github
diff --git a/‎javascript/ql/lib/ext/athena.model.yml‎
Lines changed: 0 additions & 29 deletions b/‎javascript/ql/lib/ext/athena.model.yml‎
Lines changed: 0 additions & 29 deletions
diff --git a/‎javascript/ql/lib/ext/aws-sdk.model.yml‎
Lines changed: 46 additions & 3 deletions b/‎javascript/ql/lib/ext/aws-sdk.model.yml‎
Lines changed: 46 additions & 3 deletions
diff --git a/‎javascript/ql/lib/ext/client-s3.model.yml‎
Lines changed: 0 additions & 28 deletions b/‎javascript/ql/lib/ext/client-s3.model.yml‎
Lines changed: 0 additions & 28 deletions
diff --git a/‎javascript/ql/lib/ext/dynamodb.model.yml‎
Lines changed: 0 additions & 30 deletions b/‎javascript/ql/lib/ext/dynamodb.model.yml‎
Lines changed: 0 additions & 30 deletions
diff --git a/‎javascript/ql/lib/ext/rds-client.model.yml‎
Lines changed: 0 additions & 31 deletions b/‎javascript/ql/lib/ext/rds-client.model.yml‎
Lines changed: 0 additions & 31 deletions
@@ -3,6 +3,49 @@ extensions:
       pack: codeql/javascript-all
       extensible: sinkModel
     data:
-    - ["aws-sdk", "AnyMember.Argument[0].Member[secretAccessKey,accessKeyId]", "credentials-key"]
-    - ["aws-sdk", "AnyMember.Member[secretAccessKey,accessKeyId]", "credentials-key"]
-    - ["aws-sdk", "Member[Credentials].Argument[0,1]", "credentials-key"]
+      - ["aws-sdk", "AnyMember.Argument[0].Member[secretAccessKey,accessKeyId]", "credentials-key"]
+      - ["aws-sdk", "AnyMember.Member[secretAccessKey,accessKeyId]", "credentials-key"]
+      - ["aws-sdk", "Member[Credentials].Argument[0,1]", "credentials-key"]
+      - ["AWS-V3-Common", "ReturnValue.Member[send].Argument[0]", "sql-injection"]
+      - ["AthenaClientV2", "ReturnValue.Member[startQueryExecution,createNamedQuery,updateNamedQuery].Argument[0].Member[QueryString]", "sql-injection"]
+      - ["S3ClientV2", "ReturnValue.Member[selectObjectContent].Argument[0].Member[Expression]", "sql-injection"]
+      - ["RDSDataClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement].Argument[0].Member[sql]", "sql-injection"]
+      - ["RDSDataClientV2", "ReturnValue.Member[batchExecuteStatement].Argument[0].Member[parameterSets].ArrayElement.Member[sql]", "sql-injection"]
+      - ["DynamoDBClientV2", "ReturnValue.Member[executeStatement].Argument[0].Member[Statement]", "sql-injection"]
+      - ["DynamoDBClientV2", "ReturnValue.Member[batchExecuteStatement].Argument[0].Member[Statements].ArrayElement.Member[Statement]", "sql-injection"]
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: summaryModel
+    data:
+      - ["@aws-sdk/client-athena", "Member[StartQueryExecutionCommand,CreateNamedQueryCommand,UpdateNamedQueryCommand]", "Argument[0].Member[QueryString]", "ReturnValue", "taint"]
+      - ["@aws-sdk/client-s3", "Member[SelectObjectContentCommand]", "Argument[0].Member[Expression]", "ReturnValue", "taint"]
+      - ["@aws-sdk/client-rds-data", "Member[ExecuteStatementCommand,BatchExecuteStatementCommand]", "Argument[0].Member[sql]", "ReturnValue", "taint"]
+      - ["@aws-sdk/client-rds-data", "Member[BatchExecuteStatementCommand]", "Argument[0].Member[parameterSets].ArrayElement.Member[sql]", "ReturnValue", "taint"]
+      - ["@aws-sdk/client-rds-data", "Member[ExecuteSqlCommand]", "Argument[0].Member[sqlStatements]", "ReturnValue", "taint"]
+      - ["@aws-sdk/client-dynamodb", "Member[ExecuteStatementCommand]", "Argument[0].Member[Statement]", "ReturnValue", "taint"]
+      - ["@aws-sdk/client-dynamodb", "Member[BatchExecuteStatementCommand]", "Argument[0].Member[Statements].ArrayElement.Member[Statement]", "ReturnValue", "taint"]
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: typeModel
+    data:
+      - ["AthenaClientV2", "aws-sdk", "Member[Athena]"]
+      - ["S3ClientV2", "aws-sdk", "Member[S3]"]
+      - ["RDSDataClientV2", "aws-sdk", "Member[RDSDataService]"]
+      - ["DynamoDBClientV2", "aws-sdk", "Member[DynamoDB]"]
+      - ["AWS-V3-Common", "@aws-sdk/client-athena", "Member[AthenaClient]"]
+      - ["AWS-V3-Common", "@aws-sdk/client-s3", "Member[S3Client]"]
+      - ["AWS-V3-Common", "@aws-sdk/client-dynamodb", "Member[DynamoDBClient,DynamoDB]"]
+      - ["AWS-V3-Common", "@aws-sdk/client-rds-data", "Member[RDSDataClient]"]
+  - addsTo:
+      pack: codeql/javascript-all
+      extensible: sourceModel
+    data:
+      - ["AWS-V3-Common", "ReturnValue.Member[send].ReturnValue.Awaited", "database-access-result"]
+      - ["AthenaClientV2", "ReturnValue.Member[getQueryResults].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"]
+      - ["AthenaClientV2", "ReturnValue.Member[getQueryResults].Argument[1].Parameter[1]", "database-access-result"]
+      - ["S3ClientV2", "ReturnValue.Member[getObject].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"]
+      - ["S3ClientV2", "ReturnValue.Member[getObject].Argument[1].Parameter[1]", "database-access-result"]
+      - ["RDSDataClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"]
+      - ["RDSDataClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement].Argument[1].Parameter[1]", "database-access-result"]
+      - ["DynamoDBClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement,query,scan,getItem,batchGetItem].ReturnValue.Member[promise].ReturnValue.Awaited", "database-access-result"]
+      - ["DynamoDBClientV2", "ReturnValue.Member[executeStatement,batchExecuteStatement,query,scan,getItem,batchGetItem].Argument[1].Parameter[1]", "database-access-result"]