Open BishopWolf opened 7 months ago
BishopWolf
commented
7 months ago It also detected
Calling extractall to extract all files from a tar file without sanitization. This may result files outside destination directory to be overwritten, resulting in an arbitrary file write. https://github.com/OpenGATE/opengate/blob/fcaae6dfeb10bcdbe4aab05d630028350735556c/core/opengate_core/g4DataSetup.py#L104
nkrah
commented
7 months ago Thanks for reporting. That's helpful. We will put this on the list of issues to be addressed in the next weeks.
nkrah
commented
7 months ago By the way: Do you mind sharing the commands you used to do the code analysis? I am honestly not familiar with Snyk. Thanks a bunch.
BishopWolf
commented
7 months ago Create a free account in https://snyk.io/ using your GitHub account.
Add this project to your snyk account
It will report all vulnerabilities
dsarrut
commented
7 months ago Awsome! Thank you very much, Alex!
I ran a Snyk code analysis, and it detected these problems:
Leaking memory. GateRandomMultiGauss is allocated on the heap and never freed https://github.com/OpenGATE/opengate/blob/fcaae6dfeb10bcdbe4aab05d630028350735556c/core/opengate_core/opengate_lib/GateSingleParticleSourcePencilBeam.h#L51
Leaking memory. G4AffineTransform is allocated on the heap and never freed https://github.com/OpenGATE/opengate/blob/fcaae6dfeb10bcdbe4aab05d630028350735556c/core/opengate_core/opengate_lib/GateUniqueVolumeID.cpp#L120