Title: AWS Lambda Security Rules for Python - 14 SAST Rules | Code Pathfinder | Code Pathfinder
Open Graph Title: AWS Lambda - Python Security Rules | Code Pathfinder
X Title: AWS Lambda - Python Rules
Description: AWS Lambda rules for Python. Explore 14 security rules for Python covering AWS Lambda. AI-powered SAST with zero false positives.
Open Graph Description: AWS Lambda rules for Python. Browse 14 rules for Python.
X Description: 14 security rules for Python. AWS Lambda rules for Python
Keywords:
Opengraph URL: https://codepathfinder.dev/registry/python/aws_lambda
X: @sshivasurya
Domain: codepathfinder.dev
{"@context":"https://schema.org","@type":"WebSite","name":"Code Pathfinder","url":"https://codepathfinder.dev","potentialAction":{"@type":"SearchAction","target":"https://codepathfinder.dev/registry?q={search_term_string}","query-input":"required name=search_term_string"}}
{"@context":"https://schema.org","@type":"Organization","name":"Code Pathfinder","url":"https://codepathfinder.dev","logo":"https://codepathfinder.dev/icon.svg","sameAs":["https://github.com/shivasurya/code-pathfinder","https://x.com/sshivasurya"]}
| author | Code Pathfinder Team |
| googlebot | index, follow |
| og:site_name | Code Pathfinder |
| og:locale | en_US |
| og:type | website |
| twitter:card | summary_large_image |
| twitter:creator | @sshivasurya |
Links:
| /code pathfinder.| | https://codepathfinder.dev/ |
| Home | https://codepathfinder.dev/ |
| Docs | https://codepathfinder.dev/docs |
| Registry | https://codepathfinder.dev/registry |
| SDKRef | https://codepathfinder.dev/sdk |
| MCPAI | https://codepathfinder.dev/mcp |
| Blog | https://codepathfinder.dev/blog |
| SecureFlow AI | https://codepathfinder.dev/secureflow-ai |
| https://github.com/shivasurya/code-pathfinder | |
| Get Started | https://codepathfinder.dev/docs/quickstart |
| Registry | https://codepathfinder.dev/registry |
| Python | https://codepathfinder.dev/registry/python |
| Lambda Command Injection via os.system()CRITICALLambda event data flows to os.system(), enabling arbitrary OS command execution inside the Lambda execution environment.pythonawslambdacommand-injectionos-systemshelltaint-analysisinter-proceduralCWE-78OWASP-A03CWE-78Updated 2026-04-13 | https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-001 |
| Lambda Command Injection via subprocessCRITICALLambda event data flows to subprocess with shell=True or as a string command, enabling OS command injection in the Lambda execution environment.pythonawslambdacommand-injectionsubprocessshelltaint-analysisinter-proceduralCWE-78OWASP-A03CWE-78Updated 2026-04-13 | https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-002 |
| Lambda Command Injection via os.spawn*()CRITICALLambda event data flows to os.spawn*() functions, enabling process execution with attacker-controlled arguments in the Lambda execution environment.pythonawslambdacommand-injectionos-spawntaint-analysisinter-proceduralCWE-78OWASP-A03CWE-78Updated 2026-04-13 | https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-003 |
| Lambda Command Injection via asyncio.create_subprocess_shell()CRITICALLambda event data flows to asyncio.create_subprocess_shell(), enabling OS command injection in async Lambda handlers.pythonawslambdacommand-injectionasynciocreate-subprocess-shelltaint-analysisinter-proceduralCWE-78OWASP-A03CWE-78Updated 2026-04-13 | https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-004 |
| Lambda Command Injection via asyncio.create_subprocess_exec()CRITICALLambda event data flows to asyncio.create_subprocess_exec(), enabling argument injection in async Lambda handlers.pythonawslambdacommand-injectionasynciocreate-subprocess-execargument-injectiontaint-analysisinter-proceduralCWE-78OWASP-A03CWE-78Updated 2026-04-13 | https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-005 |
