Skip to content

Commit

Permalink
Add SAST workflow
Browse files Browse the repository at this point in the history
  • Loading branch information
@szsam
szsam committed Jul 5, 2023
1 parent 56f5956 commit c1d05ed
Showing 1 changed file with 50 additions and 0 deletions.
50 changes: 50 additions & 0 deletions .github/workflows/sast.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,50 @@
---
########################
########################
## SAST GitHub Action ##
########################
########################
name: SAST

#######################################
# Start the job on all push to master #
#######################################
on:
push:
pull_request:
branches: ['sast']

###############
# Set the Job #
###############
jobs:
build:
# Name the Job
name: SAST

# Set the agent to run on
runs-on: ubuntu-latest

permissions:
contents: write

##################
# Load all steps #
##################
steps:
##########################
# Checkout the code base #
##########################
- name: Checkout Code
uses: actions/checkout@v2

#####################
# Run Deploy script #
#####################
- name: Run SAST check
uses: IvanKuchin/SAST@v1
with:
GITHUB_TOKEN: ${{ github.token }}
env:
LOG_VERBOSE: true

1 comment on commit c1d05ed

@github-actions
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Flaws found

./software/external/ambiq_ble/profile_appl/fcc_test/appl_fcc_test.c:198:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
./software/external/ambiq_ble/profile_appl/fcc_test/appl_fcc_test.c:199:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
./software/external/ambiq_ble/profile_appl/txpower_ctrl/appl_txpower_ctrl.c:202:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
./software/external/ambiq_ble/profile_appl/txpower_ctrl/appl_txpower_ctrl.c:203:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
./software/libs/mpatch/bliss_allocator/bliss_allocator.c:40:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
./software/libs/mpatch/bliss_allocator/bliss_allocator.c:47:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
./software/libs/mpatch/bliss_allocator/bliss_allocator_debug_util.c:20:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
./software/libs/mpatch/bliss_allocator/bliss_allocator_debug_util.c:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
./software/libs/mpatch/checkpoint/checkpoint.c:18:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
./software/libs/mpatch/checkpoint/checkpoint.c:24:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
./software/libs/mpatch/mpatch/mpatch.c:52:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
./software/libs/mpatch/mpatch/mpatch.c:58:  [4] (format) printf:
  If format strings can be influenced by an attacker, they can be exploited
  (CWE-134). Use a constant for the format specification.
./software/external/ambiq_ble/apps/amdtpc/amdtp_main.c:305:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
./software/external/ambiq_ble/apps/prodtest_datc/prodtest_datc_main.c:365:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
./software/external/ambiq_ble/apps/prodtest_dats/prodtest_dats_main.c:331:  [3] (random) random:
  This function is not sufficiently random for security-related functions
  such as key and nonce creation (CWE-327). Use a more secure technique for
  acquiring random values.
./software/external/CMSIS/ARM/Include/arm_math.h:459:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/CMSIS/ARM/Include/arm_math.h:474:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/CMSIS/ARM/Include/arm_math.h:490:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/CMSIS/ARM/Include/arm_math.h:508:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/CMSIS/ARM/Include/arm_math.h:524:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/CMSIS/ARM/Include/arm_math.h:538:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/CMSIS/ARM/Include/arm_math.h:554:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/CMSIS/ARM/Include/arm_math.h:572:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/amdtpc/amdtp_main.c:323:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/amdtpc/amdtp_main.c:327:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/amdtpc/amdtp_main.c:351:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/amdtpc/amdtp_main.c:353:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/amdtpc/amdtp_main.c:466:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/amdtps/amdtp_main.c:260:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/amdtps/amdtp_main.c:282:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/amdtps/amdtp_main.c:284:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/amdtps/amdtp_main.c:315:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/amota/amota_main.c:233:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/amota/amota_main.c:255:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/amota/amota_main.c:257:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/amota/amota_main.c:288:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/ancs/ancs_main.c:314:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/ancs/ancs_main.c:336:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/ancs/ancs_main.c:338:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/ancs/ancs_main.c:369:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/beaconscanner/beaconscanner_main.c:387:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/beaconscanner/beaconscanner_main.c:410:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/beaconscanner/beaconscanner_main.c:412:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/beaconscanner/beaconscanner_main.c:445:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