search

wazuh / wazuh

Wazuh - The Open Source Security Platform. Unified XDR and SIEM protection for endpoints and cloud workloads.
https://wazuh.com/
Other
9.33k stars 1.48k forks source link

Release 4.8.0 - RC 1 - Coverity scan #23248

Closed MarcelKemp closed 1 week ago

MarcelKemp commented 2 weeks ago
Main RC issue Version Stage Tag Previous issue
#23246 4.8.0 RC 1 v4.8.0-rc1 #23069

This issue will show the results of the Coverity scan for the current RC.

Auditors' validation

MarcelKemp commented 2 weeks ago

Summary

Snapshot ID Coverity version Platform Total detected Newly detected Newly eliminated
78781 2023.6.2 Ubuntu 22.04.1 278 53 6

Results

New defects: |Status|CID|Type|Impact|Date|Component|Origin|Notes| |:-:|---|---|---|---|---|---|---| |🔴|1586306|Data race condition|Medium|May 03, 2024|IndexerConnector|4.8.0 RC 1| #23249 | |🔴|1586305|Use of auto that causes a copy|Low|May 03, 2024|IndexerConnector|4.8.0 RC 1| #23249 | |🔴|1586304|Uninitialized scalar field|Medium|May 03, 2024|SocketDBWrapper|4.8.0 RC 1| #23249 | |🔴|1586303|Data race condition|Medium|May 03, 2024|SocketDBWrapper|4.8.0 RC 1| #23249 |
Fixed defects: |Status|CID|Type|Impact|Date|Component|Origin|Notes| |:-:|---|---|---|---|---|---|---|
Previously detected defects: |Status|CID|Type|Impact|Date|Component|Origin|Notes| |:-:|---|---|---|---|---|---|---| |🟢|1585278|Data race condition|Medium|Apr 19, 2024|threadSafeMultiQueue|4.8.0 Beta 6| | |🟢|1585277|Data race condition|Medium|Apr 19, 2024|threadSafeMultiQueue|4.8.0 Beta 6| | |🟢|1585274|Data race condition|Medium|Apr 19, 2024|threadSafeQueue|4.8.0 Beta 6| | |🟢|1585273|COPY_INSTEAD_OF_MOVE|Low|Apr 19, 2024|Vulnerability Detector|4.8.0 Beta 6| | |🟢|1585270|Data race condition|Medium|Apr 19, 2024|threadSafeQueue|4.8.0 Beta 6| | |🟢|1583807|Data race condition|Medium|Feb 26, 2024|shared_modules/utils|4.8.0 Beta 4| https://github.com/wazuh/wazuh/issues/22184 | |🟢|1583725 |Data race condition|Medium|Feb 22, 2024|Wazuh DB|#21997| https://github.com/wazuh/wazuh/issues/22184 | |🟢|1580138|COPY_INSTEAD_OF_MOVE|Low|Feb 07, 2024|Other|4.8.0 Beta 1|#21808| |🟢|1580137|COPY_INSTEAD_OF_MOVE|Low|Feb 07, 2024|Other|4.8.0 Beta 1|#21808| |🟢|1580135|COPY_INSTEAD_OF_MOVE|Low|Feb 07, 2024|Other|4.8.0 Beta 1|#21808| |⚪|1575474|Thread deadlock|Medium|January 8, 2024|RWlock wrapper||| |🔴|1575473|Use of auto that causes a copy|Low|January 8, 2024|Syscollector||#14673| |⚪|1575472|Data race condition|Low|January 8, 2024|Analysisd||| |⚪|1575471|Data race condition|Low|January 8, 2024|Analysisd||| |🔴|1575470|COPY_INSTEAD_OF_MOVE|Low|January 8, 2024|File integrity monitoring|#9103|#17945| |🔴|1575469|Use of auto that causes a copy|Low|January 8, 2024|Rsync||#14673| |⚪|1575468|Data race condition|Medium|January 8, 2024|Analysisd||| |⚪|1575467|Data race condition|Medium|January 8, 2024|Logcollector||| |⚪|1575466|Data race condition|Medium|January 8, 2024|Analysisd||| |🟢|1575465|Indefinite wait|High|January 8, 2024|Wazuh modules (exec)||| |⚪|1575464|Data race condition|Medium|January 8, 2024|Analysisd||| |🔴|1575463|Data race condition|Medium|January 8, 2024|Shared library||#21307| |⚪|1575462|Data race condition|Medium|January 8, 2024|Analysisd||| |🔴|1575461|COPY_INSTEAD_OF_MOVE|Low|January 8, 2024|File integrity