Code Security Report: 31 high severity findings, 54 total findings [develop]

[mend-for-github-com]

Code Security Report

Scan Metadata

Latest Scan: 2025-01-15 05:48pm
Total Findings: 54 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 95
Detected Programming Languages: 1 (C/C++ (Beta))

• Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Detected
High	Path/Directory Traversal	CWE-22	remote.c:1055	1	2025-01-15 06:24pm
Vulnerable Code crash/remote.c Lines 1050 to 1055 in dc8df4f va_start(ap, fmt); (void)vsnprintf(output, BUFSIZE*2, fmt, ap); va_end(ap); if ((fp = fopen(rc->remdebugfile, "a")) == NULL) 1 Data Flow/s detected crash/remote.c Line 92 in dc8df4f rc->remdebugfile = optarg; Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Path/Directory Traversal Training ● Videos    ▪ Secure Code Warrior Path/Directory Traversal Video ● Further Reading    ▪ OWASP Path Traversal    ▪ OWASP Input Validation Cheat Sheet
High	Path/Directory Traversal	CWE-22	qemu.c:257	1	2025-01-15 06:24pm
Vulnerable Code crash/qemu.c Lines 252 to 257 in dc8df4f if (argc != 2) { fprintf (stderr, "Usage: test SAVE-FILE\n"); exit (1); } fp = fopen(argv[1], "r"); 1 Data Flow/s detected crash/qemu.c Line 257 in dc8df4f fp = fopen(argv[1], "r"); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Path/Directory Traversal Training ● Videos    ▪ Secure Code Warrior Path/Directory Traversal Video ● Further Reading    ▪ OWASP Path Traversal    ▪ OWASP Input Validation Cheat Sheet
High	Out of Buffer Bounds Write	CWE-787	cmdline.c:2581	1	2025-01-15 06:24pm
Vulnerable Code crash/cmdline.c Lines 2576 to 2581 in dc8df4f (i+1) == orig_argcnt ? "\n" : ""); for (i = 0; i < aif->index; i++) new_args[i] = orig_args[i]; for (i = aif->index, c = 0; c < aif_cnt; c++, i++) new_args[i] = aif_args[c]; 1 Data Flow/s detected crash/cmdline.c Line 2581 in dc8df4f new_args[i] = aif_args[c]; Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Command Injection	CWE-78	trace.c:1805	1	2025-01-15 06:24pm
Vulnerable Code crash/extensions/trace.c Lines 1800 to 1805 in dc8df4f if (trace_cmd_data_output(fd) < 0) goto out; /* splice the output of trace-cmd to user */ snprintf(buf, sizeof(buf), "%s report %s", trace_cmd, tmp); if (!(file = popen(buf, "r"))) 1 Data Flow/s detected crash/extensions/trace.c Line 1781 in dc8df4f buf[ret] = 0; Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Command Injection Training ● Videos    ▪ Secure Code Warrior Command Injection Video ● Further Reading    ▪ OWASP testing for Command Injection    ▪ OWASP Command Injection
High	Double Free	CWE-415	s390dbf.c:894	1	2025-01-15 06:24pm
Vulnerable Code crash/s390dbf.c Lines 889 to 894 in dc8df4f rc = (debug_view_t*)malloc(sizeof(debug_view_t)); memset(rc, 0, sizeof(debug_view_t)); k_debug_view_size = kl_struct_len("debug_view"); k_debug_view = malloc(k_debug_view_size); 1 Data Flow/s detected crash/s390dbf.c Line 894 in dc8df4f k_debug_view = malloc(k_debug_view_size); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Double Free Training ● Videos    ▪ Secure Code Warrior Double Free Video
High	Integer Overflow	CWE-190	va_server.c:258	2	2025-01-15 06:24pm
