Investigate possibility of code injection attacks #17
Description
This is vague fear I have about expoing cfn_nag a service.... it takes arbitrary json/yml.... and then on the backend there is a lot of eval magic with rules and such. Need to spend some quality time to see if there a code injection exploit or at least make sure we are doing the strictest lockdown/parse of the json/yml as possible.