| Lambda SQL Injection via psycopg2 cursor.execute()CRITICALLambda event data flows to psycopg2 cursor.execute() without parameterization, enabling SQL injection against RDS PostgreSQL or Aurora PostgreSQL backends.pythonawslambdasql-injectionpsycopg2postgresqlrdsaurorataint-analysisinter-proceduralCWE-89OWASP-A03CWE-89Updated 2026-04-13 | https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-011 |
| Lambda SQL Injection via pymssql cursor.execute()CRITICALLambda event data flows to pymssql cursor.execute() without parameterization, enabling SQL injection against RDS SQL Server backends.pythonawslambdasql-injectionpymssqlsql-serverrdstaint-analysisinter-proceduralCWE-89OWASP-A03CWE-89Updated 2026-04-13 | https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-012 |
| Lambda SQL Injection via PyMySQL cursor.execute()CRITICALLambda event data flows to PyMySQL cursor.execute() without parameterization, enabling SQL injection against RDS MySQL or Aurora MySQL backends via the pure-Python driver.pythonawslambdasql-injectionpymysqlmysqlrdsaurorataint-analysisinter-proceduralCWE-89OWASP-A03CWE-89Updated 2026-04-13 | https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-013 |
| Lambda SQL Injection via SQLAlchemy execute()CRITICALLambda event data flows to SQLAlchemy session.execute() or connection.execute() without bound parameters, enabling SQL injection against any RDS backend.pythonawslambdasql-injectionsqlalchemyrdstaint-analysisinter-proceduralCWE-89OWASP-A03CWE-89Updated 2026-04-13 | https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-014 |
| Lambda Tainted SQL String ConstructionHIGHLambda event data is used in SQL string construction via f-strings or concatenation before being passed to a database execute call, enabling SQL injection.pythonawslambdasql-injectionstring-constructionf-stringconcatenationtaint-analysisinter-proceduralCWE-89OWASP-A03CWE-89Updated 2026-04-13 | https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-015 |
| Lambda DynamoDB FilterExpression InjectionHIGHLambda event data flows to a DynamoDB FilterExpression string, enabling expression manipulation in serverless DynamoDB scan and query operations.pythonawslambdadynamodbnosql-injectionfilter-expressionserverlesstaint-analysisinter-proceduralCWE-943OWASP-A03CWE-943Updated 2026-04-13 | https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-016 |
| Lambda XSS via Tainted HTML Response BodyHIGHLambda event data is embedded directly in an HTML response body returned to API Gateway, enabling Cross-Site Scripting attacks against end users.pythonawslambdaxsshtml-responseapi-gatewaytaint-analysisinter-proceduralCWE-79OWASP-A03CWE-79Updated 2026-04-13 | https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-020 |
| Lambda Code Injection via eval() or exec()CRITICALLambda event data flows to eval() or exec(), enabling arbitrary Python code execution with the full permissions of the Lambda execution environment.pythonawslambdacode-injectionevalexecrcetaint-analysisinter-proceduralCWE-95OWASP-A03CWE-95Updated 2026-04-13 | https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-022 |
| Lambda Remote Code Execution via Pickle DeserializationCRITICALLambda event data flows to pickle.loads() or pickle.load(), enabling arbitrary Python code execution during deserialization of attacker-controlled bytes.pythonawslambdadeserializationpicklercetaint-analysisinter-proceduralCWE-502OWASP-A08CWE-502Updated 2026-04-13 | https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-023 |
| Cryptography23 rules | https://codepathfinder.dev/registry/python/cryptography |
