@aikidosec/firewall/sinks/AwsSDKVersion2.js

Zen by Aikido is an embedded Application Firewall that autonomously protects Node.js apps against common and critical attacks, provides rate limiting, detects malicious traffic (including bots), and more.

"use strict";
Object.defineProperty(exports, "__esModule", { value: true });
exports.AwsSDKVersion2 = void 0;
const Context_1 = require("../agent/Context");
const wrapExport_1 = require("../agent/hooks/wrapExport");
const wrapNewInstance_1 = require("../agent/hooks/wrapNewInstance");
const isPlainObject_1 = require("../helpers/isPlainObject");
const checkContextForPathTraversal_1 = require("../vulnerabilities/path-traversal/checkContextForPathTraversal");
const operationsWithKey = [
    "putObject",
    "getObject",
    "deleteObject",
    "copyObject",
    "getObjectAcl",
    "putObjectAcl",
    "restoreObject",
    "headObject",
    "deleteObjectTagging",
    "getObjectTagging",
    "putObjectTagging",
    "upload",
    "createMultipartUpload",
    "uploadPart",
    "uploadPartCopy",
    "completeMultipartUpload",
    "abortMultipartUpload",
    "listParts",
    "listMultipartUploads",
    "putObjectRetention",
    "getObjectRetention",
    "putObjectLegalHold",
    "getObjectLegalHold",
    "selectObjectContent",
    "getSignedUrl",
];
class AwsSDKVersion2 {
    inspectS3Operation(args, operation) {
        const context = (0, Context_1.getContext)();
        if (!context) {
            return undefined;
        }
        for (const arg of args) {
            if ((0, isPlainObject_1.isPlainObject)(arg) &&
                arg.Key &&
                typeof arg.Key === "string" &&
                arg.Key.length > 0) {
                const result = (0, checkContextForPathTraversal_1.checkContextForPathTraversal)({
                    filename: arg.Key,
                    operation: `S3.${operation}`,
                    context: context,
                });
                if (result) {
                    return result;
                }
            }
        }
        return undefined;
    }
    wrap(hooks) {
        hooks
            .addPackage("aws-sdk")
            .withVersion("^2.0.0")
            .onRequire((exports, pkgInfo) => {
            (0, wrapNewInstance_1.wrapNewInstance)(exports, "S3", pkgInfo, (instance) => {
                for (const operation of operationsWithKey) {
                    (0, wrapExport_1.wrapExport)(instance, operation, pkgInfo, {
                        kind: "fs_op",
                        inspectArgs: (args) => this.inspectS3Operation(args, operation),
                    });
                }
            });
        });
    }
}
exports.AwsSDKVersion2 = AwsSDKVersion2;