See AWS Java 1.2 - Release Notes for more information.
Supported services and frameworks
SDK 1.x, 2.x
Lambda creation and link to handler
|SNS subscription: http|
|SNS subscription: email/SMS|
|SNS subscription: sqs|
|SNS subscription: lambda|
|Java Call to AWS Lambda Function|
|Java Call to AWS unknown Lambda Function|
|Java AWS Simple Queue Service Receiver|
|Java AWS Simple Queue Service Publisher|
|Java AWS Unknown Simple Queue Service Receiver|
|Java AWS Unknown Simple Queue Service Publisher|
|Java AWS SNS Publisher|
|Java AWS SNS Subscriber|
|Java AWS SNS Unknown Publisher|
|Java AWS SNS Unkown Subscriber|
|Java AWS SMS, Java AWS Email|
|Java AWS Post Service|
|Java AWS S3 Bucket|
|Java AWS unknown S3 Bucket|
In what situation should you install this extension?
This extension should be used for analyzing java source code using an of the supported AWS services.
Support of lambda functions
- Lambda services allow executing some source code on the cloud. The execution can be set to be triggered by some AWS events.
- Lambda functions can be deployed using several deployment frameworks. The supported deployment frameworks are listed on this page.
- When a lambda function is created and its runtime is java, the current extension is responsible for linking the lambda objects and their triggers with the java handler functions.
Let us consider a source code defining a lambda function having a java runtime (for instance java8) and the handler function is given by the handler function fullname. If the lambda function is deployed using a supported deployment framework (such as CloudFormation), the analysis will create a lambda function. If the current extension finds a java method matching the handler fullname a link to that java method will be added from the lambda function.
Some applications are using a monolithic pattern: only one handler function is used for many (if not all) API Gateways. That handler function then dispatches the call to sub-handler functions using switches based on the URLs. Ideally, in the modelization, each API Gateway should be linked to its dedicated sub-handler function. However, in our modelization, all API Gateways will be linked to the root handler function.
Support for SDK
Support for S3
Supported S3 APIs for SDK v1
For the following methods of the com.amazonaws.services.s3.AmazonS3 client we create links to the bucket:
|useSelectLink||getObject, listObjects, listObjectsV2, getObjectAsString, listObjects, listObjectsV2|
|useDeleteLink||deleteBucket, deleteObject, deleteObjects|
|callLink||changeObjectStorageClass, deleteBucketAnalyticsConfiguration, deleteBucketCrossOriginConfiguration, deleteBucketEncryption, deleteBucketIntelligentTieringConfiguration, deleteBucketInventoryConfiguration, deleteBucketLifecycleConfiguration, deleteBucketMetricsConfiguration, deleteBucketPolicy, deleteBucketReplicationConfiguration, deleteBucketTaggingConfiguration, deleteBucketWebsiteConfiguration, deleteObjectTagging, deleteVersion, disableRequesterPays, doesBucketExist, doesBucketExistV2, doesObjectExist, download, enableRequesterPays, generatePresignedUrl, getBucketAccelerateConfiguration, getBucketAcl, getBucketAnalyticsConfiguration, getBucketCrossOriginConfiguration, getBucketIntelligentTieringConfiguration, getBucketInventoryConfiguration, getBucketLifecycleConfiguration, getBucketLocation, getBucketLoggingConfiguration, getBucketMetricsConfiguration, getBucketNotificationConfiguration, getBucketOwnershipControls, getBucketPolicy, getBucketReplicationConfiguration, getBucketTaggingConfiguration, getBucketVersioningConfiguration, getBucketWebsiteConfiguration, getObjectAcl, AccessControlList, getObjectMetadata, getObjectTagging, getUrl, headBucket, initiateMultipartUpload, isRequesterPaysEnabled, listParts, listVersions, restoreObject, restoreObjectV2, setBucketAccelerateConfiguration, setBucketAcl, setBucketAnalyticsConfiguration, setBucketCrossOriginConfiguration, setBucketIntelligentTieringConfiguration, setBucketInventoryConfiguration, setBucketLifecycleConfiguration, setBucketLoggingConfiguration, setBucketMetricsConfiguration, setBucketNotificationConfiguration, setBucketOwnershipControls, setBucketPolicy, setBucketReplicationConfiguration, setBucketTaggingConfiguration, setBucketVersioningConfiguration, setBucketWebsiteConfiguration, setObjectAcl, setObjectRedirectLocation, setObjectTagging, setEndpoint, setRequestPaymentConfiguration, shutdown, createBucket|
Supported S3 APIs for SDK v2
For the following methods of the software.amazon.awssdk.services.s3.S3Client client we create links to the bucket:
|useUpdateLink||putObject, uploadPart, restoreObject|
|useSelectLink||getObject, getObjectAsBytes, listObjects, listObjectsV2, listObjectsV2Paginator|
|useDeleteLink||deleteBucket, deleteObject, deleteObjects|
