search

jgeraigery / Singularity-4567321

Scheduler (HTTP API and webapp) for running Mesos tasks—long running processes, one-off tasks, and scheduled jobs. #hubspot-open-source
http://getsingularity.com/
Apache License 2.0
0 stars 0 forks source link

Code Security Report: 26 total findings #210

Open mend-for-github-com[bot] opened 7 months ago

mend-for-github-com[bot] commented 7 months ago

Code Security Report

Scan Metadata

Latest Scan: 2024-01-26 02:56pm Total Findings: 26 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 743 Detected Programming Languages: 3 (Python, Java, JavaScript / Node.js)

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend SAST Application.

SeverityVulnerability TypeCWEFileData FlowsDate
MediumWeak Pseudo-Random [CWE-338](https://cwe.mitre.org/data/definitions/338.html) [SingularityClient.java:404](https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityClient/src/main/java/com/hubspot/singularity/client/SingularityClient.java#L404) 12024-01-26 02:59pm
Vulnerable Code https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityClient/src/main/java/com/hubspot/singularity/client/SingularityClient.java#L404
 
MediumWeak Pseudo-Random [CWE-338](https://cwe.mitre.org/data/definitions/338.html) [SingularityMesosSchedulerImpl.java:427](https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityService/src/main/java/com/hubspot/singularity/mesos/SingularityMesosSchedulerImpl.java#L427) 12024-01-26 02:59pm
Vulnerable Code https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityService/src/main/java/com/hubspot/singularity/mesos/SingularityMesosSchedulerImpl.java#L427
 
MediumWeak Pseudo-Random [CWE-338](https://cwe.mitre.org/data/definitions/338.html) [MesosUtils.java:194](https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityService/src/main/java/com/hubspot/singularity/helpers/MesosUtils.java#L194) 12024-01-26 02:59pm
Vulnerable Code https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityService/src/main/java/com/hubspot/singularity/helpers/MesosUtils.java#L194
 
MediumError Messages Information Exposure [CWE-209](https://cwe.mitre.org/data/definitions/209.html) [SingularityExecutorCleanup.java:619](https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityExecutorCleanup/src/main/java/com/hubspot/singularity/executor/cleanup/SingularityExecutorCleanup.java#L619) 12024-01-26 02:59pm
Vulnerable Code https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityExecutorCleanup/src/main/java/com/hubspot/singularity/executor/cleanup/SingularityExecutorCleanup.java#L619
 
MediumError Messages Information Exposure [CWE-209](https://cwe.mitre.org/data/definitions/209.html) [SingularityUploader.java:135](https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityS3Uploader/src/main/java/com/hubspot/singularity/s3uploader/SingularityUploader.java#L135) 12024-01-26 02:59pm
Vulnerable Code https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityS3Uploader/src/main/java/com/hubspot/singularity/s3uploader/SingularityUploader.java#L135
 
MediumError Messages Information Exposure [CWE-209](https://cwe.mitre.org/data/definitions/209.html) [BaragonLoadBalancerClientImpl.java:259](https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityService/src/main/java/com/hubspot/singularity/hooks/BaragonLoadBalancerClientImpl.java#L259) 12024-01-26 02:59pm
Vulnerable Code https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityService/src/main/java/com/hubspot/singularity/hooks/BaragonLoadBalancerClientImpl.java#L259
 
MediumError Messages Information Exposure [CWE-209](https://cwe.mitre.org/data/definitions/209.html) [SingularityAbort.java:159](https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityService/src/main/java/com/hubspot/singularity/SingularityAbort.java#L159) 12024-01-26 02:59pm
Vulnerable Code https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityService/src/main/java/com/hubspot/singularity/SingularityAbort.java#L159
 
MediumError Messages Information Exposure [CWE-209](https://cwe.mitre.org/data/definitions/209.html) [SingularityExecutorCleanup.java:662](https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityExecutorCleanup/src/main/java/com/hubspot/singularity/executor/cleanup/SingularityExecutorCleanup.java#L662) 12024-01-26 02:59pm
Vulnerable Code https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityExecutorCleanup/src/main/java/com/hubspot/singularity/executor/cleanup/SingularityExecutorCleanup.java#L662
 
MediumError Messages Information Exposure [CWE-209](https://cwe.mitre.org/data/definitions/209.html) [SingularityExecutorShellCommandRunner.java:242](https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityExecutor/src/main/java/com/hubspot/singularity/executor/shells/SingularityExecutorShellCommandRunner.java#L242) 12024-01-26 02:59pm
Vulnerable Code https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityExecutor/src/main/java/com/hubspot/singularity/executor/shells/SingularityExecutorShellCommandRunner.java#L242
 
MediumError Messages Information Exposure [CWE-209](https://cwe.mitre.org/data/definitions/209.html) [SingularityDeployAcceptanceManager.java:72](https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityService/src/main/java/com/hubspot/singularity/scheduler/SingularityDeployAcceptanceManager.java#L72) 12024-01-26 02:59pm
Vulnerable Code https://github.com/jgeraigery/Singularity-4567321/blob/d30e2353aaf865b493bd44293e5e4b20efb85f2d/SingularityService/src/main/java/com/hubspot/singularity/scheduler/SingularityDeployAcceptanceManager.java#L72

Findings Overview

Severity Vulnerability Type CWE Language Count
Medium Heap Inspection CWE-244 Java 1
Medium Error Messages Information Exposure CWE-209 Java 20
Medium Weak Pseudo-Random CWE-338 Java 3
Low Log Forging CWE-117 Java 1
Low HTTP Header Injection CWE-113 Java 1