chore(s3-deployment): sanitize log message in CustomCDKBucketDeployme…

…nt handler (aws#30746) ### Issue # (if applicable) Closes aws#30211. ### Reason for this change Original PR aws#30225 Currently the `s3_dest` and `old_s3_dest` are logged as received. AWS inspector has identified as HIGH findings(CWE-[117](https://cwe.mitre.org/data/definitions/117.html),[93](https://cwe.mitre.org/data/definitions/93.html) - Log injection) in the lambda code. ### Description of changes We are sanitizing the message before logging to mitigate the CWE-[117](https://cwe.mitre.org/data/definitions/117.html),[93](https://cwe.mitre.org/data/definitions/93.html) - Log injection vulnerabilites. ### Description of how you validated changes Run all the existing integ test for s3-deployment custom resource and checked the AWS inspector if the finding still exists. ![image](https://github.com/aws/aws-cdk/assets/4015201/909ac257-6b7d-4308-8b16-6b98a4ec2fc1) ### Checklist - [x] My code adheres to the [CONTRIBUTING GUIDE](https://github.com/aws/aws-cdk/blob/main/CONTRIBUTING.md) and [DESIGN GUIDELINES](https://github.com/aws/aws-cdk/blob/main/docs/DESIGN_GUIDELINES.md) ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
obraafo · Jul 25, 2024 · b5e45b6 · b5e45b6
1 parent b10538c
commit b5e45b6
Show file tree

Hide file tree

Showing 51 changed files with 5,618 additions and 3,047 deletions.
diff --git a/...ic-beanstalk-deploy.js.snapshot/aws-cdk-codepipeline-elastic-beanstalk-deploy.assets.json b/...ic-beanstalk-deploy.js.snapshot/aws-cdk-codepipeline-elastic-beanstalk-deploy.assets.json
diff --git a/...-beanstalk-deploy.js.snapshot/aws-cdk-codepipeline-elastic-beanstalk-deploy.template.json b/...-beanstalk-deploy.js.snapshot/aws-cdk-codepipeline-elastic-beanstalk-deploy.template.json
@@ -327,7 +327,7 @@
      "S3Bucket": {
       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
      },
-     "S3Key": "2d56e153cac88d3e0c2f842e8e6f6783b8725bf91f95e0673b4725448a56e96d.zip"
+     "S3Key": "0158f40002a8c211635388a87874fd4dcc3d68f525fe08a0fe0f014069ae539c.zip"
     },
     "Environment": {
      "Variables": {

diff --git a/...depipeline-actions/test/integ.pipeline-elastic-beanstalk-deploy.js.snapshot/manifest.json b/...depipeline-actions/test/integ.pipeline-elastic-beanstalk-deploy.js.snapshot/manifest.json
diff --git a/...s-codepipeline-actions/test/integ.pipeline-elastic-beanstalk-deploy.js.snapshot/tree.json b/...s-codepipeline-actions/test/integ.pipeline-elastic-beanstalk-deploy.js.snapshot/tree.json
diff --git a/...source.js.snapshot/DynamoImportSourceIntegTestDefaultTestDeployAssert540810E4.assets.json b/...source.js.snapshot/DynamoImportSourceIntegTestDefaultTestDeployAssert540810E4.assets.json
diff --git a/...urce.js.snapshot/DynamoImportSourceIntegTestDefaultTestDeployAssert540810E4.template.json b/...urce.js.snapshot/DynamoImportSourceIntegTestDefaultTestDeployAssert540810E4.template.json
diff --git a/...ramework-integ/test/aws-dynamodb/test/integ.import-source.js.snapshot/S3Stack.assets.json b/...ramework-integ/test/aws-dynamodb/test/integ.import-source.js.snapshot/S3Stack.assets.json
diff --git a/...mework-integ/test/aws-dynamodb/test/integ.import-source.js.snapshot/S3Stack.template.json b/...mework-integ/test/aws-dynamodb/test/integ.import-source.js.snapshot/S3Stack.template.json
@@ -336,7 +336,7 @@
      "S3Bucket": {
       "Fn::Sub": "cdk-hnb659fds-assets-${AWS::AccountId}-${AWS::Region}"
      },
-     "S3Key": "2d56e153cac88d3e0c2f842e8e6f6783b8725bf91f95e0673b4725448a56e96d.zip"
+     "S3Key": "0158f40002a8c211635388a87874fd4dcc3d68f525fe08a0fe0f014069ae539c.zip"
     },
     "Environment": {
      "Variables": {

diff --git a/...b8725bf91f95e0673b4725448a56e96d/index.py → ...cc3d68f525fe08a0fe0f014069ae539c/index.py b/...b8725bf91f95e0673b4725448a56e96d/index.py → ...cc3d68f525fe08a0fe0f014069ae539c/index.py