[BUG] sra-iam-password-policy leads to High Finding in Inspector #311
Description
Describe the bug
the Lambda function sra-iam-password-policy contains a line which leads to a High Finding in Inspector.
The Finding is desribed as follows:
CWE-117,93 - Log injection
Description
User-provided inputs must be sanitized before they are logged. An attacker can use unsanitized input to break a log's integrity, forge log entries, or bypass log monitors.
Solution summary
You have a log statement that might use unsanitized input originating from HTTP requests or AWS Lambda sources. Depending on the context, this could result in: 1. A log injection attack that breaks log integrity, forges log entries, or bypasses monitors that use the logs. To increase the security of your code, sanitize your inputs before logging them. Learn more 2. A sensitive information leak that exposes users' credentials, private information, or identifying information to an attacker. To preserve privacy in your code, redact sensitive user information before logging it. Learn more
The finding refers to the following line:
LOGGER.info(event_info)
Expected behavior
No findings should occur in SRA Lambdas