/ibeacon/ibeacon_main.c:180:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/prodtest_datc/prodtest_datc_main.c:383:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/prodtest_datc/prodtest_datc_main.c:387:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/prodtest_datc/prodtest_datc_main.c:411:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/prodtest_datc/prodtest_datc_main.c:413:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/prodtest_datc/prodtest_datc_main.c:529:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/prodtest_dats/prodtest_dats_main.c:340:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/vole/vole_main.c:322:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/vole/vole_main.c:358:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/vole/vole_main.c:360:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/vole/vole_main.c:391:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/vole/vole_main.c:853:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/apps/vole/vole_main.c:854:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/em9304/em9304_init.c:728:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/menu/ble_menu.c:55:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/menu/ble_menu.c:60:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/menu/ble_menu.c:66:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/menu/ble_menu.c:73:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/menu/ble_menu.c:77:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/menu/ble_menu.h:110:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profile_appl/amdtpcommon/amdtp_common.c:118:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profile_appl/amdtpcommon/amdtp_common.c:319:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profile_appl/amdtpcommon/amdtp_common.c:343:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profile_appl/amdtpcommon/amdtp_common.c:367:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profile_appl/amota/appl_amota.c:465:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profile_appl/amota/appl_amota.c:782:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profile_appl/amota/appl_amota.c:826:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profile_appl/amota/appl_amota.c:828:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profile_appl/amota/appl_amota.c:1072:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profile_appl/ams/appl_ams.c:527:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profile_appl/ams/appl_ams.c:528:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profile_appl/ams/appl_ams.c:543:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
./software/external/ambiq_ble/profile_appl/ancs/appl_ancs.c:487:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profile_appl/ancs/appl_ancs.c:488:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profile_appl/ancs/appl_ancs.c:501:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
./software/external/ambiq_ble/profile_appl/fcc_test/appl_fcc_test.c:1062:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profile_appl/fcc_test/appl_fcc_test.c:1063:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profile_appl/fcc_test/appl_fcc_test.c:1081:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
./software/external/ambiq_ble/profile_appl/txpower_ctrl/appl_txpower_ctrl.c:1122:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profile_appl/txpower_ctrl/appl_txpower_ctrl.c:1123:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profile_appl/txpower_ctrl/appl_txpower_ctrl.c:1141:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
./software/external/ambiq_ble/profiles/amdtpcommon/amdtp_common.c:123:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/amdtpcommon/amdtp_common.c:308:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/amdtpcommon/amdtp_common.c:334:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/amdtpcommon/amdtp_common.c:360:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/amota/amotas_main.c:399:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/amota/amotas_main.c:719:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/amota/amotas_main.c:765:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/amota/amotas_main.c:767:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/amota/amotas_main.c:1013:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/ancc/ancc_main.c:405:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/vole/voles_main.c:293:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/volecommon/codec/ama/pb/calling.pb.h:67:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profiles/volecommon/codec/ama/pb/calling.pb.h:73:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profiles/volecommon/codec/ama/pb/central.pb.h:84:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profiles/volecommon/codec/ama/pb/device.pb.h:161:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profiles/volecommon/codec/ama/pb/device.pb.h:162:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profiles/volecommon/codec/ama/pb/device.pb.h:165:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profiles/volecommon/codec/ama/pb/pb.h:169:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profiles/volecommon/codec/sbc/sbc.c:224:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profiles/volecommon/codec/sbc/sbc.c:855:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/volecommon/codec/sbc/sbc.c:1935:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/volecommon/codec/sbc/sbc.c:1940:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/volecommon/codec/sbc/sbc.c:1994:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/volecommon/codec/sbc/sbc.c:1999:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/volecommon/codec/sbc/sbc.c:2386:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profiles/volecommon/codec/sbc/sbc.c:2405:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
