boto3 fails to marshall the securityhub.client.get_findings response when the description value has an escaped \' single quote

[netvisao]

Describe the bug

boto3 fails to marshall the securityhub.client.get_findings response when the description value of a finding has an escaped ' single quote .

Regression Issue

• Select this option if this issue appears to be a regression.

Expected Behavior

The security hub client should be able to construct a list of findings even when the description has an escaped single quote.

Current Behavior

The security hub client is not able to construct a list of findings when the description has an escaped single quote, the client raises the exception

"errorType": "AttributeError",
"requestId": "b46b9d3e-85d7-40f5-8328-bb52bc3528b6",
"stackTrace": [
" File "/var/task/lambda_function.py", line 203, in lambda_handler\n account_findings = get_sechub_findings(security_hub,event)\n",
" File "/var/task/lambda_function.py", line 172, in get_sechub_findings\n raise e\n",
" File "/var/task/lambda_function.py", line 168, in get_sechub_findings\n response = client.get_findings(**get_findings_params)\n",
" File "/var/lang/lib/python3.12/site-packages/botocore/client.py", line 565, in _api_call\n return self._make_api_call(operation_name, kwargs)\n",
" File "/var/lang/lib/python3.12/site-packages/botocore/client.py", line 1001, in _make_api_call\n http, parsed_response = self._make_request(\n",
" File "/var/lang/lib/python3.12/site-packages/botocore/client.py", line 1027, in _make_request\n return self._endpoint.make_request(operation_model, request_dict)\n",
" File "/var/lang/lib/python3.12/site-packages/botocore/endpoint.py", line 119, in make_request\n return self._send_request(request_dict, operation_model)\n",
" File "/var/lang/lib/python3.12/site-packages/botocore/endpoint.py", line 199, in _send_request\n success_response, exception = self._get_response(\n",
" File "/var/lang/lib/python3.12/site-packages/botocore/endpoint.py", line 241, in _get_response\n success_response, exception = self._do_get_response(\n",
" File "/var/lang/lib/python3.12/site-packages/botocore/endpoint.py", line 308, in _do_get_response\n parsed_response = parser.parse(\n",
" File "/var/lang/lib/python3.12/site-packages/botocore/parsers.py", line 252, in```

Reproduction Steps

The sechub client get_findings response fails with the above exception with this finding that has an escaped single quote in the description

"Description":"This control checks whether Lambda function runtime settings match the expected values set for the supported runtimes in each language. The control fails if a Lambda function doesn\'t use a supported runtime.","Compliance":{"Status":"FAILED","SecurityControlId":"Lambda.2","AssociatedStandards":[{"StandardsId":"standards/aws-foundational-security-best-practices/v/1.0.0"}]}

Possible Solution

No response

Additional Information/Context

No response

SDK version used

The version provided by aws.lambda

Environment details (OS name and version, etc.)

AWS Lambda

[tim-finnigan]

Thanks for reaching out. We have received a few recent issue reports involving the Security Hub Get Findings API. There was an issue with the API model causing the botocore parsers to fail. The Security Hub team is in the process of deploying a fix for this. The issue you're reporting looks like it could be related.

To confirm, could you share your debug logs (with any sensitive info redacted) which you can get by adding boto3.set_stream_logger('') after importing boto3? Or could you share the complete error message that you are getting?

[netvisao]

These seems to have self resolved by AWS. I'll go ahead and close it.

Thank you

[github-actions]

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.