Skip to content

Code Security Report: 1 high severity findings, 10 total findings [develop] #40

Open
Open
Code Security Report: 1 high severity findings, 10 total findings [develop]#40
Labels
Mend: code security findingsCode security findings detected by Mend
@mend-for-github-com

Description

@mend-for-github-com
mend-for-github-com
bot
opened on Jan 15, 2025

Code Security Report

Scan Metadata

Latest Scan: 2025-01-15 05:08pm
Total Findings: 10 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 143
Detected Programming Languages: 2 (C/C++ (Beta), Python*)

  • Check this box to manually trigger a scan

Finding Details

SeverityVulnerability TypeCWEFileData FlowsDetected
HighBuffer Overflow

CWE-121

seccomp.c:109

32025-01-15 05:09pm
Vulnerable Code

bpftrace/scripts/seccomp.c

Lines 104 to 109 in ffd9be3

// Copy command to a new string
int keysize = substr - str;
char* buf = malloc((keysize + 1) * sizeof(char));
assert(buf != NULL);
strncpy(buf, str, keysize);

3 Data Flow/s detected
View Data Flow 1

bpftrace/scripts/seccomp.c

Line 183 in ffd9be3

add_errno(&ctx, optarg);

bpftrace/scripts/seccomp.c

Line 95 in ffd9be3

int add_errno(scmp_filter_ctx* ctx, char* str)

bpftrace/scripts/seccomp.c

Line 109 in ffd9be3

strncpy(buf, str, keysize);

View Data Flow 2

bpftrace/scripts/seccomp.c

Line 183 in ffd9be3

add_errno(&ctx, optarg);

bpftrace/scripts/seccomp.c

Line 95 in ffd9be3

int add_errno(scmp_filter_ctx* ctx, char* str)

bpftrace/scripts/seccomp.c

Line 106 in ffd9be3

int keysize = substr - str;

bpftrace/scripts/seccomp.c

Line 109 in ffd9be3

strncpy(buf, str, keysize);

View Data Flow 3

bpftrace/scripts/seccomp.c

Line 183 in ffd9be3

add_errno(&ctx, optarg);

bpftrace/scripts/seccomp.c

Line 95 in ffd9be3

int add_errno(scmp_filter_ctx* ctx, char* str)

bpftrace/scripts/seccomp.c

Line 99 in ffd9be3

char* substr = strchr(str, ':');

bpftrace/scripts/seccomp.c

Line 106 in ffd9be3

int keysize = substr - str;

bpftrace/scripts/seccomp.c

Line 109 in ffd9be3

strncpy(buf, str, keysize);

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Buffer Overflow Training

● Videos

   ▪ Secure Code Warrior Buffer Overflow Video

 
MediumHeap Inspection

CWE-244

semantic_analyser.cpp:3014

12025-01-15 05:09pm
Vulnerable Code

bpftrace/src/ast/passes/semantic_analyser.cpp

Line 3014 in ffd9be3

int num_passes = listing_ ? 1 : num_passes_;

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

semantic_analyser.h:87

12025-01-15 05:09pm
Vulnerable Code

bpftrace/src/ast/passes/semantic_analyser.h

Line 87 in ffd9be3

const int num_passes_ = 10;

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

pass_manager.h:49

12025-01-15 05:09pm
Vulnerable Code

bpftrace/src/ast/pass_manager.h

Line 49 in ffd9be3

const std::optional<std::string> GetErrorPass()

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

semantic_analyser.h:86

12025-01-15 05:09pm
Vulnerable Code

bpftrace/src/ast/passes/semantic_analyser.h

Line 86 in ffd9be3

int pass_;

Secure Code Warrior Training Material
 
LowDivide By Zero

CWE-369

utils.cpp:530

12025-01-15 05:09pm
Vulnerable Code

bpftrace/src/utils.cpp

Lines 525 to 530 in ffd9be3

cflags.push_back("-nostdinc");
cflags.push_back("-isystem");
cflags.push_back("/virtual/lib/clang/include");
// see linux/Makefile for $(LINUXINCLUDE) + $(USERINCLUDE)
cflags.push_back("-I" + ksrc + "/arch/" + arch + "/include");

1 Data Flow/s detected

bpftrace/src/utils.cpp

Line 530 in ffd9be3

cflags.push_back("-I" + ksrc + "/arch/" + arch + "/include");

