cloudfuse icon indicating copy to clipboard operation
cloudfuse copied to clipboard

Code Security Report: 18 high severity findings, 28 total findings

Open mend-for-github-com[bot] opened this issue 1 year ago • 0 comments

Code Security Report

Scan Metadata

Latest Scan: 2024-09-27 09:49pm Total Findings: 28 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 134 Detected Programming Languages: 2 (Go, Python)

  • [ ] Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

SeverityVulnerability TypeCWEFileData FlowsDate
HighInsecure File Permissions

CWE-732

loopback_fs.go:256

12024-09-18 05:02pm
Vulnerable Code

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/component/loopback/loopback_fs.go#L251-L256

1 Data Flow/s detected

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/component/loopback/loopback_fs.go#L256

Secure Code Warrior Training Material
 
HighInsecure Directory Permissions

CWE-732

mount.go:168

12024-04-02 02:23pm
Vulnerable Code

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/cmd/mount.go#L163-L168

1 Data Flow/s detected

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/cmd/mount.go#L168

Secure Code Warrior Training Material
 
HighInsecure Directory Permissions

CWE-732

block_cache_linux.go:970

12024-04-02 02:23pm
Vulnerable Code

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/component/block_cache/block_cache_linux.go#L965-L970

1 Data Flow/s detected

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/component/block_cache/block_cache_linux.go#L970

Secure Code Warrior Training Material
 
HighInsecure Directory Permissions

CWE-732

mount_all.go:329

12024-04-02 02:23pm
Vulnerable Code

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/cmd/mount_all.go#L324-L329

1 Data Flow/s detected

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/cmd/mount_all.go#L329

Secure Code Warrior Training Material
 
HighInsecure File Permissions

CWE-732

stats_manager_linux.go:160

12024-04-02 02:23pm
Vulnerable Code

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/internal/stats_manager/stats_manager_linux.go#L155-L160

1 Data Flow/s detected

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/internal/stats_manager/stats_manager_linux.go#L160

Secure Code Warrior Training Material
 
HighInsecure File Permissions

CWE-732

stats_manager_linux.go:51

12024-04-02 02:23pm
Vulnerable Code

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/internal/stats_manager/stats_manager_linux.go#L46-L51

1 Data Flow/s detected

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/internal/stats_manager/stats_manager_linux.go#L51

Secure Code Warrior Training Material
 
HighInsecure File Permissions

CWE-732

stats_export.go:278

12024-04-02 02:23pm
Vulnerable Code

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/tools/health-monitor/internal/stats_export.go#L273-L278

1 Data Flow/s detected

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/tools/health-monitor/internal/stats_export.go#L278

Secure Code Warrior Training Material
 
HighInsecure File Permissions

CWE-732

stats_reader_linux.go:87

12024-04-02 02:23pm
Vulnerable Code

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/tools/health-monitor/monitor/cloudfuse_stats/stats_reader_linux.go#L82-L87

1 Data Flow/s detected

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/tools/health-monitor/monitor/cloudfuse_stats/stats_reader_linux.go#L87

Secure Code Warrior Training Material
 
HighInsecure File Permissions

CWE-732

cache_policy.go:106

12024-04-02 02:23pm
Vulnerable Code

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/component/file_cache/cache_policy.go#L101-L106

1 Data Flow/s detected

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/component/file_cache/cache_policy.go#L106

Secure Code Warrior Training Material
 
HighInsecure File Permissions

CWE-732

base_logger.go:186

12024-04-02 02:23pm
Vulnerable Code

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/common/log/base_logger.go#L181-L186

1 Data Flow/s detected

https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/common/log/base_logger.go#L186

Secure Code Warrior Training Material

Findings Overview

Severity Vulnerability Type CWE Language Count
High Command Injection CWE-78 Go 1
High File Manipulation CWE-73 Go 4
High Path/Directory Traversal CWE-22 Python 2
High Insecure Directory Permissions CWE-732 Go 3
High Insecure File Permissions CWE-732 Go 8
Medium Miscellaneous Dangerous Functions CWE-676 Python 1
Medium Heap Inspection CWE-244 Go 8
Low Weak Hash Strength CWE-916 Go 1