./software/external/ambiq_ble/profiles/volecommon/codec/sbc/sbc.c:2414:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
./software/external/ambiq_ble/profiles/volecommon/codec/sbc/sbc.c:2469:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profiles/volecommon/codec/sbc/sbc.c:2492:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
./software/external/ambiq_ble/profiles/volecommon/codec/sbc/sbc.c:2506:  [2] (misc) fopen:
  Check when opening files - can an attacker redirect it (via symlinks),
  force the opening of special file type (e.g., device files), move things
  around to create a race condition, control its ancestors, or change its
  contents? (CWE-362).
./software/external/ambiq_ble/profiles/volecommon/codec/sbc/sbc.c:2564:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profiles/volecommon/vole_common.c:123:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/volecommon/vole_common.c:308:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/volecommon/vole_common.c:334:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/ambiq_ble/profiles/volecommon/vole_common.c:360:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/mcu/apollo3/hal/am_hal_ble.c:864:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/mcu/apollo3/hal/am_hal_ble.c:1915:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/mcu/apollo3/hal/am_hal_ble.c:2169:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/mcu/apollo3/hal/am_hal_ble.c:2258:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/external/utils/am_util_stdio.c:65:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/utils/am_util_stdio.c:381:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/utils/am_util_stdio.c:444:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/libs/cartridge/reader.c:49:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/libs/display/display.c:80:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/libs/memtracker/memtracker.c:98:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/libs/mpatch/bliss_allocator/bliss_allocator_cfg.h:28:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/libs/mpatch/checkpoint/arch/arm/checkpoint_util_mem.h:6:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/libs/mpatch/checkpoint/arch/arm/checkpoint_util_mem.h:7:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/libs/mpatch/checkpoint/arch/arm/checkpoint_util_mem.h:8:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/libs/mpatch/checkpoint/arch/arm/reg/checkpoint_registers.c:17:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/libs/mpatch/checkpoint/arch/arm/reg/checkpoint_registers.h:43:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/libs/mpatch/checkpoint/stack/checkpoint_stack.h:7:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/libs/mpatch/checkpoint/stack/checkpoint_stack.h:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/libs/mpatch/checkpoint/stack/checkpoint_stack_nvm.c:8:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/libs/mpatch/checkpoint/stack/checkpoint_stack_nvm.c:9:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/libs/mpatch/checkpoint/stack/checkpoint_stack_nvm.c:11:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/libs/mpatch/checkpoint/stack/checkpoint_stack_nvm.c:12:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/libs/mpatch/test/unit/mpatch/test_mpatch.c:1156:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/libs/mpatch/test/unit/mpatch/test_mpatch.c:1369:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/libs/mpatch/test/unit/mpatch/test_mpatch.c:1416:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/libs/mpatch/test/unit/mpatch/test_mpatch.c:1514:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/libs/mpatch/test/unit/mpatch/test_mpatch.c:1540:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/libs/mpatch/test/unit/mpatch/test_mpatch.c:1604:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/libs/mpatch/test/unit/mpatch/test_mpatch.c:1643:  [2] (buffer) memcpy:
  Does not check for buffer overflows when copying to destination (CWE-120).
  Make sure destination can always hold the source data.
./software/libs/mpatch/test/unit/util/asciitree.c:50:  [2] (buffer) sprintf:
  Does not check for buffer overflows (CWE-120). Use sprintf_s, snprintf, or
  vsnprintf. Risk is low because the source has a constant maximum length.
./software/libs/mpatch/test/unit/util/asciitree.h:26:  [2] (buffer) char:
  Statically-sized arrays can be improperly restricted, leading to potential
  overflows or other issues (CWE-119!/CWE-120). Perform bounds checking, use
  functions that limit length, or ensure that the size is larger than the
  maximum possible length.
./software/external/ambiq_ble/profile_appl/fcc_test/appl_fcc_test.c:1192:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
./software/external/ambiq_ble/profile_appl/fcc_test/appl_fcc_test.c:1197:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
./software/external/ambiq_ble/profile_appl/txpower_ctrl/appl_txpower_ctrl.c:1252:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
./software/external/ambiq_ble/profile_appl/txpower_ctrl/appl_txpower_ctrl.c:1257:  [1] (buffer) read:
  Check buffer boundaries if used in a loop including recursive loops
  (CWE-120, CWE-20).
./software/libs/mpatch/test/unit/util/asciitree.c:51:  [1] (buffer) strlen:
  Does not handle strings that are not \0-terminated; if given one it may
  perform an over-read (it could cause a crash if unprotected) (CWE-126).

Please sign in to comment.