Secrets rotation lambda is affected by CWE-117 and CWE-93

[Niffy]

When looking in AWS inspector it appears the lambda for secret rotation is vulnerable to the following log injection CWEs
CWE-117
CWE-93

User-provided inputs must be sanitized before they are logged. An attacker can use unsanitized input to break a log's integrity, forge log entries, or bypass log monitors.

It marks the severity as high.

The finding occurs here
https://github.com/aws-samples/aws-secrets-manager-rotation-lambdas/blob/master/SecretsManagerRDSPostgreSQLRotationSingleUser/lambda_function.py#L59

logger.error("Secret %s is not enabled for rotation" % arn)

Having this resolved would be great and means we have no vulnerabilities that are high on our account.

[seetamraju]

Echoing: High Severity.

PR # 159 created.
#159

[simonmarty]

These rotation lambdas do not take end user defined input. This is not a high severity issue.

[kellerassel007]

Please fix this Inspector finding, we have this as well in big enterprise company.