monitoring|#9103|#17945| |🔴|1575460|COPY_INSTEAD_OF_MOVE|Low|January 8, 2024|Data provider||#17025| |🔴|1575459|COPY_INSTEAD_OF_MOVE|Low|January 8, 2024|Data provider||#17025| |⚪|1575458|Data race condition|Medium|January 8, 2024|Analysisd||| |🔴|1575457|COPY_INSTEAD_OF_MOVE|Low|January 8, 2024|DBsync||#17025| |⚪|1575455|Data race condition|Medium|January 8, 2024|Analysisd||| |🟢|1575454|Data race condition|Medium|January 8, 2024|Crypto library||| |🔴|1575453|Data race condition|Medium|January 8, 2024|Shared library||#21307| |🔴|1575452|COPY_INSTEAD_OF_MOVE|Low|January 8, 2024|Data provider||#17025| |🔵|1575451|Data race condition|Medium|January 8, 2024|Analysisd||Won't fix| |🔴|1575450|COPY_INSTEAD_OF_MOVE|Low|January 8, 2024|File integrity monitoring|#9103|#17945| |🔴|1575449|COPY_INSTEAD_OF_MOVE|Low|January 8, 2024|Data provider||#17025| |🔴|1575448|COPY_INSTEAD_OF_MOVE|Low|January 8, 2024|File integrity monitoring|#9103|#17945| |⚪|1575447|Data race condition|Medium|January 8, 2024|Analysisd||| |⚪|1575446|Thread deadlock|Medium|January 8, 2024|RWlock wrapper||| |🔴|1575445|COPY_INSTEAD_OF_MOVE|Low|January 8, 2024|Data provider||#17025| |🔴|1575443|Use of auto that causes a copy|Low|January 8, 2024|Data provider||#14673| |⚪|1575442|Data race condition|Medium|January 8, 2024|Analysisd||| |⚪|1575441|Data race condition|Medium|January 8, 2024|Analysisd||| |🔴|1575440|Data race condition|Medium|January 8, 2024|Shared library||#21307| |🔴|1575439|COPY_INSTEAD_OF_MOVE|Low|January 8, 2024|Data provider||#17025| |⚪|1575438|Data race condition|Medium|January 8, 2024|Analysisd||| |🟢|1575437|Data race condition|Medium|January 8, 2024|Analysisd||| |⚪|1575436|Data race condition|Medium|January 8, 2024|Analysisd||| |🔴|1575435|Use of auto that causes a copy|Low|January 8, 2024|Data provider||#14673| |🟢|1575434|Data race condition|Medium|January 8, 2024|Analysisd||| |⚪|1575433|Data race condition|Medium|January 8, 2024|Analysisd||| |🔵|1575432|Data race condition|Medium|January 8, 2024|Analysisd||Won't fix| |🔴|1575431|COPY_INSTEAD_OF_MOVE|Low|January 8, 2024|Data provider||#17025| |⚪|1575430|Data race condition|Medium|January 8, 2024|Analysisd||| |🟢|1575429|Data race condition|Medium|January 8, 2024|Analysisd||| |🔴|1575428|Use of auto that causes a copy|Low|January 8, 2024|DBsync||#14673| |⚪|1575427|Data race condition|Medium|January 8, 2024|Analysisd||| |🔴|1575426|Use of auto that causes a copy|Low|January 8, 2024|File integrity monitoring|#9103|#17945| |🔴|1575425|Use of auto that causes a copy|Low|January 8, 2024|File integrity monitoring|#9103|#17945| |🔴|1575424|Use of auto that causes a copy|Low|January 8, 2024|DBsync||#14673| |🔴|1575423|COPY_INSTEAD_OF_MOVE|Low|January 8, 2024|Rsync||#17025| |🔴|1575422|COPY_INSTEAD_OF_MOVE|Low|January 8, 2024|File integrity monitoring|#9103|#17945| |🔴|1575421|Data race condition|Medium|January 8, 2024|Shared library||#21307| |🔴|1575420|COPY_INSTEAD_OF_MOVE|Low|January 8, 2024|File integrity monitoring|#9103|#17945| |🔴|1575419|Data race condition|Medium|January 8, 2024|File integrity monitoring||| |🟢|1575418|Check of thread-shared field evades lock acquisition|High|January 8, 2024|Remoted||#21309| |🔴|1575417|COPY_INSTEAD_OF_MOVE|Low|January 8, 2024|Data provider||#17025| |⚪|1575416|Data race condition|Medium|January 