Code Security Report: 3 high severity findings, 5 total findings

[mend-for-github-com]

Code Security Report

Scan Metadata

Latest Scan: 2024-07-18 09:14pm
Total Findings: 5 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 24
Detected Programming Languages: 2 (Go, JavaScript / TypeScript*)

• Check this box to manually trigger a scan

Finding Details

Severity	Vulnerability Type	CWE	File	Data Flows	Date
High	Insecure Directory Permissions	CWE-732	node.go:61	1	2024-07-18 09:14pm
Vulnerable Code seagate-exos-x-csi/pkg/node/node.go Lines 56 to 61 in f20a164 runPath: fmt.Sprintf("/var/run/%s", common.PluginName), nodeName: envNodeName, nodeIP: nodeIP, } if err := os.MkdirAll(node.runPath, 0755); err != nil { 1 Data Flow/s detected seagate-exos-x-csi/pkg/node/node.go Line 61 in f20a164 if err := os.MkdirAll(node.runPath, 0755); err != nil { Secure Code Warrior Training Material
High	Insecure Directory Permissions	CWE-732	storageService.go:264	1	2024-07-18 09:14pm
Vulnerable Code seagate-exos-x-csi/pkg/storage/storageService.go Lines 259 to 264 in f20a164 out, err := exec.Command("findmnt", "--output", "TARGET", "--noheadings", path).Output() mountpoints := strings.Split(strings.Trim(string(out), "\n"), "\n") if err != nil || len(mountpoints) == 0 { klog.V(1).InfoS("mount", "command", fmt.Sprintf("mount -t %s %s %s", fsType, path, req.GetTargetPath())) os.Mkdir(req.GetTargetPath(), 00755) 1 Data Flow/s detected seagate-exos-x-csi/pkg/storage/storageService.go Line 264 in f20a164 os.Mkdir(req.GetTargetPath(), 00755) Secure Code Warrior Training Material
High	Insecure Directory Permissions	CWE-732	controller.go:79	1	2024-07-18 09:14pm
Vulnerable Code seagate-exos-x-csi/pkg/controller/controller.go Lines 74 to 79 in f20a164 client: client, runPath: fmt.Sprintf("/var/run/%s", common.PluginName), nodeServiceClients: map[string]*grpc.ClientConn{}, } if err := os.MkdirAll(controller.runPath, 0755); err != nil { 1 Data Flow/s detected seagate-exos-x-csi/pkg/controller/controller.go Line 79 in f20a164 if err := os.MkdirAll(controller.runPath, 0755); err != nil { Secure Code Warrior Training Material
Medium	Heap Inspection	CWE-244	driver.go:75	1	2024-07-18 09:14pm
Vulnerable Code seagate-exos-x-csi/pkg/common/driver.go Line 75 in f20a164 GetSecrets() map[string]string Secure Code Warrior Training Material
Low	Log Forging	CWE-117	testapp.js:11	1	2024-07-18 09:14pm
Vulnerable Code seagate-exos-x-csi/testapp/testapp.js Lines 6 to 11 in f20a164 const os = require('os'); console.log("[] testapp server starting..."); var handler = function(request, response) { console.log(" Received request from (" + request.connection.remoteAddress + ")"); 1 Data Flow/s detected seagate-exos-x-csi/testapp/testapp.js Line 16 in f20a164 var www = http.createServer(handler); seagate-exos-x-csi/testapp/testapp.js Line 10 in f20a164 var handler = function(request, response) { seagate-exos-x-csi/testapp/testapp.js Line 11 in f20a164 console.log(" Received request from (" + request.connection.remoteAddress + ")"); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Log Forging Training ● Videos    ▪ Secure Code Warrior Log Forging Video ● Further Reading    ▪ OWASP Log Forging