Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Code Security Report: 6 high severity findings, 16 total findings #140

Open
1 task
mend-for-github-com bot opened this issue Mar 19, 2024 · 1 comment
Open
1 task
Assignees
Labels
Mend: code security findings Code security findings detected by Mend

Comments

@mend-for-github-com
Copy link
Contributor

mend-for-github-com bot commented Mar 19, 2024

Code Security Report

Scan Metadata

Latest Scan: 2024-05-31 07:55pm
Total Findings: 16 | New Findings: 3 | Resolved Findings: 1
Tested Project Files: 22
Detected Programming Languages: 1 (C/C++ (Beta))

  • Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

SeverityVulnerability TypeCWEFileData FlowsDate
HighOut of Buffer Bounds Write

CWE-787

openseachest_util_options.c:3323

322024-05-31 07:57pm
Vulnerable Code

{
perror("error allocating memory for adding device handle to list\n");
return 255;
}
/*copy the handle into memory*/
snprintf((*handleList)[(*deviceCount) - 1], handleListNewHandleLength, "%s", deviceHandle);

32 Data Flow/s detected
View Data Flow 1

snprintf((*handleList)[(*deviceCount) - 1], handleListNewHandleLength, "%s", deviceHandle);

View Data Flow 2

snprintf((*handleList)[(*deviceCount) - 1], handleListNewHandleLength, "%s", deviceHandle);

View Data Flow 3

snprintf((*handleList)[(*deviceCount) - 1], handleListNewHandleLength, "%s", deviceHandle);

View more Data Flows

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Out of Buffer Bounds Write Training

● Videos

   ▪ Secure Code Warrior Out of Buffer Bounds Write Video

 
HighBuffer Overflow

CWE-121

openseachest_util_options.c:3323

322024-05-31 07:57pm
Vulnerable Code

{
perror("error allocating memory for adding device handle to list\n");
return 255;
}
/*copy the handle into memory*/
snprintf((*handleList)[(*deviceCount) - 1], handleListNewHandleLength, "%s", deviceHandle);

32 Data Flow/s detected
View Data Flow 1

char *deviceHandle = optarg;

size_t handleListNewHandleLength = strlen(deviceHandle) + 1;

snprintf((*handleList)[(*deviceCount) - 1], handleListNewHandleLength, "%s", deviceHandle);

View Data Flow 2

char *deviceHandle = optarg;

size_t handleListNewHandleLength = strlen(deviceHandle) + 1;

snprintf((*handleList)[(*deviceCount) - 1], handleListNewHandleLength, "%s", deviceHandle);

View Data Flow 3

char *deviceHandle = optarg;

size_t handleListNewHandleLength = strlen(deviceHandle) + 1;

snprintf((*handleList)[(*deviceCount) - 1], handleListNewHandleLength, "%s", deviceHandle);

View more Data Flows

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Buffer Overflow Training

● Videos

   ▪ Secure Code Warrior Buffer Overflow Video

 
HighPath/Directory Traversal

CWE-22

openSeaChest_Format.c:461

12024-04-02 07:30pm
Vulnerable Code

{
exit(UTIL_EXIT_CANNOT_OPEN_FILE);
}
snprintf(filename, filenameLength, "%s", colonLocation);
//open file
if (NULL == (patternFile = fopen(filename, "rb")))

1 Data Flow/s detected

char *colonLocation = strstr(optarg, ":");

if (NULL == (patternFile = fopen(filename, "rb")))

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Path/Directory Traversal Training

● Videos

   ▪ Secure Code Warrior Path/Directory Traversal Video

● Further Reading

   ▪ OWASP Path Traversal

   ▪ OWASP Input Validation Cheat Sheet

 
HighPath/Directory Traversal

CWE-22

openSeaChest_Format.c:460

12024-04-02 07:30pm
Vulnerable Code

if (!filename)
{
exit(UTIL_EXIT_CANNOT_OPEN_FILE);
}
snprintf(filename, filenameLength, "%s", colonLocation);
//open file