8, 2024|Analysisd||| |🟢|1575414|Indefinite wait|High|January 8, 2024|Wazuh modules||| |⚪|1575413|Data race condition|Medium|January 8, 2024|Analysisd||| |⚪|1575412|Data race condition|Medium|January 8, 2024|Analysisd||| |🟢|1575411|Data race condition|Medium|January 8, 2024|Wazuh modules||| |⚪|1575410|Data race condition|Medium|January 8, 2024|Analysisd||| |🔴|1575409|Use of auto that causes a copy|Low|January 8, 2024|Rsync||#14673| |⚪|1575408|Data race condition|Medium|January 8, 2024|Analysisd||| |🔵|1575406|Data race condition|Medium|January 8, 2024|Analysisd||Won't fix| |🟢|1575405|Data race condition|Medium|January 8, 2024|Crypto library||| |⚪|1575404|Data race condition|Medium|January 8, 2024|Analysisd||| |🔴|1575403|Indefinite wait|High|January 8, 2024|File integrity monitoring||#21310| |🔵|1575402|Data race condition|Medium|January 8, 2024|Analysisd||Won't fix| |🔴|1575401|Use of auto that causes a copy|Low|January 8, 2024|DBsync||#14673| |⚪|1575400|Data race condition|Medium|January 8, 2024|Analysisd||| |🟢|1575399|Check of thread-shared field evades lock acquisition|High|January 8, 2024|Remoted||| |⚪|1575398|Data race condition|Medium|January 8, 2024|Analysisd||| |⚪|1575397|Data race condition|Medium|January 8, 2024|Analysisd||| |🔴|1575396|COPY_INSTEAD_OF_MOVE|Low|January 8, 2024|Data provider||#17025| |🔴|1575395|Data race condition|Medium|January 8, 2024|Syscollector||| |⚪|1575394|Data race condition|Medium|January 8, 2024|Analysisd||| |🔴|1575393|COPY_INSTEAD_OF_MOVE|Low|January 8, 2024|Data provider||#17025| |🔵|1574439|Unchecked return value|Low|12/13/23|Wazuh DB||From 3.9.4| |🔵|1574438|Unchecked return value|Low|12/13/23|Wazuh DB||From 3.2.0| |🔵|1574437|Unchecked return value|Low|12/13/23|Wazuh DB||From 4.4.0| |🔴|1567850|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567849|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567847|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567846|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567845|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567844|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567843|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567842|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567841|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567840|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567838|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567835|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567834|Use of 32-bit time_t|High|September 7, 2023|Rsync||#14664| |🔴|1567833|Waiting while holding a lock|Medium|September 7, 2023|File integrity monitoring|#9103|#18895| |🔴|1567831|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567830|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|Shared modules||#17025| |🔴|1567829|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567828|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567827|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567826|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567825|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567824|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1567822|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|Shared modules||#17025| |🔴|1567821|COPY_INSTEAD_OF_MOVE|Low|September 7, 2023|File integrity monitoring|#9103|#17945| |🔴|1566331|Thread deadlock|Medium|July 17, 2023|FIM|#9096|#17957| |🔴|1566329|Thread deadlock|Medium|July 17, 2023|FIM|#9096|#17957| |🔴|1561381|COPY_INSTEAD_OF_MOVE|Low|May 5, 2023|Data Provider||#17025| |🔴|1561380|COPY_INSTEAD_OF_MOVE|Low|May 5, 2023|DBsync||#17025| |🔴|1561379|COPY_INSTEAD_OF_MOVE|Low|May 5, 2023|DBsync||#17025| |🔴|1561378|COPY_INSTEAD_OF_MOVE|Low|May 5, 2023|Syscollector||#17025| |🟢|1561377|Unused value|Low|May 5, 2023|Rootcheck||Good practices| |🔴|1561376|COPY_INSTEAD_OF_MOVE|Low|May 5, 2023|Syscollector||#17025| |🔴|1561375|COPY_INSTEAD_OF_MOVE|Low|May 5, 2023|Syscollector||#17025| |🔴|1561372|COPY_INSTEAD_OF_MOVE|Low|May 5, 2023|Data provider||#17025| |🔴|1561371|COPY_INSTEAD_OF_MOVE|Low|May 5, 2023|Data provider||#17025| |🟢|1561370|Unused value|Low|May 5, 2023|Rootcheck||Good practices| |🔴|1561369|COPY_INSTEAD_OF_MOVE|Low|May 5, 2023|Rsync||#17025| |🔴|1561368|COPY_INSTEAD_OF_MOVE|Low|May 5, 2023|Data Provider||#17025| |🔴|1561367|COPY_INSTEAD_OF_MOVE|Low|May 5, 2023|Data Provider||#17025| |🟢|1561366|Unused value|Low|May 5, 2023|Shared||Good practices| |🔴|1561365|COPY_INSTEAD_OF_MOVE|Low|May 5, 2023|Shared||#17025| |🔴|1527748|Use of 32-bit time_t|High|November 30, 2022|Wazuh DB|#11753 (4.4.0)|Will impact in 2106. #14664| |🟢|1527747|Waiting while holding a lock|Medium|November 30, 2022|Syscollector|#10249 (4.3.0)|#15556| |🔴|1527746|Use of 32-bit time_t|High|November 30, 2022|Wazuh DB|#11753 (4.4.0)|Will impact in 2106. #14664| |⚪|1527743|Copy into fixed size buffer|Low|November 30, 2022|Execd|#9407 (4.2.0)|The string size is limited by `get_keys_from_json()`.| |🔴|1519900|Use of 32-bit time_t|High|August 16, 2022|Fluent forwarder module||#14664| |🔴|1519899|Use of 32-bit time_t|High|August 16, 2022|DBD||#14664| |🔴|1519898|Use of 32-bit time_t|High|August 16, 2022|Task module||#14664| |🔴|1519896|Use of 32-bit time_t|High|August 16, 2022|Task module||#14664| |🔴|1519895|Use of 32-bit time_t|High|August 16, 2022|Integrator||#14664| |🔴|1519894|Use of 32-bit time_t|High|August 16, 2022|SCA||#14664| |🔴|1519892|Use of 32-bit time_t|High|August 16, 2022|Wazuh DB||#14664| |🔴|1519891|Use of 32-bit time_t|High|August 16, 2022|Wazuh DB||#14664| |🔴|1519890|Out-of-bounds access|High|August 16, 2022|Regex library||| |🔴|1519889|Use of 32-bit time_t|High|August 16, 2022|Agentd||#14664| |🔴|1519888|Use of 32-bit time_t|High|August 16, 2022|DBD||#14664| |🔴|1519887|Use of 32-bit time_t|High|August 16, 2022|Task module||#14664| |🔴|1519886|Use of 32-bit time_t|High|August 16, 2022|Authd||#14664| |🔴|1519882|Use of 32-bit time_t|High|August 16, 2022|Remoted||#14664| |🔴|1519880|Use of 32-bit time_t|High|August 16, 2022|GitHub integration||#14664| |🔴|1519879|Use of 32-bit time_t|High|August 16, 2022|Office365 integration||#14664| |🔴|1519878|Use of 32-bit time_t|High|August 16, 2022|Google Cloud integration||#14664| |🔴|1519877|Use of 32-bit time_t|High|August 16, 2022|Agentless||#14664| |🔴|1519875|Use of 32-bit time_t|High|August 16, 2022|Agentd||#14664| |🔴|1519874|Use of 32-bit time_t|High|August 16, 2022|CIS-CAT integration||#14664| |🔴|1519873|Use of 32-bit time_t|High|August 16, 2022|SCA||#14664| |🔴|1519872|Use of 32-bit time_t|High|August 16, 2022|Authd||#14664| |🔴|1519871|Use of 32-bit time_t|High|August 16, 2022|manage_agents tool||#14664| |🔴|1519870|Logically dead code|Medium|August 16, 2022|Analysisd||| |🔴|1519869|Use of 32-bit time_t|High|August 16, 2022|Commands module||#14664| |🔴|1519868|Use of 32-bit time_t|High|August 16, 2022|Agentd||#14664| |🔴|1519867|Use of 32-bit time_t|High|August 16, 2022|OpenSCAP integration||#14664| |🔴|1519866|Use of 32-bit time_t|High|August 16, 2022|Wazuh DB||#14664| |🔴|1519865|Use of 32-bit time_t|High|August 16, 2022|Wazuh DB||#14664| |🔴|1519864|Use of 32-bit time_t|High|August 16, 2022|Docker integration||#14664| |🔴|1519863|Use of 32-bit time_t|High|August 16, 2022|Agentless||#14664| |🔴|1519861|Use of 32-bit time_t|High|August 16, 2022|Google Cloud integration||#14664| |🔴|1519860|Use of 32-bit time_t|High|August 16, 2022|WPK upgrade||#14664| |🔴|1519858|Use of 32-bit time_t|High|August 16, 2022|manage_agents tool||#14664| |🔴|1519857|Use of 32-bit time_t|High|August 16, 2022|Azure integration||#14664| |🔴|1519856|Use of 32-bit time_t|High|August 16, 2022|Task module||#14664| |🔴|1519854|Use of 32-bit time_t|High|August 16, 2022|AWS integration||#14664| |🔴|1518063|Untrusted loop bound|Medium|Jun 3, 2022|Shared||| |🔴|1515492|Out-of-bounds access|High|Mar 24, 2022|Regex tool||| |⚪|1515491|String not null terminated|High|Mar 24, 2022|Remoted||| |⚪|1510192|Incorrect sizeof expression|Medium|Nov 25, 2021|Shared||| |⚪|1510191|Incorrect sizeof expression|Medium|Nov 25, 2021|Shared||| |🟡|1503039|Filesystem path, filename, or URI manipulation|High|Mar 29, 2021|Modulesd||| |⚪|1503036|Illegal address computation|High|Mar 29, 2021|FIM||| |⚪|1503034|Cleartext sensitive data in a file|Low|Mar 29, 2021|Agentd||| |⚪|1503032|Cleartext transmission of sensitive data|High|Mar 29, 2021|Remoted||| |🟢|1503031|Cleartext sensitive data in a file|Low|Mar 29, 2021|Shared||| |🟡|1503028|Filesystem path, filename, or URI manipulation|High|Mar 29, 2021|Agentd||| |🟡|1503027|Filesystem path, filename, or URI manipulation|High|Mar 29, 2021|Wazuh DB||| |🟡|1500006|Waiting while holding a lock|Medium|Dec 5, 2020|Analysisd||| |🟡|1500005|Waiting while holding a lock|Medium|Dec 5, 2020|Modulesd||| |⚪|1493723|SQL injection|High|Dec 5, 2020|Wazuh DB||| |🟢|1479722|Waiting while holding a lock|Medium|May 1, 2019|Shared||| |⚪|1476147|Incorrect sizeof expression|Medium|Dec 31, 2018|Shared||| |⚪|1469286|Time of check time of use|Low|May 23, 2018|Shared||| |🟡|1378747|Untrusted allocation size|Medium|Nov 18, 2016|Analysisd||| |🟡|1378744|Untrusted loop bound|Medium|Nov 18, 2016|Analysisd||| |🟡|1378579|Time of check time of use|Low|Nov 16, 2016|Rootcheck||| |🟡|1378578|Time of check time of use|Low|Nov 16, 2016|Rootcheck||| |⚪|1378569|String not null terminated|High|Nov 16, 2016|FIM||| |⚪|1378547|Out-of-bounds access|High|Nov 16, 2016|Logcollector||| |⚪|1378529|Constant expression result|Medium|Nov 16, 2016|Shared||| |🔴|1035344|Untrusted loop bound|Medium|Jun 19, 2013|Analysisd|||

Status legend

🔴 Fix pending 🟡 Untriaged 🟢 Intentional 🔵 Ignore 🟣 Fixed ⚪ False positive

MarcelKemp commented 1 week ago

New defects issues

Open issue to work on the defects:

In this case, we detected them last Friday, and the defects are already fixed for 4.8.0:

juliamagan commented 1 week ago

LGTM