René's URL Explorer Experiment


Title: AWS Lambda Security Rules for Python - 14 SAST Rules | Code Pathfinder | Code Pathfinder

Open Graph Title: AWS Lambda - Python Security Rules | Code Pathfinder

X Title: AWS Lambda - Python Rules

Description: AWS Lambda rules for Python. Explore 14 security rules for Python covering AWS Lambda. AI-powered SAST with zero false positives.

Open Graph Description: AWS Lambda rules for Python. Browse 14 rules for Python.

X Description: 14 security rules for Python. AWS Lambda rules for Python

Keywords:

Opengraph URL: https://codepathfinder.dev/registry/python/aws_lambda

X: @sshivasurya

direct link

Domain: codepathfinder.dev


Hey, it has json ld scripts:
{"@context":"https://schema.org","@type":"WebSite","name":"Code Pathfinder","url":"https://codepathfinder.dev","potentialAction":{"@type":"SearchAction","target":"https://codepathfinder.dev/registry?q={search_term_string}","query-input":"required name=search_term_string"}}
{"@context":"https://schema.org","@type":"Organization","name":"Code Pathfinder","url":"https://codepathfinder.dev","logo":"https://codepathfinder.dev/icon.svg","sameAs":["https://github.com/shivasurya/code-pathfinder","https://x.com/sshivasurya"]}

authorCode Pathfinder Team
googlebotindex, follow
og:site_nameCode Pathfinder
og:localeen_US
og:typewebsite
twitter:cardsummary_large_image
twitter:creator@sshivasurya

Links:

