Apparently insecure use of wildcards #7
Description
Our research team at Tenchi found some apparently insecure use of wildcards (*) in your Custom Lambda Authorizer. Precisely here. When you use wildcards anywhere in policies resources other than in the very end and after a slash, you're very likely to be allowing your users to access more API endpoints than you intended. This is because the wildcard (*) doesn't stop expanding at slashes (/), as the AWS documentation stated up until very recently. For clarification, please check out our blog post about the subject at Tenchi Security