AWS Lambda - Python Command Injection
When writing a AWS lambda function, we need to be careful about secure coding issues. If your lambda function takes an input and use it to run a command, you need to avoid using os.system(...). You should use subprocess.run(...) but without the shell. The commands provided to subprocess should be in arguments. 1 2 3 4 5 6 7 8 9 10 import subprocess import uuid def lambda_handler(event, context): rand_value = uuid....