Code Security Report: 15 high severity findings, 23 total findings

[mend-for-github-com]

Code Security Report

Scan Metadata

Latest Scan: 2024-05-08 07:30pm
Total Findings: 23 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 128
Detected Programming Languages: 3 (Python, C/C++ (Beta), Go)

• Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Date
High	Insecure File Permissions	CWE-732	loopback_fs.go:279	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/component/loopback/loopback_fs.go Lines 274 to 279 in d47f0a2 func (lfs *LoopbackFS) ReadInBuffer(options internal.ReadInBufferOptions) (int, error) { log.Trace("LoopbackFS::ReadInBuffer : name=%s", options.Handle.Path) f := options.Handle.GetFileObject() if f == nil { f1, err := os.OpenFile(common.JoinUnixFilepath(lfs.path, options.Handle.Path), os.O_RDONLY, 0777) 1 Data Flow/s detected cloudfuse/component/loopback/loopback_fs.go Line 279 in d47f0a2 f1, err := os.OpenFile(common.JoinUnixFilepath(lfs.path, options.Handle.Path), os.O_RDONLY, 0777) Secure Code Warrior Training Material
High	Insecure File Permissions	CWE-732	stats_manager_linux.go:160	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/internal/stats_manager/stats_manager_linux.go Lines 155 to 160 in d47f0a2 disableMonitoring() return } // open transfer pipe tf, err := os.OpenFile(common.TransferPipe, os.O_CREATE|os.O_WRONLY, 0777) 1 Data Flow/s detected cloudfuse/internal/stats_manager/stats_manager_linux.go Line 160 in d47f0a2 tf, err := os.OpenFile(common.TransferPipe, os.O_CREATE|os.O_WRONLY, 0777) Secure Code Warrior Training Material
High	Insecure File Permissions	CWE-732	stats_manager_linux.go:51	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/internal/stats_manager/stats_manager_linux.go Lines 46 to 51 in d47f0a2 log.Err("stats_manager::statsDumper : [%v]", err) disableMonitoring() return } f, err := os.OpenFile(common.TransferPipe, os.O_CREATE|os.O_WRONLY, 0777) 1 Data Flow/s detected cloudfuse/internal/stats_manager/stats_manager_linux.go Line 51 in d47f0a2 f, err := os.OpenFile(common.TransferPipe, os.O_CREATE|os.O_WRONLY, 0777) Secure Code Warrior Training Material
High	Insecure File Permissions	CWE-732	stats_export.go:278	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/tools/health-monitor/internal/stats_export.go Lines 273 to 278 in d47f0a2 fname = fmt.Sprintf("%v_%v.%v", baseName, hmcommon.Pid, hmcommon.OutputFileExtension) fnameNew = fmt.Sprintf("%v_%v_1.%v", baseName, hmcommon.Pid, hmcommon.OutputFileExtension) _ = os.Rename(fname, fnameNew) fname = fmt.Sprintf("%v_%v.%v", baseName, hmcommon.Pid, hmcommon.OutputFileExtension) se.opFile, err = os.OpenFile(fname, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0755) 1 Data Flow/s detected cloudfuse/tools/health-monitor/internal/stats_export.go Line 278 in d47f0a2 se.opFile, err = os.OpenFile(fname, os.O_APPEND|os.O_CREATE|os.O_WRONLY, 0755) Secure Code Warrior Training Material
High	Insecure File Permissions	CWE-732	stats_reader_linux.go:87	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/tools/health-monitor/monitor/cloudfuse_stats/stats_reader_linux.go Lines 82 to 87 in d47f0a2 if err != nil { log.Err("StatsReader::statsPoll : [%v]", err) return } pf, err := os.OpenFile(cfs.pollingPipe, os.O_CREATE|os.O_WRONLY, 0777) 1 Data Flow/s detected cloudfuse/tools/health-monitor/monitor/cloudfuse_stats/stats_reader_linux.go Line 87 in d47f0a2 pf, err := os.OpenFile(cfs.pollingPipe, os.O_CREATE|os.O_WRONLY, 0777) Secure Code Warrior Training Material
High	Insecure File Permissions	CWE-732	cache_policy.go:106	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/component/file_cache/cache_policy.go Lines 101 to 106 in d47f0a2 err := os.Remove(name) if err != nil && os.IsPermission(err) { // File is not having delete permissions so change the mode and retry deletion log.Warn("cachePolicy::deleteFile : failed to delete %s due to permission", name) err = os.Chmod(name, os.FileMode(0666)) 1 Data Flow/s detected cloudfuse/component/file_cache/cache_policy.go Line 106 in d47f0a2 err = os.Chmod(name, os.FileMode(0666)) Secure Code Warrior Training Material
High	Insecure File Permissions	CWE-732	base_logger.go:186	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/common/log/base_logger.go Lines 181 to 186 in d47f0a2 fi, e := os.Stat(l.fileConfig.LogFile) if e == nil { l.fileConfig.currentLogSize = uint64(fi.Size()) } var err error l.logFileHandle, err = os.OpenFile(l.fileConfig.LogFile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644) 1 Data Flow/s detected cloudfuse/common/log/base_logger.go Line 186 in d47f0a2 l.logFileHandle, err = os.OpenFile(l.fileConfig.LogFile, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644) Secure Code Warrior Training Material
High	Insecure File Permissions	CWE-732	base_logger.go:130	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/common/log/base_logger.go Lines 125 to 130 in d47f0a2 l.fileConfig.LogFile = name if l.logFileHandle != nil { if name == "stdout" { l.logFileHandle = os.Stdout } else { f, err := os.OpenFile(name, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644) 1 Data Flow/s detected cloudfuse/common/log/base_logger.go Line 130 in d47f0a2 f, err := os.OpenFile(name, os.O_CREATE|os.O_WRONLY|os.O_APPEND, 0644) Secure Code Warrior Training Material
High	Insecure Directory Permissions	CWE-732	mount.go:142	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/cmd/mount.go Lines 137 to 142 in d47f0a2 return fmt.Errorf("default work dir '%s' is not a directory", common.DefaultWorkDir) } if err != nil && os.IsNotExist(err) { // create the default work dir if err = os.MkdirAll(common.ExpandPath(common.DefaultWorkDir), 0777); err != nil { 1 Data Flow/s detected cloudfuse/cmd/mount.go Line 142 in d47f0a2 if err = os.MkdirAll(common.ExpandPath(common.DefaultWorkDir), 0777); err != nil { Secure Code Warrior Training Material
High	Insecure Directory Permissions	CWE-732	mount_all.go:329	1	2024-04-02 02:23pm
Vulnerable Code cloudfuse/cmd/mount_all.go Lines 324 to 329 in d47f0a2 if options.SecureConfig { contConfigFile = contConfigFile + SecureConfigExtension } if _, err := os.Stat(contMountPath); os.IsNotExist(err) { err = os.MkdirAll(contMountPath, 0777) 1 Data Flow/s detected cloudfuse/cmd/mount_all.go Line 329 in d47f0a2 err = os.MkdirAll(contMountPath, 0777) Secure Code Warrior Training Material

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	Command Injection	CWE-78	Go	1
High	File Manipulation	CWE-73	Go	3
High	Insecure Directory Permissions	CWE-732	Go	3
High	Insecure File Permissions	CWE-732	Go	8
Medium	Miscellaneous Dangerous Functions	CWE-676	Python	1
Medium	Heap Inspection	CWE-244	Go	7