Issue 157: FIX:CWE-117,93 Log injection in PostgreSQL lambda_function.py

[seetamraju]

Issue # 157

Description of changes: HIGH-Severity Security Vulnerability from AWS-Inspector. CWE-117,93 Log injection

Analysis:

HIGH-Severity Security Vulnerability from AWS-Inspector. CWE-117,93 Log injection The PostgreSQL-related Lambdas have 3 "input" variables: arn token and step. With no attempt to sanitize these inputs, these variables are logged using logger.

---

*Even tho' these lambdas are NOT expected to be connected to APIGW, and are meant to be invoked via EventBridge-Cron, .. the AWS-Inspector, and other security-tools, will NEVER be able to confirm this, and so will continue to flag ALL Log-related vulnerabilities as high.

Since the FIX is trivial (add .encode() to EACH and EVERY logger-statement) and .. .. .. Since the primary-code is UNTOUCHED (as in, we are NOT choosing to "fix" these 3 input-variables), .. it is quite reasonable to conclude that there should be ZERO functional impact (that is, No new errors introduced).

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of your choice.

[seetamraju]

Adding .encode() to a string variable doesn't perform any extra sanitization. It's not going to address your log injection concerns.

The correct fix for this is to modify the logger formatter to escape carriage returns.

Thanks! Fixed accordingly.

[kellerassel007]

Please fix this Inspector finding for the rotation Lambda. We have this Inspector finding as well in big enterprise company.