Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code Security Report: 12 total findings #2

Open
1 task
mend-for-github-com bot opened this issue Jun 14, 2024 · 0 comments
Open
1 task

Code Security Report: 12 total findings #2

mend-for-github-com bot opened this issue Jun 14, 2024 · 0 comments
Labels
Mend: code security findings Code security findings detected by Mend

Comments

@mend-for-github-com
Copy link

mend-for-github-com bot commented Jun 14, 2024
edited
Loading

Code Security Report

Scan Metadata

Latest Scan: 2024-12-20 10:33pm
Total Findings: 12 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 149
Detected Programming Languages: 2 (Go, JavaScript / TypeScript*)

  • Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

SeverityVulnerability TypeCWEFileData FlowsDetected
MediumHeap Inspection

CWE-244

flags.go:28

12024-11-22 05:05pm
Vulnerable Code

cfm/cli/pkg/serviceLib/flags/flags.go

Line 28 in 154c362

PASSWORD string = "password"

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

flags.go:71

12024-12-02 09:25pm
Vulnerable Code

cfm/cli/pkg/serviceLib/flags/flags.go

Line 71 in 154c362

APPLIANCE_PASSWORD string = APPLIANCE + "-" + PASSWORD

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

flags.go:148

12024-12-02 09:25pm
Vulnerable Code

cfm/cli/pkg/serviceLib/flags/flags.go

Line 148 in 154c362

BLADE_PASSWORD_DFLT string = "0penBmc"

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

flags.go:141

12024-12-02 09:25pm
Vulnerable Code

cfm/cli/pkg/serviceLib/flags/flags.go

Line 141 in 154c362

APPLIANCE_PASSWORD_DFLT string = "dummypswd"

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

flags.go:63

12024-12-02 09:25pm
Vulnerable Code

cfm/cli/pkg/serviceLib/flags/flags.go

Line 63 in 154c362

COMMON_PASSWORD_SH string = "W"

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

flags.go:84

12024-12-02 09:25pm
Vulnerable Code

cfm/cli/pkg/serviceLib/flags/flags.go

Line 84 in 154c362

BLADE_PASSWORD string = BLADE + "-" + PASSWORD

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

flags.go:72

12024-12-02 09:25pm
Vulnerable Code

cfm/cli/pkg/serviceLib/flags/flags.go

Line 72 in 154c362

APPLIANCE_PASSWORD_SH string = COMMON_PASSWORD_SH

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

flags.go:98

12024-12-02 09:25pm
Vulnerable Code

cfm/cli/pkg/serviceLib/flags/flags.go

Line 98 in 154c362

HOST_PASSWORD_SH string = COMMON_PASSWORD_SH

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

flags.go:85

12024-12-02 09:25pm
Vulnerable Code

cfm/cli/pkg/serviceLib/flags/flags.go

Line 85 in 154c362

BLADE_PASSWORD_SH string = COMMON_PASSWORD_SH

Secure Code Warrior Training Material
 
MediumWeak Pseudo-Random

CWE-338

sessions.go:192

12024-11-19 10:02pm
Vulnerable Code

cfm/pkg/accounts/sessions.go

Line 192 in 154c362

r := rand.New(seed)

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Weak Pseudo-Random Training

● Videos

   ▪ Secure Code Warrior Weak Pseudo-Random Video

● Further Reading

   ▪ OWASP Insecure Randomness

Findings Overview

Severity Vulnerability Type CWE Language Count
Medium Heap Inspection CWE-244 Go 11
Medium Weak Pseudo-Random CWE-338 Go 1
@mend-for-github-com mend-for-github-com bot added the Mend: code security findings Code security findings detected by Mend label Jun 14, 2024
@mend-for-github-com mend-for-github-com bot changed the title Code Security Report: 19 total findings Code Security Report: 28 total findings Jun 18, 2024
@mend-for-github-com mend-for-github-com bot changed the title Code Security Report: 28 total findings Code Security Report: 27 total findings Jun 25, 2024
@mend-for-github-com mend-for-github-com bot changed the title Code Security Report: 27 total findings Code Security Report: 9 total findings Jun 27, 2024
@mend-for-github-com mend-for-github-com bot changed the title Code Security Report: 9 total findings Code Security Report: 0 total findings Aug 27, 2024
@mend-for-github-com mend-for-github-com bot changed the title Code Security Report: 0 total findings Code Security Report: 5 total findings Oct 18, 2024
@mend-for-github-com mend-for-github-com bot changed the title Code Security Report: 5 total findings Code Security Report: 6 total findings Nov 19, 2024
@mend-for-github-com mend-for-github-com bot changed the title Code Security Report: 6 total findings Code Security Report: 12 total findings Dec 4, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Mend: code security findings Code security findings detected by Mend
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants