Code Security Report

Scan Metadata

Latest Scan: 2023-08-02 02:25pm Total Findings: 108 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 6487 Detected Programming Languages: 4 (Python, JavaScript / Node.js, C/C++ (Beta), TypeScript)

[ ] Check this box to manually trigger a scan

Most Relevant Findings

The below list presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend SAST Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Date
High	Out of Buffer Bounds Write	[CWE-787](https://cwe.mitre.org/data/definitions/787.html)	[mdal_selafin.cpp:537](https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/external/mdal/frmts/mdal_selafin.cpp#L537)	2	2023-08-02 04:05pm
More info https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/external/mdal/frmts/mdal_selafin.cpp#L532-L537 2 Data Flow/s detected View Data Flow 1 https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/external/mdal/frmts/mdal_selafin.cpp#L537 View Data Flow 2 https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/external/mdal/frmts/mdal_selafin.cpp#L537
High	Out of Buffer Bounds Write	[CWE-787](https://cwe.mitre.org/data/definitions/787.html)	[qgspostgresfeatureiterator.cpp:874](https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/src/providers/postgres/qgspostgresfeatureiterator.cpp#L874)	1	2023-08-02 04:05pm
More info https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/src/providers/postgres/qgspostgresfeatureiterator.cpp#L869-L874 1 Data Flow/s detected View Data Flow 1 https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/src/providers/postgres/qgspostgresfeatureiterator.cpp#L874
High	Out of Buffer Bounds Write	[CWE-787](https://cwe.mitre.org/data/definitions/787.html)	[qgslazdecoder.cpp:75](https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/src/core/pointcloud/qgslazdecoder.cpp#L75)	1	2023-08-02 04:05pm
More info https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/src/core/pointcloud/qgslazdecoder.cpp#L70-L75 1 Data Flow/s detected View Data Flow 1 https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/src/core/pointcloud/qgslazdecoder.cpp#L75
High	Out of Buffer Bounds Write	[CWE-787](https://cwe.mitre.org/data/definitions/787.html)	[qgslazdecoder.cpp:69](https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/src/core/pointcloud/qgslazdecoder.cpp#L69)	1	2023-08-02 04:05pm
More info https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/src/core/pointcloud/qgslazdecoder.cpp#L64-L69 1 Data Flow/s detected View Data Flow 1 https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/src/core/pointcloud/qgslazdecoder.cpp#L69
High	Out of Buffer Bounds Write	[CWE-787](https://cwe.mitre.org/data/definitions/787.html)	[dxfwriter.cpp:199](https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/external/libdxfrw/intern/dxfwriter.cpp#L199)	15	2023-08-02 04:05pm
More info https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/external/libdxfrw/intern/dxfwriter.cpp#L194-L199 15 Data Flow/s detected View Data Flow 1 https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/external/libdxfrw/intern/dxfwriter.cpp#L199 View Data Flow 2 https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/external/libdxfrw/intern/dxfwriter.cpp#L199 View Data Flow 3 https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/external/libdxfrw/intern/dxfwriter.cpp#L199 [View more Data Flows](https://saas-eu.mend.io/sast/#/scans/02f96c4a-1732-4d7c-9ee6-172730e13034/details?vulnId=3c713cee-ef14-4287-a08c-59d016d60b25&filtered=yes)
High	Out of Buffer Bounds Write	[CWE-787](https://cwe.mitre.org/data/definitions/787.html)	[Batch.cpp:369](https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/external/odbccpp/src/odbc/internal/Batch.cpp#L369)	1	2023-08-02 04:05pm
More info https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/external/odbccpp/src/odbc/internal/Batch.cpp#L364-L369 1 Data Flow/s detected View Data Flow 1 https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/external/odbccpp/src/odbc/internal/Batch.cpp#L369
High	Out of Buffer Bounds Write	[CWE-787](https://cwe.mitre.org/data/definitions/787.html)	[qgspostgresfeatureiterator.cpp:881](https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/src/providers/postgres/qgspostgresfeatureiterator.cpp#L881)	1	2023-08-02 04:05pm
More info https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/src/providers/postgres/qgspostgresfeatureiterator.cpp#L876-L881 1 Data Flow/s detected View Data Flow 1 https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/src/providers/postgres/qgspostgresfeatureiterator.cpp#L881
High	Out of Buffer Bounds Write	[CWE-787](https://cwe.mitre.org/data/definitions/787.html)	[qgslazdecoder.cpp:114](https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/src/core/pointcloud/qgslazdecoder.cpp#L114)	1	2023-08-02 04:05pm
More info https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/src/core/pointcloud/qgslazdecoder.cpp#L109-L114 1 Data Flow/s detected View Data Flow 1 https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/src/core/pointcloud/qgslazdecoder.cpp#L114
High	Out of Buffer Bounds Write	[CWE-787](https://cwe.mitre.org/data/definitions/787.html)	[mdal_binary_dat.cpp:74](https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/external/mdal/frmts/mdal_binary_dat.cpp#L74)	2	2023-08-02 04:05pm
More info https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/external/mdal/frmts/mdal_binary_dat.cpp#L69-L74 2 Data Flow/s detected View Data Flow 1 https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/external/mdal/frmts/mdal_binary_dat.cpp#L74 View Data Flow 2 https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/external/mdal/frmts/mdal_binary_dat.cpp#L74
High	Out of Buffer Bounds Write	[CWE-787](https://cwe.mitre.org/data/definitions/787.html)	[qgswfsprovidermetadata.cpp:324](https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/src/providers/wfs/qgswfsprovidermetadata.cpp#L324)	1	2023-08-02 04:05pm
More info https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/src/providers/wfs/qgswfsprovidermetadata.cpp#L319-L324 1 Data Flow/s detected View Data Flow 1 https://github.com/Mariusz-kruszynski-it/QGIS/blob/d4e990a30a858be4cde24acd67b09583cbf69a24/src/providers/wfs/qgswfsprovidermetadata.cpp#L324

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	Buffer Overflow	CWE-121	C/C++ (Beta)	1
High	Path/Directory Traversal	CWE-22	Python	13
High	Use After Free	CWE-416	C/C++ (Beta)	29
High	Double Free	CWE-415	C/C++ (Beta)	4
High	Command Injection	CWE-78	Python	1
High	Out of Buffer Bounds Write	CWE-787	C/C++ (Beta)	17
Medium	Hardcoded Password/Credentials	CWE-798	Python	5
Medium	Out of Buffer Bounds Read	CWE-125	C/C++ (Beta)	9
Medium	Heap Inspection	CWE-244	C/C++ (Beta)	23
Low	Weak Hash Strength	CWE-916	Python	3
Low	Divide By Zero	CWE-369	C/C++ (Beta)	3

Mariusz-kruszynski-it / QGIS

Code Security Report: 65 high severity findings, 108 total findings #3

Code Security Report

Scan Metadata

Most Relevant Findings

Findings Overview