Vulnerable Code crash/va_server.c Lines 253 to 258 in dc8df4f } fprintf(stderr, "FATAL ERROR: malloc failure: out of memory\n"); clean_exit(1); } items = fread((void *)compr_buf, sizeof(char), m->num_blks * Page_Size, vas_file_p); if(items != m->num_blks * Page_Size) { 2 Data Flow/s detected View Data Flow 1 crash/va_server.c Line 258 in dc8df4f if(items != m->num_blks * Page_Size) { View Data Flow 2 crash/va_server.c Line 258 in dc8df4f if(items != m->num_blks * Page_Size) { Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Integer Overflow Training ● Videos    ▪ Secure Code Warrior Integer Overflow Video
High	Command Injection	CWE-78	remote.c:501	1	2025-01-15 06:24pm
Vulnerable Code crash/remote.c Lines 496 to 501 in dc8df4f errno = 0; reqsize = bufsize - DATA_HDRSIZE; sprintf(readbuf, "/usr/bin/gzip -c %s", file); if ((pipe = popen(readbuf, "r")) == NULL) { 1 Data Flow/s detected crash/remote.c Line 476 in dc8df4f strcpy(sendbuf, readbuf); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Command Injection Training ● Videos    ▪ Secure Code Warrior Command Injection Video ● Further Reading    ▪ OWASP testing for Command Injection    ▪ OWASP Command Injection
High	Buffer Overflow	CWE-121	kvmdump.c:321	1	2025-01-15 06:24pm
Vulnerable Code crash/kvmdump.c Lines 316 to 321 in dc8df4f eof = lseek(kvm->mapfd, 0, SEEK_END); if (lseek(kvm->mapfd, eof - sizeof(trailer), SEEK_SET) < 0) error(FATAL, "%s: lseek: %s\n", mapfile_in_use(), strerror(errno)); if (read(kvm->mapfd, &trailer, sizeof(trailer)) != sizeof(trailer)) 1 Data Flow/s detected crash/kvmdump.c Line 70 in dc8df4f error(INFO, "%s: read: %s\n", filename, strerror(errno)); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Buffer Overflow Training ● Videos    ▪ Secure Code Warrior Buffer Overflow Video
High	Command Injection	CWE-78	filesys.c:3802	1	2025-01-15 06:24pm
Vulnerable Code crash/filesys.c Lines 3797 to 3802 in dc8df4f char buf[BUFSIZE]; char command[BUFSIZE]; sprintf(command, "/sbin/modprobe %s", pc->memory_module); if (CRASHDEBUG(1)) fprintf(fp, "%s\n", command); 1 Data Flow/s detected crash/filesys.c Line 1042 in dc8df4f if (STREQ(buf, "search done\n")) { crash/remote.c Line 1646 in dc8df4f return(daemon_clean_line(line)); crash/filesys.c Line 1052 in dc8df4f module = basename(strip_linefeeds(buf)); crash/filesys.c Line 3798 in dc8df4f char command[BUFSIZE]; crash/filesys.c Line 3802 in dc8df4f fprintf(fp, "%s\n", command); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Command Injection Training ● Videos    ▪ Secure Code Warrior Command Injection Video ● Further Reading    ▪ OWASP testing for Command Injection    ▪ OWASP Command Injection
High	Out of Buffer Bounds Write	CWE-787	xendump.c:2694	1	2025-01-15 06:24pm
Vulnerable Code crash/xendump.c Lines 2689 to 2694 in dc8df4f BZERO(buf, BUFSIZE); i = 0; while (read(xd->xfd, &buf[i], sizeof(char)) == sizeof(char)) { if (buf[i] == NULLCHAR) 1 Data Flow/s detected crash/xendump.c Line 2694 in dc8df4f if (buf[i] == NULLCHAR) Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	Buffer Overflow	CWE-121	C/C++ (Beta)	3
High	Integer Overflow	CWE-190	C/C++ (Beta)	3
High	Out of Buffer Bounds Write	CWE-787	C/C++ (Beta)	8
High	Use After Free	CWE-416	C/C++ (Beta)	3
High	Command Injection	CWE-78	C/C++ (Beta)	10
High	Double Free	CWE-415	C/C++ (Beta)	2
High	Path/Directory Traversal	CWE-22	C/C++ (Beta)	2
Medium	Integer Underflow	CWE-191	C/C++ (Beta)	1
Medium	Out of Buffer Bounds Read	CWE-125	C/C++ (Beta)	10
Medium	Heap Inspection	CWE-244	C/C++ (Beta)	4
Low	Uncontrolled Memory Allocation	CWE-789	C/C++ (Beta)	7
Low	Divide By Zero	CWE-369	C/C++ (Beta)	1