| Django23 rules | https://codepathfinder.dev/registry/python/django |
| Flask21 rules | https://codepathfinder.dev/registry/python/flask |
| JWT5 rules | https://codepathfinder.dev/registry/python/jwt |
| Python Core54 rules | https://codepathfinder.dev/registry/python/lang |
| Pyramid2 rules | https://codepathfinder.dev/registry/python/pyramid |
| Deserialization1 rules | https://codepathfinder.dev/registry/python/deserialization |
| Back to Python Categories | https://codepathfinder.dev/registry/python |
| All Languages → | https://codepathfinder.dev/registry |
| View full registry | https://codepathfinder.dev/registry |
| Docker37 rules, 4 categories | https://codepathfinder.dev/registry/docker |
| Audit2 | https://codepathfinder.dev/registry/docker/audit |
| Best Practice28 | https://codepathfinder.dev/registry/docker/best-practice |
| Correctness3 | https://codepathfinder.dev/registry/docker/correctness |
| Security4 | https://codepathfinder.dev/registry/docker/security |
| Docker Compose10 rules, 1 categories | https://codepathfinder.dev/registry/docker-compose |
| Security10 | https://codepathfinder.dev/registry/docker-compose/security |
| Python143 rules, 8 categories | https://codepathfinder.dev/registry/python |
| AWS Lambda14 | https://codepathfinder.dev/registry/python/aws_lambda |
| Cryptography23 | https://codepathfinder.dev/registry/python/cryptography |
| Django23 | https://codepathfinder.dev/registry/python/django |
| Flask21 | https://codepathfinder.dev/registry/python/flask |
| JWT5 | https://codepathfinder.dev/registry/python/jwt |
| Python Core54 | https://codepathfinder.dev/registry/python/lang |
| Pyramid2 | https://codepathfinder.dev/registry/python/pyramid |
| Deserialization1 | https://codepathfinder.dev/registry/python/deserialization |
| Go21 rules, 1 categories | https://codepathfinder.dev/registry/golang |
| Security21 | https://codepathfinder.dev/registry/golang/security |
| /code pathfinder. | https://codepathfinder.dev/ |
| https://github.com/shivasurya/code-pathfinder | |
| https://twitter.com/sshivasurya | |
| https://www.linkedin.com/in/shivasurya/ | |
| https://codepathfinder.dev/blog/feed.xml | |
| Star on GitHub | https://github.com/shivasurya/code-pathfinder |
| SecureFlow AI | https://codepathfinder.dev/secureflow-ai |
| MCP Server | https://codepathfinder.dev/mcp |
| Docker MCP | https://codepathfinder.dev/docs/mcp/docker-mcp |
| Documentation | https://codepathfinder.dev/docs |
| Registry | https://codepathfinder.dev/registry |
| Docs | https://codepathfinder.dev/docs |
| Blog | https://codepathfinder.dev/blog |
| Changelog | https://codepathfinder.dev/docs/changelog |
| GitHub | https://github.com/shivasurya/code-pathfinder |
| Contributing | https://github.com/shivasurya/code-pathfinder/blob/main/CONTRIBUTING.md |
| Code of Conduct | https://github.com/shivasurya/code-pathfinder/blob/main/CODE_OF_CONDUCT.md |
| Report Bug | https://github.com/shivasurya/code-pathfinder/issues |
| Discussions | https://github.com/shivasurya/code-pathfinder/discussions |
| Django SQL Injection | https://codepathfinder.dev/registry/python/django/PYTHON-DJANGO-SEC-001 |
| Flask SSTI | https://codepathfinder.dev/registry/python/flask/PYTHON-FLASK-SEC-002 |
| Dangerous eval() | https://codepathfinder.dev/registry/python/lang/PYTHON-LANG-SEC-001 |
| Missing USER | https://codepathfinder.dev/registry/docker/security/DOCKER-SEC-001 |
| Weak Cipher (RC4) | https://codepathfinder.dev/registry/python/cryptography/PYTHON-CRYPTO-SEC-001 |
| JWT Hardcoded Secret | https://codepathfinder.dev/registry/python/jwt/PYTHON-JWT-SEC-001 |
| Apache-2.0 | https://github.com/shivasurya/code-pathfinder/blob/main/LICENSE |
Viewport: width=device-width, initial-scale=1
Robots: index, follow