Skip to content

Commit 83aa395

Browse files
lpizzinidevlpizzinidev
authored
fix(custom-resources-handlers): s3 deployment handler log injection vulnerability (#28599)
The `bucket-deployment-handler` results vulnerable to [CWE-117](https://cwe.mitre.org/data/definitions/117.html) and [CWE-93](https://cwe.mitre.org/data/definitions/93.html) according to AWS Inspector. This fix mitigates the vulnerability by sanitizing the logged `message` as suggested on [Veracode](https://community.veracode.com/s/article/How-to-Fix-CWE-117-Improper-Output-Neutralization-for-Logs). **Note** Inspector suggestion of using `urllib.parse.quote` would produce unreadable messages, so I opted for `encoded`. Closes #28469. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
1 parent fcb7231 commit 83aa395

File tree

32 files changed

+69
-60
lines changed

32 files changed

+69
-60
lines changed

packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-elastic-beanstalk-deploy.js.snapshot/aws-cdk-codepipeline-elastic-beanstalk-deploy.assets.json

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-elastic-beanstalk-deploy.js.snapshot/aws-cdk-codepipeline-elastic-beanstalk-deploy.template.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -319,7 +319,7 @@
319319
"S3Bucket": {
320320
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
321321
},
322-
"S3Key": "e976a796f036a5efbf44b99e44cfb5a961df08d8dbf7cd37e60bf216fb982a00.zip"
322+
"S3Key": "2d56e153cac88d3e0c2f842e8e6f6783b8725bf91f95e0673b4725448a56e96d.zip"
323323
},
324324
"Environment": {
325325
"Variables": {

packages/@aws-cdk-testing/framework-integ/test/aws-codepipeline-actions/test/integ.pipeline-elastic-beanstalk-deploy.js.snapshot/tree.json

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.import-source.js.snapshot/S3Stack.assets.json

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.import-source.js.snapshot/S3Stack.template.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -328,7 +328,7 @@
328328
"S3Bucket": {
329329
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
330330
},
331-
"S3Key": "e976a796f036a5efbf44b99e44cfb5a961df08d8dbf7cd37e60bf216fb982a00.zip"
331+
"S3Key": "2d56e153cac88d3e0c2f842e8e6f6783b8725bf91f95e0673b4725448a56e96d.zip"
332332
},
333333
"Environment": {
334334
"Variables": {

packages/@aws-cdk-testing/framework-integ/test/aws-dynamodb/test/integ.import-source.js.snapshot/tree.json

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.environment-file.js.snapshot/aws-ecs-integ.assets.json

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.environment-file.js.snapshot/aws-ecs-integ.template.json

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1340,7 +1340,7 @@
13401340
"S3Bucket": {
13411341
"Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
13421342
},
1343-
"S3Key": "e976a796f036a5efbf44b99e44cfb5a961df08d8dbf7cd37e60bf216fb982a00.zip"
1343+
"S3Key": "2d56e153cac88d3e0c2f842e8e6f6783b8725bf91f95e0673b4725448a56e96d.zip"
13441344
},
13451345
"Environment": {
13461346
"Variables": {

packages/@aws-cdk-testing/framework-integ/test/aws-ecs/test/ec2/integ.environment-file.js.snapshot/tree.json

Lines changed: 1 addition & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

packages/@aws-cdk-testing/framework-integ/test/aws-s3-deployment/test/integ.bucket-deployment-cloudfront.js.snapshot/test-bucket-deployments-1.assets.json

Lines changed: 3 additions & 3 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)