Continuous Discovery 馃攧

AppSec, DevSecOps, Learning

AWS Lambda - Python Command Injection

When writing a AWS lambda function, we need to be careful about secure coding issues. If your lambda function takes an input and use it to run a command, you need to avoid using os.system(...). You should use subprocess.run(...) but without the shell. The commands provided to subprocess should be in arguments. 1 2 3 4 5 6 7 8 9 10 import subprocess import uuid def lambda_handler(event, context): rand_value = uuid....

March 6, 2023 路 2 min 路 290 words 路 Bobby Lin

Init Post

Init Post My first post 1 2 def print_world(): print("Hello")

November 6, 2022 路 1 min 路 10 words 路 Bobby Lin