Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Code Security Report: 6 total findings #2

Open
1 task
mend-for-github-com bot opened this issue Jun 14, 2024 · 0 comments
Open
1 task

Code Security Report: 6 total findings #2

mend-for-github-com bot opened this issue Jun 14, 2024 · 0 comments
Labels
Mend: code security findings Code security findings detected by Mend

Comments

@mend-for-github-com
Copy link

mend-for-github-com bot commented Jun 14, 2024
edited
Loading

Code Security Report

Scan Metadata

Latest Scan: 2024-11-22 11:03pm
Total Findings: 6 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 147
Detected Programming Languages: 2 (Go, JavaScript / TypeScript*)

  • Check this box to manually trigger a scan

Finding Details

SeverityVulnerability TypeCWEFileData FlowsDetected
MediumWeak Pseudo-Random

CWE-338

sessions.go:192

12024-11-19 10:02pm
Vulnerable Code

cfm/pkg/accounts/sessions.go

Line 192 in 211a099

r := rand.New(seed)

Secure Code Warrior Training Material

● Training

   ▪ Secure Code Warrior Weak Pseudo-Random Training

● Videos

   ▪ Secure Code Warrior Weak Pseudo-Random Video

● Further Reading

   ▪ OWASP Insecure Randomness

 
MediumHeap Inspection

CWE-244

flags.go:102

12024-10-17 05:37pm
Vulnerable Code

cfm/cli/pkg/serviceLib/flags/flags.go

Line 102 in 211a099

APPLIANCE_PASSWORD_DFLT string = "dummypswd"

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

flags.go:59

12024-10-17 05:37pm
Vulnerable Code

cfm/cli/pkg/serviceLib/flags/flags.go

Line 59 in 211a099

DEVICE_PASSWORD_SH string = "W"

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

flags.go:58

12024-10-17 05:37pm
Vulnerable Code

cfm/cli/pkg/serviceLib/flags/flags.go

Line 58 in 211a099

DEVICE_PASSWORD string = DEVICE + "-" + PASSWORD

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

flags.go:116

12024-10-17 05:37pm
Vulnerable Code

cfm/cli/pkg/serviceLib/flags/flags.go

Line 116 in 211a099

HOST_PASSWORD_DFLT string = "admin12345"

Secure Code Warrior Training Material
 
MediumHeap Inspection

CWE-244

flags.go:109

12024-10-17 05:37pm
Vulnerable Code

cfm/cli/pkg/serviceLib/flags/flags.go

Line 109 in 211a099

BLADE_PASSWORD_DFLT string = "0penBmc"

Secure Code Warrior Training Material
@mend-for-github-com mend-for-github-com bot added the Mend: code security findings Code security findings detected by Mend label Jun 14, 2024
@mend-for-github-com mend-for-github-com bot changed the title Code Security Report: 19 total findings Code Security Report: 28 total findings Jun 18, 2024
@mend-for-github-com mend-for-github-com bot changed the title Code Security Report: 28 total findings Code Security Report: 27 total findings Jun 25, 2024
@mend-for-github-com mend-for-github-com bot changed the title Code Security Report: 27 total findings Code Security Report: 9 total findings Jun 27, 2024
@mend-for-github-com mend-for-github-com bot changed the title Code Security Report: 9 total findings Code Security Report: 0 total findings Aug 27, 2024
@mend-for-github-com mend-for-github-com bot changed the title Code Security Report: 0 total findings Code Security Report: 5 total findings Oct 18, 2024
@mend-for-github-com mend-for-github-com bot changed the title Code Security Report: 5 total findings Code Security Report: 6 total findings Nov 19, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Mend: code security findings Code security findings detected by Mend
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
0 participants