Inspector high severity findings on this solution's Lambdas

[RutgerBeyen]

trafficstars

Describe the bug AWS Inspector detects high severity findings on the Lambdas deployed by this solution

To Reproduce Enable Inspector and watch the output

Expected behavior AWS to patch and maintain libraries used in the Lambdas

Please complete the following information about the solution:

• Version: v.2.6.0
• Region: eu-central-1

Additional context

1. Name: StateMachineLambda File path: codebuild_scripts/merge_baseline_template_parameter.py Line: 28, 47, 99 CWE-22 - Path traversal: Constructing path names with unsanitized user input can lead to path traversal attacks (for example, ../../..) that allow an attacker access to file system resources.

2. Name: StateMachineLambda File path: config_deployer.py & cfct/lambda_handlers/config_deployer.py Line: 47 CWE-409 - Zip bomb attack: Expanding input archive files without any validation could make your code vulnerable to zip bomb attacks, which could potentially cause denial of service (DoS). We recommend that you sanitize input archive files before extracting them.

3. Name: CustomControlTowerLELambda File path: codebuild_scripts/find_replace.py Line: 28, 47, 99 CWE-22 - Path traversal: Constructing path names with unsanitized user input can lead to path traversal attacks (for example, ../../..) that allow an attacker access to file system resources.

4. Name: CustomControlTowerLELambda File path: config_deployer.py & cfct/lambda_handlers/config_deployer.py Line: 47 CWE-409 - Zip bomb attack: Expanding input archive files without any validation could make your code vulnerable to zip bomb attacks, which could potentially cause denial of service (DoS). We recommend that you sanitize input archive files before extracting them.