AshrafAkon
commented
3 years ago I tried to look for updated articles on this issue. But couldn't find any. The article you provided is from long ago. Back in the day, these kinds of bugs were common. We have some plus points on our side. The first one is we will be using laravel's built in functions to write/update files on s3. If raw php was used there could be potential bugs. But laravel is checked by thousands of developers so if this bug exists we would know.
Secondly, we are storing the images on a different system (s3). Which separates our main system from the image storage. Also when uploading we are only doing read/writes (moving one file from one place to another place). Thirdly I am trying to only use well known packages that are well tested with file io. So in theory we should be fine.
The lambda function that we are using wont have list permission. So it wont be able to see the list of files. So every file it processes should be known beforehand. The files are secure hashes. So they cant be guessed.
There is always a chance of bugs that we dont know yet. We can only try our best so this kind of things doesnt happe. Good luck to us.
Should we sandbox/create&destroy any environments/functions so that any hidden code can't be executed or stored?
https://stackoverflow.com/questions/9675941/how-can-a-virus-exist-in-an-image