/code pathfinder.|https://codepathfinder.dev/
Homehttps://codepathfinder.dev/
Docshttps://codepathfinder.dev/docs
Registryhttps://codepathfinder.dev/registry
SDKRefhttps://codepathfinder.dev/sdk
MCPAIhttps://codepathfinder.dev/mcp
Bloghttps://codepathfinder.dev/blog
SecureFlow AIhttps://codepathfinder.dev/secureflow-ai
https://github.com/shivasurya/code-pathfinder
Get Startedhttps://codepathfinder.dev/docs/quickstart
Registryhttps://codepathfinder.dev/registry
Pythonhttps://codepathfinder.dev/registry/python
Lambda Command Injection via os.system()CRITICALLambda event data flows to os.system(), enabling arbitrary OS command execution inside the Lambda execution environment.pythonawslambdacommand-injectionos-systemshelltaint-analysisinter-proceduralCWE-78OWASP-A03CWE-78Updated 2026-04-13https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-001
Lambda Command Injection via subprocessCRITICALLambda event data flows to subprocess with shell=True or as a string command, enabling OS command injection in the Lambda execution environment.pythonawslambdacommand-injectionsubprocessshelltaint-analysisinter-proceduralCWE-78OWASP-A03CWE-78Updated 2026-04-13https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-002
Lambda Command Injection via os.spawn*()CRITICALLambda event data flows to os.spawn*() functions, enabling process execution with attacker-controlled arguments in the Lambda execution environment.pythonawslambdacommand-injectionos-spawntaint-analysisinter-proceduralCWE-78OWASP-A03CWE-78Updated 2026-04-13https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-003
Lambda Command Injection via asyncio.create_subprocess_shell()CRITICALLambda event data flows to asyncio.create_subprocess_shell(), enabling OS command injection in async Lambda handlers.pythonawslambdacommand-injectionasynciocreate-subprocess-shelltaint-analysisinter-proceduralCWE-78OWASP-A03CWE-78Updated 2026-04-13https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-004
Lambda Command Injection via asyncio.create_subprocess_exec()CRITICALLambda event data flows to asyncio.create_subprocess_exec(), enabling argument injection in async Lambda handlers.pythonawslambdacommand-injectionasynciocreate-subprocess-execargument-injectiontaint-analysisinter-proceduralCWE-78OWASP-A03CWE-78Updated 2026-04-13https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-005
Lambda SQL Injection via psycopg2 cursor.execute()CRITICALLambda event data flows to psycopg2 cursor.execute() without parameterization, enabling SQL injection against RDS PostgreSQL or Aurora PostgreSQL backends.pythonawslambdasql-injectionpsycopg2postgresqlrdsaurorataint-analysisinter-proceduralCWE-89OWASP-A03CWE-89Updated 2026-04-13https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-011
Lambda SQL Injection via pymssql cursor.execute()CRITICALLambda event data flows to pymssql cursor.execute() without parameterization, enabling SQL injection against RDS SQL Server backends.pythonawslambdasql-injectionpymssqlsql-serverrdstaint-analysisinter-proceduralCWE-89OWASP-A03CWE-89Updated 2026-04-13https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-012
Lambda SQL Injection via PyMySQL cursor.execute()CRITICALLambda event data flows to PyMySQL cursor.execute() without parameterization, enabling SQL injection against RDS MySQL or Aurora MySQL backends via the pure-Python driver.pythonawslambdasql-injectionpymysqlmysqlrdsaurorataint-analysisinter-proceduralCWE-89OWASP-A03CWE-89Updated 2026-04-13https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-013
Lambda SQL Injection via SQLAlchemy execute()CRITICALLambda event data flows to SQLAlchemy session.execute() or connection.execute() without bound parameters, enabling SQL injection against any RDS backend.pythonawslambdasql-injectionsqlalchemyrdstaint-analysisinter-proceduralCWE-89OWASP-A03CWE-89Updated 2026-04-13https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-014
Lambda Tainted SQL String ConstructionHIGHLambda event data is used in SQL string construction via f-strings or concatenation before being passed to a database execute call, enabling SQL injection.pythonawslambdasql-injectionstring-constructionf-stringconcatenationtaint-analysisinter-proceduralCWE-89OWASP-A03CWE-89Updated 2026-04-13https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-015
Lambda DynamoDB FilterExpression InjectionHIGHLambda event data flows to a DynamoDB FilterExpression string, enabling expression manipulation in serverless DynamoDB scan and query operations.pythonawslambdadynamodbnosql-injectionfilter-expressionserverlesstaint-analysisinter-proceduralCWE-943OWASP-A03CWE-943Updated 2026-04-13https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-016
Lambda XSS via Tainted HTML Response BodyHIGHLambda event data is embedded directly in an HTML response body returned to API Gateway, enabling Cross-Site Scripting attacks against end users.pythonawslambdaxsshtml-responseapi-gatewaytaint-analysisinter-proceduralCWE-79OWASP-A03CWE-79Updated 2026-04-13https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-020
Lambda Code Injection via eval() or exec()CRITICALLambda event data flows to eval() or exec(), enabling arbitrary Python code execution with the full permissions of the Lambda execution environment.pythonawslambdacode-injectionevalexecrcetaint-analysisinter-proceduralCWE-95OWASP-A03CWE-95Updated 2026-04-13https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-022
Lambda Remote Code Execution via Pickle DeserializationCRITICALLambda event data flows to pickle.loads() or pickle.load(), enabling arbitrary Python code execution during deserialization of attacker-controlled bytes.pythonawslambdadeserializationpicklercetaint-analysisinter-proceduralCWE-502OWASP-A08CWE-502Updated 2026-04-13https://codepathfinder.dev/registry/python/aws_lambda/PYTHON-LAMBDA-SEC-023
Cryptography23 ruleshttps://codepathfinder.dev/registry/python/cryptography
Django23 ruleshttps://codepathfinder.dev/registry/python/django
Flask21 ruleshttps://codepathfinder.dev/registry/python/flask
JWT5 ruleshttps://codepathfinder.dev/registry/python/jwt
Python Core54 ruleshttps://codepathfinder.dev/registry/python/lang
Pyramid2 ruleshttps://codepathfinder.dev/registry/python/pyramid
Deserialization1 ruleshttps://codepathfinder.dev/registry/python/deserialization
Back to Python Categorieshttps://codepathfinder.dev/registry/python
All Languages →https://codepathfinder.dev/registry
View full registryhttps://codepathfinder.dev/registry
Docker37 rules, 4 categorieshttps://codepathfinder.dev/registry/docker
Audit2https://codepathfinder.dev/registry/docker/audit
Best Practice28https://codepathfinder.dev/registry/docker/best-practice
Correctness3https://codepathfinder.dev/registry/docker/correctness
Security4https://codepathfinder.dev/registry/docker/security
Docker Compose10 rules, 1 categorieshttps://codepathfinder.dev/registry/docker-compose
Security10https://codepathfinder.dev/registry/docker-compose/security
Python143 rules, 8 categorieshttps://codepathfinder.dev/registry/python
AWS Lambda14https://codepathfinder.dev/registry/python/aws_lambda
Cryptography23https://codepathfinder.dev/registry/python/cryptography
Django23https://codepathfinder.dev/registry/python/django
Flask21https://codepathfinder.dev/registry/python/flask
JWT5https://codepathfinder.dev/registry/python/jwt
Python Core54https://codepathfinder.dev/registry/python/lang
Pyramid2https://codepathfinder.dev/registry/python/pyramid
Deserialization1https://codepathfinder.dev/registry/python/deserialization
Go21 rules, 1 categorieshttps://codepathfinder.dev/registry/golang
Security21https://codepathfinder.dev/registry/golang/security
/code pathfinder.https://codepathfinder.dev/
https://github.com/shivasurya/code-pathfinder
https://twitter.com/sshivasurya
https://www.linkedin.com/in/shivasurya/
https://codepathfinder.dev/blog/feed.xml
Star on GitHubhttps://github.com/shivasurya/code-pathfinder
SecureFlow AIhttps://codepathfinder.dev/secureflow-ai
MCP Serverhttps://codepathfinder.dev/mcp
Docker MCPhttps://codepathfinder.dev/docs/mcp/docker-mcp
Documentationhttps://codepathfinder.dev/docs
Registryhttps://codepathfinder.dev/registry
Docshttps://codepathfinder.dev/docs
Bloghttps://codepathfinder.dev/blog
Changeloghttps://codepathfinder.dev/docs/changelog
GitHubhttps://github.com/shivasurya/code-pathfinder
Contributinghttps://github.com/shivasurya/code-pathfinder/blob/main/CONTRIBUTING.md
Code of Conducthttps://github.com/shivasurya/code-pathfinder/blob/main/CODE_OF_CONDUCT.md
Report Bughttps://github.com/shivasurya/code-pathfinder/issues
Discussionshttps://github.com/shivasurya/code-pathfinder/discussions
Django SQL Injectionhttps://codepathfinder.dev/registry/python/django/PYTHON-DJANGO-SEC-001
Flask SSTIhttps://codepathfinder.dev/registry/python/flask/PYTHON-FLASK-SEC-002
Dangerous eval()https://codepathfinder.dev/registry/python/lang/PYTHON-LANG-SEC-001
Missing USERhttps://codepathfinder.dev/registry/docker/security/DOCKER-SEC-001
Weak Cipher (RC4)https://codepathfinder.dev/registry/python/cryptography/PYTHON-CRYPTO-SEC-001
JWT Hardcoded Secrethttps://codepathfinder.dev/registry/python/jwt/PYTHON-JWT-SEC-001
Apache-2.0https://github.com/shivasurya/code-pathfinder/blob/main/LICENSE

Viewport: width=device-width, initial-scale=1

Robots: index, follow


URLs of crawlers that visited me.