Code Security Report: 16 high severity findings, 16 total findings [develop]

[mend-for-github-com]

Code Security Report

Scan Metadata

Latest Scan: 2025-01-15 05:07pm
Total Findings: 16 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 451
Detected Programming Languages: 2 (C/C++ (Beta), Python*)

• Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Detected
High	Out of Buffer Bounds Write	CWE-787	bcc_perf_map.c:39	1	2025-01-15 05:11pm
Vulnerable Code bcc/src/cc/bcc_perf_map.c Lines 34 to 39 in 6090e9c int bcc_perf_map_nstgid(int pid) { char status_path[64]; FILE *status; snprintf(status_path, sizeof(status_path), "/proc/%d/status", pid); 1 Data Flow/s detected bcc/src/cc/bcc_perf_map.c Line 39 in 6090e9c snprintf(status_path, sizeof(status_path), "/proc/%d/status", pid); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Out of Buffer Bounds Write	CWE-787	libbpf.c:1220	1	2025-01-15 05:11pm
Vulnerable Code bcc/src/cc/libbpf.c Lines 1215 to 1220 in 6090e9c if (kfd < 0) { fprintf(stderr, "open(%s): %s\n", buf, strerror(errno)); goto error; } res = snprintf(buf, sizeof(buf), "-:%ss/%s_bcc_%d", event_type, ev_name, getpid()); 1 Data Flow/s detected bcc/src/cc/libbpf.c Line 1220 in 6090e9c res = snprintf(buf, sizeof(buf), "-:%ss/%s_bcc_%d", event_type, ev_name, getpid()); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Out of Buffer Bounds Write	CWE-787	libbpf.c:1188	1	2025-01-15 05:11pm
Vulnerable Code bcc/src/cc/libbpf.c Lines 1183 to 1188 in 6090e9c * For [k,u]probe created with perf_event_open (on newer kernel), it is * not necessary to clean it up in [k,u]probe_events. We first look up * the %s_bcc_%d line in [k,u]probe_events. If the event is not found, * it is safe to skip the cleaning up process (write -:... to the file). */ snprintf(buf, sizeof(buf), "/sys/kernel/debug/tracing/%s_events", event_type); 1 Data Flow/s detected bcc/src/cc/libbpf.c Line 1188 in 6090e9c snprintf(buf, sizeof(buf), "/sys/kernel/debug/tracing/%s_events", event_type); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Out of Buffer Bounds Write	CWE-787	trace_helpers.c:301	1	2025-01-15 05:11pm
Vulnerable Code bcc/libbpf-tools/trace_helpers.c Lines 296 to 301 in 6090e9c if (!gelf_getshdr(section, &header)) continue; name = elf_strptr(e, stridx, header.sh_name); if (name && !strcmp(name, ".text")) { *addr = (uint64_t)header.sh_addr; 1 Data Flow/s detected bcc/libbpf-tools/trace_helpers.c Line 301 in 6090e9c *addr = (uint64_t)header.sh_addr; Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Out of Buffer Bounds Write	CWE-787	libbpf.c:878	1	2025-01-15 05:11pm
Vulnerable Code bcc/src/cc/libbpf.c Lines 873 to 878 in 6090e9c { int fd; int ret; char buf[PATH_MAX]; ret = snprintf(buf, sizeof(buf), PMU_RETPROBE_FILE, event_type); 1 Data Flow/s detected bcc/src/cc/libbpf.c Line 878 in 6090e9c ret = snprintf(buf, sizeof(buf), PMU_RETPROBE_FILE, event_type); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Out of Buffer Bounds Write	CWE-787	libbpf.c:1195	1	2025-01-15 05:11pm
Vulnerable Code bcc/src/cc/libbpf.c Lines 1190 to 1195 in 6090e9c if (!fp) { fprintf(stderr, "open(%s): %s\n", buf, strerror(errno)); goto error; } res = snprintf(buf, sizeof(buf), "%ss/%s_bcc_%d", event_type, ev_name, getpid()); 1 Data Flow/s detected bcc/src/cc/libbpf.c Line 1195 in 6090e9c res = snprintf(buf, sizeof(buf), "%ss/%s_bcc_%d", event_type, ev_name, getpid()); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Out of Buffer Bounds Write	CWE-787	bcc_proc.c:449	1	2025-01-15 05:11pm
Vulnerable Code bcc/src/cc/bcc_proc.c Lines 444 to 449 in 6090e9c while (isspace(mapname[0])) mapname++; if (strstr(mapname, ".so") && (strstr(mapname, search1) || strstr(mapname, search2))) { found = true; 1 Data Flow/s detected bcc/src/cc/bcc_proc.c Line 449 in 6090e9c found = true; Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Path/Directory Traversal	CWE-22	libbpf.c:1030	1	2025-01-15 05:11pm
Vulnerable Code bcc/src/cc/libbpf.c Lines 1025 to 1030 in 6090e9c int kfd = -1, res = -1; char ev_alias[256]; bool is_kprobe = strncmp("kprobe", event_type, 6) == 0; snprintf(buf, PATH_MAX, "/sys/kernel/debug/tracing/%s_events", event_type); kfd = open(buf, O_WRONLY | O_APPEND, 0); 1 Data Flow/s detected bcc/src/cc/libbpf.c Line 979 in 6090e9c if (bytes <= 0 || bytes >= sizeof(buf)) { Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Path/Directory Traversal Training ● Videos    ▪ Secure Code Warrior Path/Directory Traversal Video ● Further Reading    ▪ OWASP Path Traversal    ▪ OWASP Input Validation Cheat Sheet
High	Out of Buffer Bounds Write	CWE-787	libbpf.c:971	1	2025-01-15 05:11pm
Vulnerable Code bcc/src/cc/libbpf.c Lines 966 to 971 in 6090e9c char buf[PATH_MAX]; struct perf_event_attr attr = {}; // Caller did not provided a valid Perf Event FD. Create one with the debugfs // event path provided. if (*pfd < 0) { snprintf(buf, sizeof(buf), "%s/id", event_path); 1 Data Flow/s detected bcc/src/cc/libbpf.c Line 971 in 6090e9c snprintf(buf, sizeof(buf), "%s/id", event_path); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Path/Directory Traversal	CWE-22	libbpf.c:1029	1	2025-01-15 05:11pm
Vulnerable Code bcc/src/cc/libbpf.c Lines 1024 to 1029 in 6090e9c { int kfd = -1, res = -1; char ev_alias[256]; bool is_kprobe = strncmp("kprobe", event_type, 6) == 0; snprintf(buf, PATH_MAX, "/sys/kernel/debug/tracing/%s_events", event_type); 1 Data Flow/s detected bcc/src/cc/libbpf.c Line 979 in 6090e9c if (bytes <= 0 || bytes >= sizeof(buf)) { Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Path/Directory Traversal Training ● Videos    ▪ Secure Code Warrior Path/Directory Traversal Video ● Further Reading    ▪ OWASP Path Traversal    ▪ OWASP Input Validation Cheat Sheet

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	Buffer Overflow	CWE-121	C/C++ (Beta)	2
High	Out of Buffer Bounds Write	CWE-787	C/C++ (Beta)	10
High	Use After Free	CWE-416	C/C++ (Beta)	1
High	Double Free	CWE-415	C/C++ (Beta)	1
High	Path/Directory Traversal	CWE-22	C/C++ (Beta)	2