Secure Code Warrior Training Material
 
LowDivide By Zero

CWE-369

utils.cpp:534

12025-01-15 05:09pm
Vulnerable Code

bpftrace/src/utils.cpp

Lines 529 to 534 in ffd9be3

// see linux/Makefile for $(LINUXINCLUDE) + $(USERINCLUDE)
cflags.push_back("-I" + ksrc + "/arch/" + arch + "/include");
cflags.push_back("-I" + kobj + "/arch/" + arch + "/include/generated");
cflags.push_back("-I" + ksrc + "/include");
cflags.push_back("-I" + kobj + "/include");
cflags.push_back("-I" + ksrc + "/arch/" + arch + "/include/uapi");

1 Data Flow/s detected

bpftrace/src/utils.cpp

Line 534 in ffd9be3

cflags.push_back("-I" + ksrc + "/arch/" + arch + "/include/uapi");

Secure Code Warrior Training Material
 
LowDivide By Zero

CWE-369

utils.cpp:535

12025-01-15 05:09pm
Vulnerable Code

bpftrace/src/utils.cpp

Lines 530 to 535 in ffd9be3

cflags.push_back("-I" + ksrc + "/arch/" + arch + "/include");
cflags.push_back("-I" + kobj + "/arch/" + arch + "/include/generated");
cflags.push_back("-I" + ksrc + "/include");
cflags.push_back("-I" + kobj + "/include");
cflags.push_back("-I" + ksrc + "/arch/" + arch + "/include/uapi");
cflags.push_back("-I" + kobj + "/arch/" + arch + "/include/generated/uapi");

1 Data Flow/s detected

bpftrace/src/utils.cpp

Line 535 in ffd9be3

cflags.push_back("-I" + kobj + "/arch/" + arch + "/include/generated/uapi");

Secure Code Warrior Training Material
 
LowUncontrolled Memory Allocation

CWE-789

seccomp.c:107

22025-01-15 05:09pm
Vulnerable Code

bpftrace/scripts/seccomp.c

Lines 102 to 107 in ffd9be3

return -1;
}
// Copy command to a new string
int keysize = substr - str;
char* buf = malloc((keysize + 1) * sizeof(char));

2 Data Flow/s detected
View Data Flow 1

bpftrace/scripts/seccomp.c

Line 183 in ffd9be3

add_errno(&ctx, optarg);

bpftrace/scripts/seccomp.c

Line 95 in ffd9be3

int add_errno(scmp_filter_ctx* ctx, char* str)

bpftrace/scripts/seccomp.c

Line 106 in ffd9be3

int keysize = substr - str;

bpftrace/scripts/seccomp.c

Line 107 in ffd9be3

char* buf = malloc((keysize + 1) * sizeof(char));

View Data Flow 2

bpftrace/scripts/seccomp.c

Line 183 in ffd9be3

add_errno(&ctx, optarg);

bpftrace/scripts/seccomp.c

Line 95 in ffd9be3

int add_errno(scmp_filter_ctx* ctx, char* str)

bpftrace/scripts/seccomp.c

Line 99 in ffd9be3

char* substr = strchr(str, ':');

bpftrace/scripts/seccomp.c

Line 106 in ffd9be3

int keysize = substr - str;

bpftrace/scripts/seccomp.c

Line 107 in ffd9be3

char* buf = malloc((keysize + 1) * sizeof(char));

Secure Code Warrior Training Material
 
LowDivide By Zero

CWE-369

utils.cpp:531

12025-01-15 05:09pm
Vulnerable Code

bpftrace/src/utils.cpp

Lines 526 to 531 in ffd9be3

cflags.push_back("-isystem");
cflags.push_back("/virtual/lib/clang/include");
// see linux/Makefile for $(LINUXINCLUDE) + $(USERINCLUDE)
cflags.push_back("-I" + ksrc + "/arch/" + arch + "/include");
cflags.push_back("-I" + kobj + "/arch/" + arch + "/include/generated");

1 Data Flow/s detected

bpftrace/src/utils.cpp

Line 531 in ffd9be3

cflags.push_back("-I" + kobj + "/arch/" + arch + "/include/generated");

Secure Code Warrior Training Material

Metadata

Metadata

Assignees

No one assigned

    Labels

    Mend: code security findingsCode security findings detected by Mend

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions