Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
aws-lambda-nodejs: banner and footer values are not escaped
See original GitHub issueSource:
The values for banner and footer are not properly escaped for shell execution, resulting in errors, and potentially a command injection!
❯ cdk synth
Bundling asset ACPipelineStack/Staging/AtlanticCoreApp/.../Code/Stage...
> error: Invalid build flag: "--banner=// Source: ./src/modules/foo/index.ts\n\n"
Reproduction Steps
const defaultProperties: NodejsFunctionProps = {
bundling: {
banner: `// Source: ./src/modules/foo/index.ts`,
},
}
What did you expect to happen?
Values to be escaped.
What actually happened?
Ran as is, without escaping.
Environment
- CDK CLI Version: 1.93.0
- Framework Version: 1.93.0
- Node.js Version: v14.15.5
- OS : macOS
- Language (Version): TypeScript (3.8.3)
Other
"@aws-cdk/aws-lambda-nodejs": "1.93.0",
This is 🐛 Bug Report
Issue Analytics
- State:
- Created 3 years ago
- Comments:15 (12 by maintainers)
Top Results From Across the Web
(aws-lambda-nodejs): "define" bundling option is not escaped ...
The solution seems to be to additionally JSON-stringify all of the values before sending them to esbuild via CLI. The usage of the...
Read more >Package software.amazon.awscdk.services.lambda.nodejs
Log levels for esbuild and package managers' install commands. ... This library provides constructs for Node.js Lambda functions.
Read more >interface NodejsFunctionProps · AWS CDK
Key-value pairs that Lambda caches and makes available for your Lambda functions. Use environment variables to apply configuration changes, such as test and ......
Read more >interface BundlingOptions · AWS CDK
NET, Amazon.CDK.AWS.Lambda.Nodejs.BundlingOptions ... Any non-ASCII characters are escaped using backslash escape sequences. Using escape sequences makes ...
Read more >enum OutputFormat · AWS CDK
Nodejs.OutputFormat. Java, software.amazon.awscdk.services.lambda.nodejs.OutputFormat ... UTF8, // do not escape non-ASCII characters, defaults to Charset.
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
+
--banneris now--banner:jsand--banner:css(https://github.com/evanw/esbuild/blob/master/CHANGELOG.md#090)⚠️COMMENT VISIBILITY WARNING⚠️
Comments on closed issues are hard for our team to see. If you need more assistance, please either tag a team member or open a new issue that references this one. If you wish to keep having a conversation with other community members under this issue feel free to do so.