@aikidosec/firewall
Version:
Zen by Aikido is an embedded Web Application Firewall that autonomously protects Node.js apps against common and critical attacks
76 lines (75 loc) • 2.46 kB
JavaScript
;
Object.defineProperty(exports, "__esModule", { value: true });
exports.AwsSDKVersion2 = void 0;
const Context_1 = require("../agent/Context");
const wrapExport_1 = require("../agent/hooks/wrapExport");
const wrapNewInstance_1 = require("../agent/hooks/wrapNewInstance");
const isPlainObject_1 = require("../helpers/isPlainObject");
const checkContextForPathTraversal_1 = require("../vulnerabilities/path-traversal/checkContextForPathTraversal");
const operationsWithKey = [
"putObject",
"getObject",
"deleteObject",
"copyObject",
"getObjectAcl",
"putObjectAcl",
"restoreObject",
"headObject",
"deleteObjectTagging",
"getObjectTagging",
"putObjectTagging",
"upload",
"createMultipartUpload",
"uploadPart",
"uploadPartCopy",
"completeMultipartUpload",
"abortMultipartUpload",
"listParts",
"listMultipartUploads",
"putObjectRetention",
"getObjectRetention",
"putObjectLegalHold",
"getObjectLegalHold",
"selectObjectContent",
"getSignedUrl",
];
class AwsSDKVersion2 {
inspectS3Operation(args, operation) {
const context = (0, Context_1.getContext)();
if (!context) {
return undefined;
}
for (const arg of args) {
if ((0, isPlainObject_1.isPlainObject)(arg) &&
arg.Key &&
typeof arg.Key === "string" &&
arg.Key.length > 0) {
const result = (0, checkContextForPathTraversal_1.checkContextForPathTraversal)({
filename: arg.Key,
operation: `S3.${operation}`,
context: context,
});
if (result) {
return result;
}
}
}
return undefined;
}
wrap(hooks) {
hooks
.addPackage("aws-sdk")
.withVersion("^2.0.0")
.onRequire((exports, pkgInfo) => {
(0, wrapNewInstance_1.wrapNewInstance)(exports, "S3", pkgInfo, (instance) => {
for (const operation of operationsWithKey) {
(0, wrapExport_1.wrapExport)(instance, operation, pkgInfo, {
kind: "fs_op",
inspectArgs: (args) => this.inspectS3Operation(args, operation),
});
}
});
});
}
}
exports.AwsSDKVersion2 = AwsSDKVersion2;