Code Security Report
Scan Metadata
Latest Scan: 2024-05-31 07:55pm
Total Findings: 16 | New Findings: 3 | Resolved Findings: 1
Tested Project Files: 22
Detected Programming Languages: 1 (C/C++ (Beta))
- [ ] Check this box to manually trigger a scan
Most Relevant Findings
The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.
| Severity | Vulnerability Type | CWE | File | Data Flows | Date |
|---|
 High | Out of Buffer Bounds Write |
CWE-787
|
openseachest_util_options.c:3323
| 32 | 2024-05-31 07:57pm |
 Vulnerable Code
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/src/openseachest_util_options.c#L3318-L3323
32 Data Flow/s detected
View Data Flow 1
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/src/openseachest_util_options.c#L3323
View Data Flow 2
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/src/openseachest_util_options.c#L3323
View Data Flow 3
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/src/openseachest_util_options.c#L3323
View more Data Flows
 Secure Code Warrior Training Material
● Training
▪ Secure Code Warrior Out of Buffer Bounds Write Training
● Videos
▪ Secure Code Warrior Out of Buffer Bounds Write Video
|
| |
| High | Buffer Overflow |
CWE-121
|
openseachest_util_options.c:3323
| 32 | 2024-05-31 07:57pm |
Vulnerable Code
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/src/openseachest_util_options.c#L3318-L3323
32 Data Flow/s detected
View Data Flow 1
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/src/openseachest_util_options.c#L3287
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/src/openseachest_util_options.c#L3315
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/src/openseachest_util_options.c#L3323
View Data Flow 2
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/src/openseachest_util_options.c#L3287
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/src/openseachest_util_options.c#L3315
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/src/openseachest_util_options.c#L3323
View Data Flow 3
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/src/openseachest_util_options.c#L3287
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/src/openseachest_util_options.c#L3315
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/src/openseachest_util_options.c#L3323
View more Data Flows
Secure Code Warrior Training Material
● Training
▪ Secure Code Warrior Buffer Overflow Training
● Videos
▪ Secure Code Warrior Buffer Overflow Video
|
| |
| High | Path/Directory Traversal |
CWE-22
|
openSeaChest_Format.c:461
| 1 | 2024-04-02 07:30pm |
Vulnerable Code
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/utils/C/openSeaChest/openSeaChest_Format.c#L456-L461
1 Data Flow/s detected
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/utils/C/openSeaChest/openSeaChest_Format.c#L446
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/utils/C/openSeaChest/openSeaChest_Format.c#L460
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/utils/C/openSeaChest/openSeaChest_Format.c#L461
Secure Code Warrior Training Material
● Training
▪ Secure Code Warrior Path/Directory Traversal Training
● Videos
▪ Secure Code Warrior Path/Directory Traversal Video
● Further Reading
▪ OWASP Path Traversal
▪ OWASP Input Validation Cheat Sheet
|
| |
| High | Path/Directory Traversal |
CWE-22
|
openSeaChest_Format.c:460
| 1 | 2024-04-02 07:30pm |
Vulnerable Code
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/utils/C/openSeaChest/openSeaChest_Format.c#L455-L460
1 Data Flow/s detected
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/utils/C/openSeaChest/openSeaChest_Format.c#L446
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/utils/C/openSeaChest/openSeaChest_Format.c#L460
Secure Code Warrior Training Material
● Training
▪ Secure Code Warrior Path/Directory Traversal Training
● Videos
▪ Secure Code Warrior Path/Directory Traversal Video
● Further Reading
▪ OWASP Path Traversal
▪ OWASP Input Validation Cheat Sheet
|
| |
| High | Path/Directory Traversal |
CWE-22
|
openSeaChest_Erase.c:788
| 1 | 2024-04-02 07:30pm |
Vulnerable Code
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/utils/C/openSeaChest/openSeaChest_Erase.c#L783-L788
1 Data Flow/s detected
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/utils/C/openSeaChest/openSeaChest_Erase.c#L776
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/utils/C/openSeaChest/openSeaChest_Erase.c#L787
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/utils/C/openSeaChest/openSeaChest_Erase.c#L788
Secure Code Warrior Training Material
● Training
▪ Secure Code Warrior Path/Directory Traversal Training
● Videos
▪ Secure Code Warrior Path/Directory Traversal Video
● Further Reading
▪ OWASP Path Traversal
▪ OWASP Input Validation Cheat Sheet
|
| |
| High | Path/Directory Traversal |
CWE-22
|
openSeaChest_Erase.c:787
| 1 | 2024-04-02 07:30pm |
Vulnerable Code
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/utils/C/openSeaChest/openSeaChest_Erase.c#L782-L787
1 Data Flow/s detected
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/utils/C/openSeaChest/openSeaChest_Erase.c#L776
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/utils/C/openSeaChest/openSeaChest_Erase.c#L787
Secure Code Warrior Training Material
● Training
▪ Secure Code Warrior Path/Directory Traversal Training
● Videos
▪ Secure Code Warrior Path/Directory Traversal Video
● Further Reading
▪ OWASP Path Traversal
▪ OWASP Input Validation Cheat Sheet
|
| |
 Medium | Heap Inspection |
CWE-244
|
openseachest_util_options.c:3822
| 1 | 2024-04-29 06:45pm |
Vulnerable Code
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/src/openseachest_util_options.c#L3822
Secure Code Warrior Training Material
|
| |
| Medium | Heap Inspection |
CWE-244
|
openSeaChest_Erase.c:1097
| 1 | 2024-04-29 06:45pm |
Vulnerable Code
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/utils/C/openSeaChest/openSeaChest_Erase.c#L1097
Secure Code Warrior Training Material
|
| |
| Medium | Heap Inspection |
CWE-244
|
openSeaChest_Erase.c:1089
| 1 | 2024-04-29 06:45pm |
Vulnerable Code
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/utils/C/openSeaChest/openSeaChest_Erase.c#L1089
Secure Code Warrior Training Material
|
| |
| Medium | Heap Inspection |
CWE-244
|
openSeaChest_Erase.c:1917
| 1 | 2024-04-29 06:45pm |
Vulnerable Code
https://github.com/Seagate/openSeaChest/blob/c512193ee90f96640f72d61d234c9947bb29f0ef/utils/C/openSeaChest/openSeaChest_Erase.c#L1917
Secure Code Warrior Training Material
|
Findings Overview
| Severity |
Vulnerability Type |
CWE |
Language |
Count |
| High |
Buffer Overflow |
CWE-121 |
C/C++ (Beta) |
1 |
| High |
Out of Buffer Bounds Write |
CWE-787 |
C/C++ (Beta) |
1 |
| High |
Path/Directory Traversal |
CWE-22 |
C/C++ (Beta) |
4 |
| Medium |
Heap Inspection |
CWE-244 |
C/C++ (Beta) |
10 |
I've been working on assessing and addressing these issues on the feature/hardening branch.
Some of these issues are false-positives, some are issues that require changes to address correctly.
I'm now investigating solutions to the path/directory traversal issues listed in here and using this as a refence for how to resolve these issues:
https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87151932
Closing this issue as all mend SAST detected issues have been resolved for now.
Mend will automatically open new issues as needed in future scans.
openSeaChest copied to clipboard
Seagate
![mend-for-github-com[bot] avatar](https://avatars.githubusercontent.com/in/30796?v=4 "Published by a pub.dev verified publisher"){kind=small}
