Code Security Report: 6 high severity findings, 16 total findings

[mend-for-github-com]

Code Security Report

Scan Metadata

Latest Scan: 2024-05-31 07:55pm
Total Findings: 16 | New Findings: 3 | Resolved Findings: 1
Tested Project Files: 22
Detected Programming Languages: 1 (C/C++ (Beta))

• Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Date
High	Out of Buffer Bounds Write	CWE-787	openseachest_util_options.c:3323	32	2024-05-31 07:57pm
Vulnerable Code openSeaChest/src/openseachest_util_options.c Lines 3318 to 3323 in c512193 { perror("error allocating memory for adding device handle to list\n"); return 255; } /*copy the handle into memory*/ snprintf((*handleList)[(*deviceCount) - 1], handleListNewHandleLength, "%s", deviceHandle); 32 Data Flow/s detected View Data Flow 1 openSeaChest/src/openseachest_util_options.c Line 3323 in c512193 snprintf((*handleList)[(*deviceCount) - 1], handleListNewHandleLength, "%s", deviceHandle); View Data Flow 2 openSeaChest/src/openseachest_util_options.c Line 3323 in c512193 snprintf((*handleList)[(*deviceCount) - 1], handleListNewHandleLength, "%s", deviceHandle); View Data Flow 3 openSeaChest/src/openseachest_util_options.c Line 3323 in c512193 snprintf((*handleList)[(*deviceCount) - 1], handleListNewHandleLength, "%s", deviceHandle); View more Data Flows Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Buffer Overflow	CWE-121	openseachest_util_options.c:3323	32	2024-05-31 07:57pm
Vulnerable Code openSeaChest/src/openseachest_util_options.c Lines 3318 to 3323 in c512193 { perror("error allocating memory for adding device handle to list\n"); return 255; } /*copy the handle into memory*/ snprintf((*handleList)[(*deviceCount) - 1], handleListNewHandleLength, "%s", deviceHandle); 32 Data Flow/s detected View Data Flow 1 openSeaChest/src/openseachest_util_options.c Line 3287 in c512193 char *deviceHandle = optarg; openSeaChest/src/openseachest_util_options.c Line 3315 in c512193 size_t handleListNewHandleLength = strlen(deviceHandle) + 1; openSeaChest/src/openseachest_util_options.c Line 3323 in c512193 snprintf((*handleList)[(*deviceCount) - 1], handleListNewHandleLength, "%s", deviceHandle); View Data Flow 2 openSeaChest/src/openseachest_util_options.c Line 3287 in c512193 char *deviceHandle = optarg; openSeaChest/src/openseachest_util_options.c Line 3315 in c512193 size_t handleListNewHandleLength = strlen(deviceHandle) + 1; openSeaChest/src/openseachest_util_options.c Line 3323 in c512193 snprintf((*handleList)[(*deviceCount) - 1], handleListNewHandleLength, "%s", deviceHandle); View Data Flow 3 openSeaChest/src/openseachest_util_options.c Line 3287 in c512193 char *deviceHandle = optarg; openSeaChest/src/openseachest_util_options.c Line 3315 in c512193 size_t handleListNewHandleLength = strlen(deviceHandle) + 1; openSeaChest/src/openseachest_util_options.c Line 3323 in c512193 snprintf((*handleList)[(*deviceCount) - 1], handleListNewHandleLength, "%s", deviceHandle); View more Data Flows Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Buffer Overflow Training ● Videos    ▪ Secure Code Warrior Buffer Overflow Video
High	Path/Directory Traversal	CWE-22	openSeaChest_Format.c:461	1	2024-04-02 07:30pm
Vulnerable Code openSeaChest/utils/C/openSeaChest/openSeaChest_Format.c Lines 456 to 461 in c512193 { exit(UTIL_EXIT_CANNOT_OPEN_FILE); } snprintf(filename, filenameLength, "%s", colonLocation); //open file if (NULL == (patternFile = fopen(filename, "rb"))) 1 Data Flow/s detected openSeaChest/utils/C/openSeaChest/openSeaChest_Format.c Line 446 in c512193 char *colonLocation = strstr(optarg, ":"); openSeaChest/utils/C/openSeaChest/openSeaChest_Format.c Line 460 in c512193 //open file openSeaChest/utils/C/openSeaChest/openSeaChest_Format.c Line 461 in c512193 if (NULL == (patternFile = fopen(filename, "rb"))) Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Path/Directory Traversal Training ● Videos    ▪ Secure Code Warrior Path/Directory Traversal Video ● Further Reading    ▪ OWASP Path Traversal    ▪ OWASP Input Validation Cheat Sheet
High	Path/Directory Traversal	CWE-22	openSeaChest_Format.c:460	1	2024-04-02 07:30pm
