript/ql/test/query-tests/Security/CWE-089/untyped/*.js Test files demonstrating SQL injection vulnerabilities in various AWS services
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/aws-db.js Test file for XSS vulnerabilities from AWS database responses
javascript/ql/test/query-tests/Security/CWE-089/untyped/SqlInjection.expected Expected test results for SQL injection detection
javascript/ql/test/query-tests/Security/CWE-079/DomBasedXss/XssWithAdditionalSources.expected Expected test results for XSS detection
javascript/ql/lib/change-notes/2025-07-28-dynamodb.md Release notes documenting the new AWS SDK support

@Napalys Napalys changed the title Js: Modeling of dynamodb JS: Modeling of aws-sdk clients* Jul 30, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
documentation JS
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@Napalys
pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy