Code Security Report: 4 high severity findings, 8 total findings

[mend-for-github-com[bot]]

Code Security Report

Scan Metadata

Latest Scan: 2024-09-25 02:35pm Total Findings: 8 | New Findings: 0 | Resolved Findings: 0 Tested Project Files: 377 Detected Programming Languages: 3 (JavaScript / TypeScript*, Go, Python)

• [ ] Check this box to manually trigger a scan

Finding Details

Severity	Vulnerability Type	CWE	File	Data Flows	Date
High	Insecure Directory Permissions	[CWE-732](https://cwe.mitre.org/data/definitions/732.html)	[extract.go:11](https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/embedded/extract.go#L11)	1	2024-08-19 01:49pm
Vulnerable Code https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/embedded/extract.go#L6-L11 1 Data Flow/s detected https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/embedded/extract.go#L11 Secure Code Warrior Training Material
High	Path/Directory Traversal	[CWE-22](https://cwe.mitre.org/data/definitions/22.html)	[file.go:9](https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/utils/file.go#L9)	3	2024-08-19 01:49pm
Vulnerable Code https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/utils/file.go#L4-L9 3 Data Flow/s detected View Data Flow 1 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/cmd/make-cert/main.go#L15 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/cmd/make-cert/main.go#L46 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/utils/file.go#L8 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/utils/file.go#L9 View Data Flow 2 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/cmd/make-cert/main.go#L15 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/cmd/make-cert/main.go#L45 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/utils/file.go#L8 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/utils/file.go#L9 View Data Flow 3 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/cmd/make-cert/main.go#L15 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/cmd/make-cert/main.go#L44 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/utils/file.go#L8 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/utils/file.go#L9 Secure Code Warrior Training Material ● Training    ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/go/vanilla) ● Videos    ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading    ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal)    ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)
High	File Manipulation	[CWE-73](https://cwe.mitre.org/data/definitions/73.html)	[file.go:17](https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/utils/file.go#L17)	4	2024-08-19 01:49pm
Vulnerable Code https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/utils/file.go#L12-L17 4 Data Flow/s detected View Data Flow 1 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/cmd/make-cert/main.go#L15 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/cmd/make-cert/main.go#L32 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/cmd/make-cert/main.go#L38 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/utils/file.go#L8 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/utils/file.go#L17 View Data Flow 2 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/cmd/make-cert/main.go#L15 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/cmd/make-cert/main.go#L32 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/cmd/make-cert/main.go#L38 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/cmd/make-cert/main.go#L41 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/utils/file.go#L8 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/utils/file.go#L17 View Data Flow 3 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/cmd/make-cert/main.go#L19 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/cmd/make-cert/main.go#L23 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/cmd/make-cert/main.go#L32 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/cmd/make-cert/main.go#L38 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/utils/file.go#L8 https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/utils/file.go#L17 [View more Data Flows](https://saas.whitesourcesoftware.com/app/orgs/Jason%20Geraigery%20Demo%20Instance/scans/a4fddd35-e417-4d0e-9949-8ab06f0697d7/sast?project=12730950-f740-4798-9df7-d15004f23e1b&findingSnapshotId=85bee772-cdd8-4303-9712-509d265b7f6e&filtered=yes) Secure Code Warrior Training Material ● Training    ▪ [Secure Code Warrior File Manipulation Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/go/vanilla) ● Videos    ▪ [Secure Code Warrior File Manipulation Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading    ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal)    ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)
High	Path/Directory Traversal	[CWE-22](https://cwe.mitre.org/data/definitions/22.html)	[write-ls-protocol-version.py:57](https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/release-scripts/write-ls-protocol-version.py#L57)	1	2024-08-19 01:49pm
Vulnerable Code https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/release-scripts/write-ls-protocol-version.py#L52-L57 1 Data Flow/s detected https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/release-scripts/write-ls-protocol-version.py#L57 Secure Code Warrior Training Material ● Training    ▪ [Secure Code Warrior Path/Directory Traversal Training](https://portal.securecodewarrior.com/?utm_source=partner-integration:mend&partner_id=mend#/contextual-microlearning/web/injection/pathtraversal/python/vanilla) ● Videos    ▪ [Secure Code Warrior Path/Directory Traversal Video](https://media.securecodewarrior.com/v2/module_196_path_traversal.mp4) ● Further Reading    ▪ [OWASP Path Traversal](https://owasp.org/www-community/attacks/Path_Traversal)    ▪ [OWASP Input Validation Cheat Sheet](https://cheatsheetseries.owasp.org/cheatsheets/Input_Validation_Cheat_Sheet.html)
Medium	Miscellaneous Dangerous Functions	[CWE-676](https://cwe.mitre.org/data/definitions/676.html)	[write-ls-protocol-version.py:14](https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/release-scripts/write-ls-protocol-version.py#L14)	1	2024-08-19 01:49pm
Vulnerable Code https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/release-scripts/write-ls-protocol-version.py#L14 Secure Code Warrior Training Material
Medium	Miscellaneous Dangerous Functions	[CWE-676](https://cwe.mitre.org/data/definitions/676.html)	[write-ls-protocol-version.py:21](https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/release-scripts/write-ls-protocol-version.py#L21)	1	2024-08-19 01:49pm
Vulnerable Code https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/release-scripts/write-ls-protocol-version.py#L21 Secure Code Warrior Training Material
Medium	Heap Inspection	[CWE-244](https://cwe.mitre.org/data/definitions/244.html)	[proxy.go:44](https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/proxy/proxy.go#L44)	1	2024-08-19 01:49pm
Vulnerable Code https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/proxy/proxy.go#L44 Secure Code Warrior Training Material
Medium	Heap Inspection	[CWE-244](https://cwe.mitre.org/data/definitions/244.html)	[proxy.go:38](https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/proxy/proxy.go#L38)	1	2024-08-19 01:49pm
Vulnerable Code https://github.com/jgeraigery/snyk-cli/blob/7ce870ddc14825255cc25397a27f4c9ca67a72c8/cliv2/internal/proxy/proxy.go#L38 Secure Code Warrior Training Material