aws-sam-cli 正在参加 2021 年度 OSC 中国开源项目评选,请投票支持!
aws-sam-cli 在 2021 年度 OSC 中国开源项目评选 中已获得 {{ projectVoteCount }} 票,请投票支持!
2021 年度 OSC 中国开源项目评选 正在火热进行中,快来投票支持你喜欢的开源项目!
2021 年度 OSC 中国开源项目评选 >>> 中场回顾
aws-sam-cli 获得 2021 年度 OSC 中国开源项目评选「最佳人气项目」 !
授权协议 Apache-2.0 License
开发语言 JavaScript
操作系统 跨平台
软件类型 开源软件
所属分类 云计算Serverless 系统
地区 不详
投 递 者 首席测试
适用人群 未知
收录时间 2021-12-02



Apache-2.0 SAM CLI Version

The AWS Serverless Application Model (SAM) is an open-source framework for building serverless applications. It provides shorthand syntax to express functions, APIs, databases, and event source mappings. With just a few lines of configuration, you can define the application you want and model it.

Getting Started with AWS SAM

AWS SAM CLI help menu

Get Started

To get started with building SAM-based applications, use the SAM CLI. SAM CLI provides a Lambda-like execution environment that lets you locally build, test, debug, and deploy applications defined by SAM templates.

Next Steps: Learn to build a more complex serverless application.

Detailed References: Explains SAM commands and usage in depth.


  • Single-deployment configuration. SAM makes it easy to organize related components and resources, and operate on a single stack. You can use SAM to share configuration (such as memory and timeouts) between resources, and deploy all related resources together as a single, versioned entity.

  • Local debugging and testing. Use SAM CLI to locally build, test, and debug SAM applications on a Lambda-like execution environment. It tightens the development loop by helping you find & troubleshoot issues locally that you might otherwise identify only after deploying to the cloud.

  • Deep integration with development tools. You can use SAM with a suite of tools you love and use.

  • Built-in best practices. You can use SAM to define and deploy your infrastructure as configuration. This makes it possible for you to use and enforce best practices through code reviews. Also, with a few lines of configuration, you can enable safe deployments through CodeDeploy, and can enable tracing using AWS X-Ray.

  • Extension of AWS CloudFormation. Because SAM is an extension of AWS CloudFormation, you get the reliable deployment capabilities of AWS CloudFormation. You can define resources by using CloudFormation in your SAM template. Also, you can use the full suite of resources, intrinsic functions, and other template features that are available in CloudFormation.

What is this Github repository? 💻

This Github Repository contains source code for SAM CLI. Here is the development team talking about this code:

SAM CLI code is written in Python. Source code is well documented, very modular, with 95% unit test coverage. It uses this awesome Python library called Click to manage the command line interaction and uses Docker to run Lambda functions locally. We think you'll like the code base. Clone it and run make pr or ./Make -pr on Windows!

Contribute to SAM

We love our contributors ❤️ We have over 100 contributors who have built various parts of the product. Read this testimonial from @ndobryanskyy to learn more about what it was like contributing to SAM.

Depending on your interest and skill, you can help build the different parts of the SAM project;

Enhance the SAM Specification

Make pull requests, report bugs, and share ideas to improve the full SAM template specification. Source code is located on Github at awslabs/serverless-application-model. Read the SAM Specification Contributing Guide to get started.

Strengthen SAM CLI

Add new commands or enhance existing ones, report bugs, or request new features for the SAM CLI. Source code is located on Github at awslabs/aws-sam-cli. Read the SAM CLI Contributing Guide to get started.

Update SAM Developer Guide

SAM Developer Guide provides comprehensive getting started guide and reference documentation. Source code is located on Github at awsdocs/aws-sam-developer-guide. Read the SAM Documentation Contribution Guide to get started.

Join the SAM Community on Slack

Join the SAM developers channel (#samdev) on Slack to collaborate with fellow community members and the AWS SAM team.




{{o.pubDate | formatDate}}


{{parseInt(o.replyCount) | bigNumberTransform}}
{{parseInt(o.viewCount) | bigNumberTransform}}
{{o.pubDate | formatDate}}


{{parseInt(o.replyCount) | bigNumberTransform}}
{{parseInt(o.viewCount) | bigNumberTransform}}
NumPy 缓冲区错误漏洞
** 有争议 ** NumPy 1.9.x 中 ctors.c 的 PyArray_NewFromDescr_int 函数中存在缓冲区溢出漏洞,当从 Python 代码中指定大维度(超过 32 个)数组时,这可能会让恶意用户导致拒绝服务。注意:供应商不同意这是一个漏洞;在(非常有限的)情况下,用户可能会引发缓冲区溢出,用户很可能已经拥有至少通过耗尽内存来引发拒绝服务的特权。进一步触发此操作需要使用不常见的 API(复杂的结构化数据类型),非特权用户不太可能使用该 API。
CVE-2021-33430 MPS-2021-25101
2022-08-08 18:43
NumPy 安全漏洞
NumPy 1.22.0 之前的 numpy.core 组件中的不完整字符串比较允许攻击者通过构造特定字符串对象来触发稍微不正确的复制。注意:供应商声明此报告的代码行为是“完全无害的”。
CVE-2021-34141 MPS-2021-25631
2022-08-08 18:43
NumPy 安全漏洞
** 有争议 ** 由于缺少返回值验证,NumPy < 中的 numpy.sort 和 PyArray_DescrNew 函数中的 1.19 中存在空指针取消引用漏洞,这使得攻击者可以通过重复创建排序数组来进行 DoS 攻击。注意:虽然正确的是缺少验证,但只有内存耗尽才会发生错误。如果用户可以耗尽内存,则他们已经拥有特权。此外,实际上不可能构建一个可以针对恰好在此位置发生的内存耗尽的攻击。
CVE-2021-41495 MPS-2021-32278
2022-08-08 18:43
NumPy 安全漏洞
** DISPUTED ** NumPy < 1.19 中 fortranobject.c 的 array_from_pyobj 函数中的缓冲区溢出,这使得攻击者可以通过小心地构造具有负值的数组来进行拒绝服务攻击。注意:供应商不同意这是一个漏洞;负维度只能由已经拥有特权的用户(或内部)创建。
CVE-2021-41496 MPS-2021-32279
2022-08-08 18:43
0 评论
0 收藏