|callLink||abortMultipartUpload, createBucket, createMultipartUpload, deleteBucketAnalyticsConfiguration, deleteBucketCors, deleteBucketEncryption, deleteBucketIntelligentTieringConfiguration, deleteBucketInventoryConfiguration, deleteBucketLifecycle, deleteBucketMetricsConfiguration, deleteBucketOwnershipControls, deleteBucketPolicy, deleteBucketReplication, deleteBucketTagging, deleteBucketWebsite, deleteObjectTagging, deletePublicAccessBlock, getBucketAccelerateConfiguration, getBucketAcl, getBucketAnalyticsConfiguration, getBucketCors, getBucketEncryption, getBucketIntelligentTieringConfiguration, getBucketInventoryConfiguration, getBucketLifecycleConfiguration, getBucketLocation, getBucketLogging, getBucketMetricsConfiguration, getBucketNotificationConfiguration, getBucketOwnershipControls, getBucketPolicy, getBucketPolicyStatus, getBucketReplication, getBucketRequestPayment, getBucketTagging, getBucketVersioning, getBucketWebsite, getObjectAcl, getObjectLegalHold, getObjectLockConfiguration, getObjectRetention, getObjectTagging, getObjectTorrent, getObjectTorrentAsBytes, getPublicAccessBlock, headBucket, headObject, listBucketAnalyticsConfigurations, listBucketIntelligentTieringConfigurations, listBucketInventoryConfigurations, listBucketMetricsConfigurations, listMultipartUploads, listMultipartUploadsPaginator, listObjectVersions, listObjectVersionsPaginator, listParts, listPartsPaginator, putBucketAccelerateConfiguration|
This code will create a S3 Bucket named "foo_bucket" on an AWS server in region "AP_SOUTH_1" and puts an object in it
Once the analysis/snapshot generation has completed, you can view the results in the normal manner (for example via CAST Enlighten):
Known limitations for S3
- createPresignedPost API is not supported. However the call to this method is represented by a callLink to the bucket similar to other API methods in S3Client .
Support for Lambda invocation
Only the invoke method of software.amazon.awssdk.services.lambda.LambdaClient (SDK V1) and com.amazonaws.services.lambda.AWSLambda (SDK V2) is currently supported.
The analysis of the following source code will create a Java Call to AWS Lambda Function object named functionName with a callLink from the invokeFunction to that object:
The following two annotations (equally named) are supported (one for Android and the other one for Java applications):
The example below reproduced from the official documentation https://docs.aws.amazon.com/lambda/latest/dg/with-android-example.html, illustrates how one can define (but not implement) the lambda function by annotating the AndroidBackendLambdaFunction method.
The @LambdaFunction annotation maps the specific client method to the same-name Lambda function. The expected behavior of the JEE analyzer is to resolve the actual Lambda Function invocation via method calls (elsewhere) to the annotated interface methods. The com.castsoftware.awsjava extension on the other hand will create a Java Call to AWS Lambda Function object and the respective incoming callLink from the annotated interface method AndroidBackendLambdaFunction.
Support for SNS
The following APIs are supported:
For SDK V1:
For SDK V2
For the publish method a Java AWS SNS Publisher object is created. Its name is that of the topic.
For the subscribe methods, a Java AWS SNS Subscriber object is created. Its name is that of the topic. Then for each supported protocol, an object is created with a callLink from the subscriber to that object. The supported protocols are the following:
|protocol||object created||name of the object|
|Java AWS Email||an Email (the email addresses are not evaluated)|
|sms||Java AWS SMS||an SMS (the SMS numbers are not evaluated)|
|http/https||Java AWS Post Service||the url (evaluated from the endpoint)|
|sqs||Java AWS Simple Queue Service Publisher||the name of the queue (evaluated from the endpoint)|
|lambda||Java Call to AWS Lambda Function||the name of the lambda function (evaluated from the endpoint)|
the com.castsoftware.wbslinker will create a callLink between the SNS Publishers and SNS Subscribers which have the same name.
When analyzing the following source code:
Click to enlarge
The extension com.castsoftware.wbslinker is responsible for matching Java Call to AWS Lambda Function objects to Lambda Function objects such as Java AWS Lambda Function during application-level analysis.
- (Corrected in 1.2.2-funcrel)
A single inheritance depth level is only supported for classes implementing predefined interfaces such as RequestHandler andRequestStreamHandler when searching for handler methods. However overriding/overloading of the handler methods is not fully supported.
- No custom lambda function resolver is supported, i.e. that passed to lambdaFunctionNameResolver (connected to the building of LambdaInvokerFactory).
- Use of Consumer Builder for SDK is not supported.
- Monolithic pattern for lambda functions is not properly supported.