Code Security Report: 18 high severity findings, 27 total findings

[mend-for-github-com]

Code Security Report

Scan Metadata

Latest Scan: 2024-11-08 09:47pm
Total Findings: 27 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 134
Detected Programming Languages: 2 (Go, Python)

• Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Date
High	Insecure File Permissions	CWE-732	loopback_fs.go:256	1	2024-09-18 05:02pm
Vulnerable Code cloudfuse/component/loopback/loopback_fs.go Lines 251 to 256 in 219b0d1 func (lfs *LoopbackFS) ReadInBuffer(options internal.ReadInBufferOptions) (int, error) { log.Trace("LoopbackFS::ReadInBuffer : name=%s", options.Handle.Path) f := options.Handle.GetFileObject() if f == nil { f1, err := os.OpenFile(filepath.Join(lfs.path, options.Handle.Path), os.O_RDONLY, 0666) 1 Data Flow/s detected cloudfuse/component/loopback/loopback_fs.go Line 256 in 219b0d1 f1, err := os.OpenFile(filepath.Join(lfs.path, options.Handle.Path), os.O_RDONLY, 0666) Secure Code Warrior Training Material
High	Insecure Directory Permissions	CWE-732	mount.go:168	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/cmd/mount.go Lines 163 to 168 in 219b0d1 return fmt.Errorf("default work dir '%s' is not a directory", common.DefaultWorkDir) } if err != nil && os.IsNotExist(err) { // create the default work dir if err = os.MkdirAll(common.ExpandPath(common.DefaultWorkDir), 0777); err != nil { 1 Data Flow/s detected cloudfuse/cmd/mount.go Line 168 in 219b0d1 if err = os.MkdirAll(common.ExpandPath(common.DefaultWorkDir), 0777); err != nil { Secure Code Warrior Training Material
High	Insecure Directory Permissions	CWE-732	mount_all.go:329	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/cmd/mount_all.go Lines 324 to 329 in 219b0d1 if options.SecureConfig { contConfigFile = contConfigFile + SecureConfigExtension } if _, err := os.Stat(contMountPath); os.IsNotExist(err) { err = os.MkdirAll(contMountPath, 0777) 1 Data Flow/s detected cloudfuse/cmd/mount_all.go Line 329 in 219b0d1 err = os.MkdirAll(contMountPath, 0777) Secure Code Warrior Training Material
High	Insecure Directory Permissions	CWE-732	block_cache_linux.go:970	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/component/block_cache/block_cache_linux.go Lines 965 to 970 in 219b0d1 } item.block.endIndex = item.block.offset + uint64(n) if bc.tmpPath != "" { err := os.MkdirAll(filepath.Dir(localPath), 0777) 1 Data Flow/s detected cloudfuse/component/block_cache/block_cache_linux.go Line 970 in 219b0d1 err := os.MkdirAll(filepath.Dir(localPath), 0777) Secure Code Warrior Training Material
High	Insecure File Permissions	CWE-732	base_logger.go:130	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/common/log/base_logger.go Lines 125 to 130 in 219b0d1 l.fileConfig.LogFile = name if l.logFileHandle != nil { if name == "stdout" { l.logFileHandle = os.Stdout } else { f, err := os.OpenFile(name, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644) 1 Data Flow/s detected cloudfuse/common/log/base_logger.go Line 130 in 219b0d1 f, err := os.OpenFile(name, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644) Secure Code Warrior Training Material
High	Insecure File Permissions	CWE-732	stats_manager_linux.go:160	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/internal/stats_manager/stats_manager_linux.go Lines 155 to 160 in 219b0d1 disableMonitoring() return } // open transfer pipe tf, err := os.OpenFile(common.TransferPipe, os.O_CREATE|os.O_WRONLY, 0777) 1 Data Flow/s detected cloudfuse/internal/stats_manager/stats_manager_linux.go Line 160 in 219b0d1 tf, err := os.OpenFile(common.TransferPipe, os.O_CREATE|os.O_WRONLY, 0777) Secure Code Warrior Training Material
High	Insecure File Permissions	CWE-732	stats_manager_linux.go:51	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/internal/stats_manager/stats_manager_linux.go Lines 46 to 51 in 219b0d1 log.Err("stats_manager::statsDumper : [%v]", err) disableMonitoring() return } f, err := os.OpenFile(common.TransferPipe, os.O_CREATE|os.O_WRONLY, 0777) 1 Data Flow/s detected cloudfuse/internal/stats_manager/stats_manager_linux.go Line 51 in 219b0d1 f, err := os.OpenFile(common.TransferPipe, os.O_CREATE|os.O_WRONLY, 0777) Secure Code Warrior Training Material
High	Insecure File Permissions	CWE-732	stats_export.go:278	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/tools/health-monitor/internal/stats_export.go Lines 273 to 278 in 219b0d1 fname = fmt.Sprintf("%v_%v.%v", baseName, hmcommon.Pid, hmcommon.OutputFileExtension) fnameNew = fmt.Sprintf("%v_%v_1.%v", baseName, hmcommon.Pid, hmcommon.OutputFileExtension) _ = os.Rename(fname, fnameNew) fname = fmt.Sprintf("%v_%v.%v", baseName, hmcommon.Pid, hmcommon.OutputFileExtension) se.opFile, err = os.OpenFile(fname, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0755) 1 Data Flow/s detected cloudfuse/tools/health-monitor/internal/stats_export.go Line 278 in 219b0d1 se.opFile, err = os.OpenFile(fname, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0755) Secure Code Warrior Training Material
High	Insecure File Permissions	CWE-732	stats_reader_linux.go:87	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/tools/health-monitor/monitor/cloudfuse_stats/stats_reader_linux.go Lines 82 to 87 in 219b0d1 if err != nil { log.Err("StatsReader::statsPoll : [%v]", err) return } pf, err := os.OpenFile(cfs.pollingPipe, os.O_CREATE|os.O_WRONLY, 0777) 1 Data Flow/s detected cloudfuse/tools/health-monitor/monitor/cloudfuse_stats/stats_reader_linux.go Line 87 in 219b0d1 pf, err := os.OpenFile(cfs.pollingPipe, os.O_CREATE|os.O_WRONLY, 0777) Secure Code Warrior Training Material
High	Insecure File Permissions	CWE-732	cache_policy.go:106	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/component/file_cache/cache_policy.go Lines 101 to 106 in 219b0d1 err := os.Remove(name) if err != nil && os.IsPermission(err) { // File is not having delete permissions so change the mode and retry deletion log.Warn("cachePolicy::deleteFile : failed to delete %s due to permission", name) err = os.Chmod(name, os.FileMode(0666)) 1 Data Flow/s detected cloudfuse/component/file_cache/cache_policy.go Line 106 in 219b0d1 err = os.Chmod(name, os.FileMode(0666)) Secure Code Warrior Training Material

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	Command Injection	CWE-78	Go	1
High	File Manipulation	CWE-73	Go	4
High	Path/Directory Traversal	CWE-22	Python	2
High	Insecure Directory Permissions	CWE-732	Go	3
High	Insecure File Permissions	CWE-732	Go	8
Medium	Miscellaneous Dangerous Functions	CWE-676	Python	1
Medium	Heap Inspection	CWE-244	Go	8