Vulnerable Code openSeaChest/utils/C/openSeaChest/openSeaChest_Format.c Lines 455 to 460 in c512193 if (!filename) { exit(UTIL_EXIT_CANNOT_OPEN_FILE); } snprintf(filename, filenameLength, "%s", colonLocation); //open file 1 Data Flow/s detected openSeaChest/utils/C/openSeaChest/openSeaChest_Format.c Line 446 in c512193 char *colonLocation = strstr(optarg, ":"); openSeaChest/utils/C/openSeaChest/openSeaChest_Format.c Line 460 in c512193 //open file Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Path/Directory Traversal Training ● Videos    ▪ Secure Code Warrior Path/Directory Traversal Video ● Further Reading    ▪ OWASP Path Traversal    ▪ OWASP Input Validation Cheat Sheet
High	Path/Directory Traversal	CWE-22	openSeaChest_Erase.c:788	1	2024-04-02 07:30pm
Vulnerable Code openSeaChest/utils/C/openSeaChest/openSeaChest_Erase.c Lines 783 to 788 in c512193 { exit(UTIL_EXIT_CANNOT_OPEN_FILE); } snprintf(filename, filenameLength, "%s", colonLocation); //open file if (NULL == (patternFile = fopen(filename, "rb"))) 1 Data Flow/s detected openSeaChest/utils/C/openSeaChest/openSeaChest_Erase.c Line 776 in c512193 char *colonLocation = strstr(optarg, ":") + 1;//adding 1 to offset just beyond the colon for parsing the remaining data openSeaChest/utils/C/openSeaChest/openSeaChest_Erase.c Line 787 in c512193 //open file openSeaChest/utils/C/openSeaChest/openSeaChest_Erase.c Line 788 in c512193 if (NULL == (patternFile = fopen(filename, "rb"))) Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Path/Directory Traversal Training ● Videos    ▪ Secure Code Warrior Path/Directory Traversal Video ● Further Reading    ▪ OWASP Path Traversal    ▪ OWASP Input Validation Cheat Sheet
High	Path/Directory Traversal	CWE-22	openSeaChest_Erase.c:787	1	2024-04-02 07:30pm
Vulnerable Code openSeaChest/utils/C/openSeaChest/openSeaChest_Erase.c Lines 782 to 787 in c512193 if (!filename) { exit(UTIL_EXIT_CANNOT_OPEN_FILE); } snprintf(filename, filenameLength, "%s", colonLocation); //open file 1 Data Flow/s detected openSeaChest/utils/C/openSeaChest/openSeaChest_Erase.c Line 776 in c512193 char *colonLocation = strstr(optarg, ":") + 1;//adding 1 to offset just beyond the colon for parsing the remaining data openSeaChest/utils/C/openSeaChest/openSeaChest_Erase.c Line 787 in c512193 //open file Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Path/Directory Traversal Training ● Videos    ▪ Secure Code Warrior Path/Directory Traversal Video ● Further Reading    ▪ OWASP Path Traversal    ▪ OWASP Input Validation Cheat Sheet
Medium	Heap Inspection	CWE-244	openseachest_util_options.c:3822	1	2024-04-29 06:45pm
Vulnerable Code openSeaChest/src/openseachest_util_options.c Line 3822 in c512193 void print_ATA_Security_Erase_Help(bool shortHelp, const char *password) Secure Code Warrior Training Material
Medium	Heap Inspection	CWE-244	openSeaChest_Erase.c:1097	1	2024-04-29 06:45pm
Vulnerable Code openSeaChest/utils/C/openSeaChest/openSeaChest_Erase.c Line 1097 in c512193 char thePassword[ATA_SECURITY_MAX_PW_LENGTH + 1] = { 0 }; Secure Code Warrior Training Material
Medium	Heap Inspection	CWE-244	openSeaChest_Erase.c:1089	1	2024-04-29 06:45pm
Vulnerable Code openSeaChest/utils/C/openSeaChest/openSeaChest_Erase.c Line 1089 in c512193 char thePassword[ATA_SECURITY_MAX_PW_LENGTH + 1] = { 0 }; Secure Code Warrior Training Material
Medium	Heap Inspection	CWE-244	openSeaChest_Erase.c:1917	1	2024-04-29 06:45pm
Vulnerable Code openSeaChest/utils/C/openSeaChest/openSeaChest_Erase.c Line 1917 in c512193 char *passwordToUse = NULL; Secure Code Warrior Training Material

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	Buffer Overflow	CWE-121	C/C++ (Beta)	1
High	Out of Buffer Bounds Write	CWE-787	C/C++ (Beta)	1
High	Path/Directory Traversal	CWE-22	C/C++ (Beta)	4
Medium	Heap Inspection	CWE-244	C/C++ (Beta)	10

[vonericsen]

I've been working on assessing and addressing these issues on the feature/hardening branch.
Some of these issues are false-positives, some are issues that require changes to address correctly.

I'm now investigating solutions to the path/directory traversal issues listed in here and using this as a refence for how to resolve these issues:
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87151932