Code Security Report: 8 high severity findings, 14 total findings [main]

[mend-for-git.832008.xyz]

Code Security Report

Scan Metadata

Latest Scan: 2026-01-23 07:30pm
Total Findings: 14 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 162
Detected Programming Languages: 2 (Go, Python)

• Check this box to manually trigger a scan

Note: GitHub may take a few seconds to process actions triggered via checkboxes.
Please wait until the change is visible before continuing.

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

Severity	Vulnerability Type	CWE	File	Data Flows	Detected
High	Path/Directory Traversal	CWE-22	read.py:14	2	2025-10-28 08:08pm
Vulnerable Code cloudfuse/perf_testing/scripts/read.py Lines 9 to 14 in c8c3346 blockSize = 8 * 1024 * 1024 fileSize = int(size) * (1024 * 1024 * 1024) bytes_read = 0 t1 = time.time() fd = open(os.path.join(mountpath, 'application_'+size+'.data'), 'rb') 2 Data Flow/s detected View Data Flow 1 cloudfuse/perf_testing/scripts/read.py Line 7 in c8c3346 size = sys.argv[2] View Data Flow 2 cloudfuse/perf_testing/scripts/read.py Line 6 in c8c3346 mountpath = sys.argv[1] Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Path/Directory Traversal Training ● Videos    ▪ Secure Code Warrior Path/Directory Traversal Video ● Further Reading    ▪ OWASP Path Traversal    ▪ OWASP Input Validation Cheat Sheet Suppress Finding ... as False Alarm ... as Acceptable Risk Note: GitHub may take a few seconds to process actions triggered via checkboxes. Please wait until the change is visible before continuing.
High	Insecure Directory Permissions	CWE-732	block_cache.go:1377	1	2025-10-28 08:08pm
Vulnerable Code cloudfuse/component/block_cache/block_cache.go Lines 1372 to 1377 in c8c3346 } } defer root.Close() // Create directory structure if not exists err = os.MkdirAll(filepath.Dir(localPath), 0755) 1 Data Flow/s detected cloudfuse/component/block_cache/block_cache.go Line 1377 in c8c3346 err = os.MkdirAll(filepath.Dir(localPath), 0755) Secure Code Warrior Training Material Suppress Finding ... as False Alarm ... as Acceptable Risk Note: GitHub may take a few seconds to process actions triggered via checkboxes. Please wait until the change is visible before continuing.
High	Path/Directory Traversal	CWE-22	write.py:16	2	2025-10-28 08:08pm
Vulnerable Code cloudfuse/perf_testing/scripts/write.py Lines 11 to 16 in c8c3346 bytes_written = 0 data = os.urandom(blockSize) t1 = time.time() fd = open(os.path.join(mountpath, 'application_'+size+'.data'), 'wb') 2 Data Flow/s detected View Data Flow 1 cloudfuse/perf_testing/scripts/write.py Line 7 in c8c3346 size = sys.argv[2] View Data Flow 2 cloudfuse/perf_testing/scripts/write.py Line 6 in c8c3346 mountpath = sys.argv[1] Secure Code Warrior Training Material ● Training    ▪ Secure Code Warrior Path/Directory Traversal Training ● Videos    ▪ Secure Code Warrior Path/Directory Traversal Video ● Further Reading    ▪ OWASP Path Traversal    ▪ OWASP Input Validation Cheat Sheet Suppress Finding ... as False Alarm ... as Acceptable Risk Note: GitHub may take a few seconds to process actions triggered via checkboxes. Please wait until the change is visible before continuing.
High	Insecure Directory Permissions	CWE-732	block_cache.go:1909	1	2025-10-28 08:08pm
Vulnerable Code cloudfuse/component/block_cache/block_cache.go Lines 1904 to 1909 in c8c3346 goto return_safe } defer root.Close() // Create directory structure if not exists err = os.MkdirAll(filepath.Dir(localPath), 0755) 1 Data Flow/s detected cloudfuse/component/block_cache/block_cache.go Line 1909 in c8c3346 err = os.MkdirAll(filepath.Dir(localPath), 0755) Secure Code Warrior Training Material Suppress Finding ... as False Alarm ... as Acceptable Risk Note: GitHub may take a few seconds to process actions triggered via checkboxes. Please wait until the change is visible before continuing.
High	Insecure Directory Permissions	CWE-732	block_cache.go:1355	1	2025-10-28 08:08pm
