Code Security Report: 12 total findings [main]

[mend-for-github-com]

Code Security Report

Scan Metadata

Latest Scan: 2025-03-06 05:31pm
Total Findings: 12 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 150
Detected Programming Languages: 2 (JavaScript / TypeScript*, Go)

• Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Detected
Medium	Heap Inspection	CWE-244	flags.go:69	1	2024-12-04 04:30pm
Vulnerable Code cfm/cli/pkg/serviceLib/flags/flags.go Line 69 in 787ecf7 COMMON_PASSWORD_SH string = "W" Secure Code Warrior Training Material
Medium	Heap Inspection	CWE-244	flags.go:78	1	2024-12-04 04:30pm
Vulnerable Code cfm/cli/pkg/serviceLib/flags/flags.go Line 78 in 787ecf7 APPLIANCE_PASSWORD_SH string = COMMON_PASSWORD_SH Secure Code Warrior Training Material
Medium	Heap Inspection	CWE-244	flags.go:91	1	2024-12-04 04:30pm
Vulnerable Code cfm/cli/pkg/serviceLib/flags/flags.go Line 91 in 787ecf7 BLADE_PASSWORD_SH string = COMMON_PASSWORD_SH Secure Code Warrior Training Material
Medium	Heap Inspection	CWE-244	flags.go:77	1	2024-12-04 04:30pm
Vulnerable Code cfm/cli/pkg/serviceLib/flags/flags.go Line 77 in 787ecf7 APPLIANCE_PASSWORD string = APPLIANCE + "-" + PASSWORD Secure Code Warrior Training Material
Medium	Heap Inspection	CWE-244	flags.go:161	1	2024-12-04 04:30pm
Vulnerable Code cfm/cli/pkg/serviceLib/flags/flags.go Line 161 in 787ecf7 HOST_PASSWORD_DFLT string = "admin12345" Secure Code Warrior Training Material
Medium	Heap Inspection	CWE-244	flags.go:34	1	2024-12-04 04:30pm
Vulnerable Code cfm/cli/pkg/serviceLib/flags/flags.go Line 34 in 787ecf7 PASSWORD string = "password" Secure Code Warrior Training Material
Medium	Heap Inspection	CWE-244	flags.go:154	1	2024-12-04 04:30pm
Vulnerable Code cfm/cli/pkg/serviceLib/flags/flags.go Line 154 in 787ecf7 BLADE_PASSWORD_DFLT string = "0penBmc" Secure Code Warrior Training Material
Medium	Heap Inspection	CWE-244	flags.go:104	1	2024-12-04 04:30pm
Vulnerable Code cfm/cli/pkg/serviceLib/flags/flags.go Line 104 in 787ecf7 HOST_PASSWORD_SH string = COMMON_PASSWORD_SH Secure Code Warrior Training Material
Medium	Heap Inspection	CWE-244	flags.go:147	1	2024-12-04 04:30pm
Vulnerable Code cfm/cli/pkg/serviceLib/flags/flags.go Line 147 in 787ecf7 APPLIANCE_PASSWORD_DFLT string = "dummypswd" Secure Code Warrior Training Material
Medium	Weak Pseudo-Random	CWE-338	sessions.go:192	1	2024-11-19 10:02pm
Vulnerable Code cfm/pkg/accounts/sessions.go Line 192 in 787ecf7 r := rand.New(seed) Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Weak Pseudo-Random Training ● Videos    ▪ Secure Code Warrior Weak Pseudo-Random Video ● Further Reading    ▪ OWASP Insecure Randomness

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
Medium	Heap Inspection	CWE-244	Go	11
Medium	Weak Pseudo-Random	CWE-338	Go	1