Code Security Report: 4 high severity findings, 6 total findings [develop]

[mend-for-github-com]

Code Security Report

Scan Metadata

Latest Scan: 2025-01-15 05:18pm
Total Findings: 6 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 238
Detected Programming Languages: 2 (Python*, C/C++ (Beta))

• Check this box to manually trigger a scan

Finding Details

Severity	Vulnerability Type	CWE	File	Data Flows	Detected
High	Buffer Overflow	CWE-121	serialize.c:167	1	2025-01-15 05:23pm
Vulnerable Code drgn/libdrgn/serialize.c Lines 162 to 167 in ad65e41 unsigned int shift; if (size > sizeof(ret)) memcpy(&ret, &p[1], sizeof(ret)); else memcpy((char *)(&ret + 1) - size, p, size); 1 Data Flow/s detected drgn/libdrgn/serialize.c Line 128 in ad65e41 first_mask = 0xff00 >> bit_offset; drgn/libdrgn/serialize.c Line 154 in ad65e41 bits = bit_offset + bit_size; drgn/libdrgn/serialize.c Line 155 in ad65e41 size = (bits + 7) / 8; drgn/libdrgn/serialize.c Line 167 in ad65e41 memcpy((char *)(&ret + 1) - size, p, size); Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Buffer Overflow Training ● Videos    ▪ Secure Code Warrior Buffer Overflow Video
High	Out of Buffer Bounds Write	CWE-787	util.h:144	1	2025-01-15 05:23pm
Vulnerable Code drgn/libdrgn/util.h Lines 139 to 144 in ad65e41 { if (size > *capacity) { free(*buf); *buf = malloc(size); if (!*buf) { *capacity = 0; 1 Data Flow/s detected drgn/libdrgn/util.h Line 144 in ad65e41 *capacity = 0; Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Out of Buffer Bounds Write	CWE-787	util.h:147	1	2025-01-15 05:23pm
Vulnerable Code drgn/libdrgn/util.h Lines 142 to 147 in ad65e41 *buf = malloc(size); if (!*buf) { *capacity = 0; return false; } *capacity = size; 1 Data Flow/s detected drgn/libdrgn/util.h Line 147 in ad65e41 *capacity = size; Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Out of Buffer Bounds Write Training ● Videos    ▪ Secure Code Warrior Out of Buffer Bounds Write Video
High	Use After Free	CWE-416	stack_trace.c:459	1	2025-01-15 05:23pm
Vulnerable Code drgn/libdrgn/stack_trace.c Lines 454 to 459 in ad65e41 frame->scopes = new_scopes; frame->num_scopes = new_num_scopes; frame->function_scope = num_ancestors; /* Look for the name in the new scopes. */ err = drgn_find_in_dwarf_scopes(frame->scopes, num_ancestors, 1 Data Flow/s detected drgn/libdrgn/stack_trace.c Line 459 in ad65e41 err = drgn_find_in_dwarf_scopes(frame->scopes, num_ancestors, Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Use After Free Training ● Videos    ▪ Secure Code Warrior Use After Free Video
Medium	Integer Underflow	CWE-191	serialize.c:16	5	2025-01-15 05:23pm
Vulnerable Code drgn/libdrgn/serialize.c Lines 11 to 16 in ad65e41 unsigned int dst_bit_offset, bool lsb0) { uint8_t result; if (lsb0) { result = s[0] >> src_bit_offset; if (bit_size > 8 - src_bit_offset) 5 Data Flow/s detected View Data Flow 1 drgn/libdrgn/serialize.c Line 16 in ad65e41 if (bit_size > 8 - src_bit_offset) View Data Flow 2 drgn/libdrgn/serialize.c Line 16 in ad65e41 if (bit_size > 8 - src_bit_offset) View Data Flow 3 drgn/libdrgn/serialize.c Line 16 in ad65e41 if (bit_size > 8 - src_bit_offset) View more Data Flows Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Integer Underflow Training ● Videos    ▪ Secure Code Warrior Integer Underflow Video
Low	Uncontrolled Memory Allocation	CWE-789	linux_kernel.c:126	1	2025-01-15 05:23pm
Vulnerable Code drgn/libdrgn/linux_kernel.c Lines 121 to 126 in ad65e41 return drgn_error_create(DRGN_ERROR_OTHER, "could not parse /sys/kernel/vmcoreinfo"); } fclose(file); _cleanup_free_ char *buf = malloc(size); 1 Data Flow/s detected drgn/libdrgn/linux_kernel.c Line 120 in ad65e41 fclose(file); Secure Code Warrior Training Material