fix(allowlist_db): Improve DynamoDB regex for allowlisting. (#1127)

2026-02-10 14:55:00 +00:00 · 2022-05-06 13:46:53 +02:00
parent 4146566f92
commit b78e4ad6a1
1 changed files with 2 additions and 2 deletions
--- a/include/allowlist
+++ b/include/allowlist
@@ -16,7 +16,7 @@ allowlist(){
  if grep -q -E "^s3://([^/]+)/(.*?([^/]+))$" <<< "${ALLOWLIST_FILE}"; then
    allowlist_S3
  # Check if the file is a DynamoDB ARN
-  elif grep -q -E "^arn:aws:dynamodb:\w+(?:-\w+)+:\d{12}:table\/[-._A-Za-z0-9]+$" <<< "${ALLOWLIST_FILE}"; then
+  elif grep -q -E "^arn:[aws\|aws\-cn\|aws\-us\-gov]+:dynamodb:[a-z]{2}-[north\|south\|east\|west\|central]+-[1-9]{1}:[0-9]{12}:table\/[a-zA-Z0-9._-]+$" <<< "${ALLOWLIST_FILE}"; then
    allowlist_DynamoDB
  else
    # Check if the file is a DynamoDB ARN
@@ -79,4 +79,4 @@ allowlist_Textfile() {
    EXITCODE=1
    exit ${EXITCODE}
  fi
-}
+}