template.yaml

AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: >
  test-lambda-python

  this is a test app which contains multiple vulnerabilities

# More info about Globals: https://github.com/awslabs/serverless-application-model/blob/master/docs/globals.rst
Globals:
  Function:
    Timeout: 300
    Environment:
      Variables:
        PYTHONPATH: "/opt/k2-python-collector:/var/runtime"
        K2_HOST_IP: 18.237.162.54
        K2_ENV: trace
        AWS_LAMBDA_ARN: arn:aws:lambda:us-west-2:733001177088:function:test-lambda-python-VulnerableApp-XQ3kB9yCI82J
        MONGO_URI: mongodb://18.237.162.54:27017/injectable1
        MYSQL_HOST: 18.237.162.54
        MYSQL_ROOT_PASSWORD: ''
        MYSQL_DB: K2test
        LDAP_HOST: ldap://18.237.162.54:1389
        LAMBDA_ENABLE_RESPONSE_BLOCKING: false

Resources:
  TestPythonVulnerableAppRole:
    Type: AWS::IAM::Role
    Properties:
      RoleName: TestPythonVulnerableAppRole
      AssumeRolePolicyDocument:
        Version: 2012-10-17
        Statement:
          - Effect: Allow
            Principal:
              Service: [lambda.amazonaws.com]
            Action: ['sts:AssumeRole']
      ManagedPolicyArns:
        - arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole
        - arn:aws:iam::aws:policy/service-role/AWSLambdaRole
        - arn:aws:iam::aws:policy/service-role/AWSLambdaVPCAccessExecutionRole
  VulnerableApp:
    Type: AWS::Serverless::Function # More info about Function Resource: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#awsserverlessfunction
    Properties:
      CodeUri: .
      Handler: src/app.lambda_handler
      Runtime: python3.8
      Layers:
          - arn:aws:lambda:us-west-2:733001177088:layer:K2-PC:218
      Events:
        VulnerableApi:
          Type: Api # More info about API Event Source: https://github.com/awslabs/serverless-application-model/blob/master/versions/2016-10-31.md#api
          Properties:
            Path: /{param1}
            Method: POST

Outputs:
  # ServerlessRestApi is an implicit API created out of Events key under Serverless::Function
  # Find out more about other implicit resources you can reference within SAM
  # https://github.com/awslabs/serverless-application-model/blob/master/docs/internals/generated_resources.rst#api
  VulnerableApi:
    Description: "API Gateway endpoint URL for Staging stage for Vulnerable app function"
    Value: !Sub "https://${ServerlessRestApi}.execute-api.${AWS::Region}.amazonaws.com/Stage/hello"
  VulnerableApp:
    Description: "Vulnerable app Lambda Function ARN"
    Value: !GetAtt VulnerableApp.Arn
  VulnerableAppIamRole:
    Description: "Explicit IAM Role created for Vulnerable app"
    Value: !GetAtt TestPythonVulnerableAppRole.Arn