Code Security Report: 18 high severity findings, 28 total findings

Open mend-for-github-com[bot] opened this issue 1 year ago • 0 comments

Code Security Report

Scan Metadata

Latest Scan: 2024-09-27 09:49pm Total Findings: 28 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 134 Detected Programming Languages: 2 (Go, Python)

[ ] Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Date
High	Insecure File Permissions	CWE-732	loopback_fs.go:256	1	2024-09-18 05:02pm
Vulnerable Code https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/component/loopback/loopback_fs.go#L251-L256 1 Data Flow/s detected https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/component/loopback/loopback_fs.go#L256 Secure Code Warrior Training Material

High	Insecure Directory Permissions	CWE-732	mount.go:168	1	2024-04-02 02:23pm
Vulnerable Code https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/cmd/mount.go#L163-L168 1 Data Flow/s detected https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/cmd/mount.go#L168 Secure Code Warrior Training Material

High	Insecure Directory Permissions	CWE-732	block_cache_linux.go:970	1	2024-04-02 02:23pm
Vulnerable Code https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/component/block_cache/block_cache_linux.go#L965-L970 1 Data Flow/s detected https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/component/block_cache/block_cache_linux.go#L970 Secure Code Warrior Training Material

High	Insecure Directory Permissions	CWE-732	mount_all.go:329	1	2024-04-02 02:23pm
Vulnerable Code https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/cmd/mount_all.go#L324-L329 1 Data Flow/s detected https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/cmd/mount_all.go#L329 Secure Code Warrior Training Material

High	Insecure File Permissions	CWE-732	stats_manager_linux.go:160	1	2024-04-02 02:23pm
Vulnerable Code https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/internal/stats_manager/stats_manager_linux.go#L155-L160 1 Data Flow/s detected https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/internal/stats_manager/stats_manager_linux.go#L160 Secure Code Warrior Training Material

High	Insecure File Permissions	CWE-732	stats_manager_linux.go:51	1	2024-04-02 02:23pm
Vulnerable Code https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/internal/stats_manager/stats_manager_linux.go#L46-L51 1 Data Flow/s detected https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/internal/stats_manager/stats_manager_linux.go#L51 Secure Code Warrior Training Material

High	Insecure File Permissions	CWE-732	stats_export.go:278	1	2024-04-02 02:23pm
Vulnerable Code https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/tools/health-monitor/internal/stats_export.go#L273-L278 1 Data Flow/s detected https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/tools/health-monitor/internal/stats_export.go#L278 Secure Code Warrior Training Material

High	Insecure File Permissions	CWE-732	stats_reader_linux.go:87	1	2024-04-02 02:23pm
Vulnerable Code https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/tools/health-monitor/monitor/cloudfuse_stats/stats_reader_linux.go#L82-L87 1 Data Flow/s detected https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/tools/health-monitor/monitor/cloudfuse_stats/stats_reader_linux.go#L87 Secure Code Warrior Training Material

High	Insecure File Permissions	CWE-732	cache_policy.go:106	1	2024-04-02 02:23pm
Vulnerable Code https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/component/file_cache/cache_policy.go#L101-L106 1 Data Flow/s detected https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/component/file_cache/cache_policy.go#L106 Secure Code Warrior Training Material

High	Insecure File Permissions	CWE-732	base_logger.go:186	1	2024-04-02 02:23pm
Vulnerable Code https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/common/log/base_logger.go#L181-L186 1 Data Flow/s detected https://github.com/Seagate/cloudfuse/blob/9042e9bf46a1575eef084c097f6696854e254d48/common/log/base_logger.go#L186 Secure Code Warrior Training Material

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	Command Injection	CWE-78	Go	1
High	File Manipulation	CWE-73	Go	4
High	Path/Directory Traversal	CWE-22	Python	2
High	Insecure Directory Permissions	CWE-732	Go	3
High	Insecure File Permissions	CWE-732	Go	8
Medium	Miscellaneous Dangerous Functions	CWE-676	Python	1
Medium	Heap Inspection	CWE-244	Go	8
Low	Weak Hash Strength	CWE-916	Go	1

Apr 02 '24 14:04 mend-for-github-com[bot]