I have a Lambda written in Java and it does XSL transformation
We tried an XXE attack exposing etc/passwd file
Is this an issue I believe AWS will take care of such things ? Not sure though.
Or should we specifically handle such security in Lambda code?
In this white paper https://pages.awscloud.com/rs/112-TZM-766/images/Overview-AWS-Lambda-Security.pdf
"1. chroot – Provide scoped access to the underlying filesystem. 2. "OS & network" is the responsibility of AWS"
AWS are responsible for patching and maintaining the operating system and runtime. But if you intentionally introduce an XXE vulnerability that's your responsibility to secure.
While exposing /etc/passwd on a lambda function -- where you're a low-privilege sandboxed user isn't highly critical, there are other issues that could come into play.
For example, if they could run the exploit to expose the environment variables within the function, they could obtain the AWS API keys for the IAM role that the function runs in -- and from there access whatever the function could access.
It might also be able to read and extract data from anything in the /tmp and /var/task directory, which hold temporary files and your code/binary respectively.
An XXE vulnerability is not something within the purview of AWS, this is a vulnerability introduced by your application code -- you should fix it.