Vulnerable Code cloudfuse/component/block_cache/block_cache.go Lines 1350 to 1355 in c8c3346 if bc.tmpPath != "" { root, err := os.OpenRoot(bc.tmpPath) localPath := filepath.Join(bc.tmpPath, fileName) if err != nil { err := os.MkdirAll(bc.tmpPath, 0755) 1 Data Flow/s detected cloudfuse/component/block_cache/block_cache.go Line 1355 in c8c3346 err := os.MkdirAll(bc.tmpPath, 0755) Secure Code Warrior Training Material Suppress Finding ... as False Alarm ... as Acceptable Risk Note: GitHub may take a few seconds to process actions triggered via checkboxes. Please wait until the change is visible before continuing.
High	Insecure File Permissions	CWE-732	cache_policy.go:121	1	2025-11-14 07:31pm
Vulnerable Code cloudfuse/component/file_cache/cache_policy.go Lines 116 to 121 in c8c3346 err := os.Remove(name) if err != nil && os.IsPermission(err) { // File is not having delete permissions so change the mode and retry deletion log.Warn("cachePolicy::deleteFile : failed to delete %s due to permission", name) err = os.Chmod(name, os.FileMode(0644)) 1 Data Flow/s detected cloudfuse/component/file_cache/cache_policy.go Line 121 in c8c3346 err = os.Chmod(name, os.FileMode(0644)) Secure Code Warrior Training Material Suppress Finding ... as False Alarm ... as Acceptable Risk Note: GitHub may take a few seconds to process actions triggered via checkboxes. Please wait until the change is visible before continuing.
High	Insecure Directory Permissions	CWE-732	mount_tracker.go:84	1	2025-09-02 04:18pm
Vulnerable Code cloudfuse/internal/winservice/mount_tracker.go Lines 79 to 84 in c8c3346 if err != nil { return "", err } // Ensure the AppData folder exists if err := os.MkdirAll(appDataPath, 0755); err != nil { 1 Data Flow/s detected cloudfuse/internal/winservice/mount_tracker.go Line 84 in c8c3346 if err := os.MkdirAll(appDataPath, 0755); err != nil { Secure Code Warrior Training Material Suppress Finding ... as False Alarm ... as Acceptable Risk Note: GitHub may take a few seconds to process actions triggered via checkboxes. Please wait until the change is visible before continuing.
High	Insecure Directory Permissions	CWE-732	block_cache.go:1885	1	2025-10-28 08:08pm
Vulnerable Code cloudfuse/component/block_cache/block_cache.go Lines 1880 to 1885 in c8c3346 bc.threadPool.Schedule(false, item) return } if bc.tmpPath != "" { err := os.MkdirAll(bc.tmpPath, 0755) 1 Data Flow/s detected cloudfuse/component/block_cache/block_cache.go Line 1885 in c8c3346 err := os.MkdirAll(bc.tmpPath, 0755) Secure Code Warrior Training Material Suppress Finding ... as False Alarm ... as Acceptable Risk Note: GitHub may take a few seconds to process actions triggered via checkboxes. Please wait until the change is visible before continuing.
Medium	Heap Inspection	CWE-244	config.go:159	1	2025-04-29 05:08pm
Vulnerable Code cloudfuse/component/azstorage/config.go Line 159 in c8c3346 ClientSecret string `config:"clientsecret" yaml:"clientsecret,omitempty"` Secure Code Warrior Training Material Suppress Finding ... as False Alarm ... as Acceptable Risk Note: GitHub may take a few seconds to process actions triggered via checkboxes. Please wait until the change is visible before continuing.
Medium	Heap Inspection	CWE-244	config.go:63	1	2025-09-02 07:32pm
Vulnerable Code cloudfuse/cmd/config.go Line 63 in c8c3346 configEncryptionPassphrase string // Sets config file encryption passphrase Secure Code Warrior Training Material Suppress Finding ... as False Alarm ... as Acceptable Risk Note: GitHub may take a few seconds to process actions triggered via checkboxes. Please wait until the change is visible before continuing.

Findings Overview

Severity	Vulnerability Type	CWE	Language	Count
High	Path/Directory Traversal	CWE-22	Python	2
High	Insecure Directory Permissions	CWE-732	Go	5
High	Insecure File Permissions	CWE-732	Go	1
Medium	Heap Inspection	CWE-244	Go	5
Low	Weak Hash Strength	CWE-916	Go	1