1 Data Flow/s detected

char *colonLocation = strstr(optarg, ":");

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Path/Directory Traversal Training

● Videos

   ▪ Secure Code Warrior Path/Directory Traversal Video

● Further Reading

   ▪ OWASP Path Traversal

   ▪ OWASP Input Validation Cheat Sheet

 
HighPath/Directory Traversal

CWE-22

openSeaChest_Erase.c:788

12024-04-02 07:30pm
Vulnerable Code

{
exit(UTIL_EXIT_CANNOT_OPEN_FILE);
}
snprintf(filename, filenameLength, "%s", colonLocation);
//open file
if (NULL == (patternFile = fopen(filename, "rb")))

1 Data Flow/s detected

char *colonLocation = strstr(optarg, ":") + 1;//adding 1 to offset just beyond the colon for parsing the remaining data

if (NULL == (patternFile = fopen(filename, "rb")))

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Path/Directory Traversal Training

● Videos

   ▪ Secure Code Warrior Path/Directory Traversal Video

● Further Reading

   ▪ OWASP Path Traversal

   ▪ OWASP Input Validation Cheat Sheet

 
HighPath/Directory Traversal

CWE-22

openSeaChest_Erase.c:787

12024-04-02 07:30pm
Vulnerable Code

if (!filename)
{
exit(UTIL_EXIT_CANNOT_OPEN_FILE);
}
snprintf(filename, filenameLength, "%s", colonLocation);
//open file

1 Data Flow/s detected

char *colonLocation = strstr(optarg, ":") + 1;//adding 1 to offset just beyond the colon for parsing the remaining data

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Path/Directory Traversal Training

● Videos

   ▪ Secure Code Warrior Path/Directory Traversal Video

● Further Reading

   ▪ OWASP Path Traversal

   ▪ OWASP Input Validation Cheat Sheet

 
MediumHeap Inspection

CWE-244

openseachest_util_options.c:3822

12024-04-29 06:45pm
Vulnerable Code

void print_ATA_Security_Erase_Help(bool shortHelp, const char *password)

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

openSeaChest_Erase.c:1097

12024-04-29 06:45pm
Vulnerable Code

char thePassword[ATA_SECURITY_MAX_PW_LENGTH + 1] = { 0 };

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

openSeaChest_Erase.c:1089

12024-04-29 06:45pm
Vulnerable Code

char thePassword[ATA_SECURITY_MAX_PW_LENGTH + 1] = { 0 };

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

openSeaChest_Erase.c:1917

12024-04-29 06:45pm
Vulnerable Code

char *passwordToUse = NULL;

Secure Code Warrior Training Material

Findings Overview

Severity Vulnerability Type CWE Language Count
High Buffer Overflow CWE-121 C/C++ (Beta) 1
High Out of Buffer Bounds Write CWE-787 C/C++ (Beta) 1
High Path/Directory Traversal CWE-22 C/C++ (Beta) 4
Medium Heap Inspection CWE-244 C/C++ (Beta) 10
@mend-for-github-com mend-for-github-com bot added the Mend: code security findings Code security findings detected by Mend label Mar 19, 2024
@vonericsen vonericsen self-assigned this Apr 4, 2024
@vonericsen
Copy link
Contributor

I've been working on assessing and addressing these issues on the feature/hardening branch.
Some of these issues are false-positives, some are issues that require changes to address correctly.

I'm now investigating solutions to the path/directory traversal issues listed in here and using this as a refence for how to resolve these issues:
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87151932

@mend-for-github-com mend-for-github-com bot changed the title Code Security Report: 12 high severity findings, 22 total findings Code Security Report: 6 high severity findings, 16 total findings May 31, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
Mend: code security findings Code security findings detected by Mend
Projects
None yet
Development

No branches or pull requests

1 participant