search

aws / aws-cli

Universal Command Line Interface for Amazon Web Services
Other
15.54k stars 4.13k forks source link

Incorrect aws lambda update-function-code --image-uri parameters will result in enormous amounts of text printed to console/logs #8406

Open tjames-stig opened 10 months ago

tjames-stig commented 10 months ago

Describe the bug

When running aws lambda update-function-code, it's somewhat easy to mix up parameters, and accidentally invoking --image-uri when --zip-file was intended, for example with:

awscli lambda update-function-code --function-name ExampleFunction --image-uri fileb://bootstrap.zip --publish

This will result in an error message that will dump the entire contents of bootstrap.zip, hex-decoded, into standard output or logs. This could be a statically compiled go application, or potentially a 50MB zip file, which will be hex-decoded into potentially hundreds of megabytes, all dumped into the console or into server logs and occupying enormous amounts of space after a few erroneous invocations.

This misconfigured command was run in a CI/CD pipeline and could have consumed an enormous amount of space in logs.

Expected Behavior

a truncated error message, or rejecting a fileb:// uri for an --image-uri

Current Behavior

aws-cli will dump the entire hex-decoded binary contents of bootstrap.zip to standard out

Reproduction Steps

run aws lambda update-function-code --function-name ExampleFunction --image-uri fileb://bootstrap.zip where bootstrap.zip is any sort of zip file.

Possible Solution

detect an incorrect fileb:// parameter to --image-uri, or otherwise truncate the error string to a maximum length. Give a descriptive error that the incorrect format of an image-uri was provided, without printing the entire multi-megabyte hex-decoded version of the erroneously provided file.

Additional Information/Context

No response

CLI version used

2.13.35

Environment details (OS name and version, etc.)

Codebuild, running the aws/codebuild/amazonlinux2-x86_64-standard:5.0 image

amberkushwaha commented 5 months ago

power markdown is supported paste drop or click to add files in it for future and redeem the process.

RyanFitzSimmonsAK commented 4 months ago

HI @tjames-stig, thanks for the detailed bug report. I was able to reproduce this behavior, and agree this is not ideal. It looks like this validation is happening client side, so the CLI team will have to fix this rather than the service team. I've created a backlog item to address this, but I cannot provide a specific timeline for implementation.