https://github.com/tukaani-project/xz.git ·
lang: unknown ·
LOC: ·
source: user_submitted
| Rule | Severity | Count |
|---|---|---|
MINED115 GitHub Action pinned to mutable ref (not 40-char SHA) |
high | 15 |
AIC003 Duplicated implementation block across source files |
low | 11 |
MINED075 C Malloc No Check |
info | 3 |
CORE_NO_LICENSE No LICENSE file |
low | 1 |
MINED043 Http Not Https |
info | 1 |
MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/cifuzz.yml:31
· conf 0.90
[MINED115] Action `google/oss-fuzz/infra/cifuzz/actions/build_fuzzers` pinned to mutable ref `@master`: `uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master` resolves at workflow-run time…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/cifuzz.yml:41
· conf 0.90
[MINED115] Action `google/oss-fuzz/infra/cifuzz/actions/run_fuzzers` pinned to mutable ref `@master`: `uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master` resolves at workflow-run time. Ta…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/cifuzz.yml:51
· conf 0.90
[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/ci.yml:32
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/ci.yml:167
· conf 0.90
[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/coverity.yml:15
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/dragonflybsd.yml:20
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/freebsd.yml:37
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/haiku.yml:20
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/msvc.yml:27
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/msys2.yml:80
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/msys2.yml:140
· conf 0.90
[MINED115] Action `actions/upload-artifact` pinned to mutable ref `@v7`: `uses: actions/upload-artifact@v7` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/netbsd.yml:20
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/openbsd.yml:20
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…MINED115
GitHub Action pinned to mutable ref (not 40-char SHA)
CWE-829
.github/workflows/solaris.yml:20
· conf 0.90
[MINED115] Action `actions/checkout` pinned to mutable ref `@v6`: `uses: actions/checkout@v6` resolves at workflow-run time. Tags and branches can be re-pushed by the action owner; that made the tj-a…AIC003
Duplicated implementation block across source files
debug/sync_flush.c:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/getopt1.c:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/getopt1.c:2
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/getopt.c:2
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/getopt-ext.h:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/getopt_int.h:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/getopt-pfx-core.h:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
lib/getopt-pfx-ext.h:1
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/liblzma/common/stream_buffer_decoder.c:21
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/liblzma/common/stream_decoder_mt.c:423
· conf 0.86
Duplicated implementation block across source filesAIC003
Duplicated implementation block across source files
src/liblzma/lz/lz_encoder_hash_table.h:2
· conf 0.86
Duplicated implementation block across source filesCORE_NO_LICENSE
No LICENSE file
No LICENSE fileMINED043
Http Not Https
CWE-319
extra/scanlzma/scanlzma.c:20
· conf 1.00
[MINED043] Http Not Https: Hardcoded http:// (not localhost) for endpoints that handle credentials or data.MINED075
C Malloc No Check
CWE-690
debug/known_sizes.c:34
· conf 1.00
[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL.MINED075
C Malloc No Check
CWE-690
src/common/tuklib_mbstr_wrap.c:277
· conf 1.00
[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL.MINED075
C Malloc No Check
CWE-690
src/xz/util.c:78
· conf 1.00
[MINED075] C Malloc No Check: malloc/calloc/realloc return value used without checking for NULL.Reading from rp.scan + rp.finding + rp.rule (unified schema, R78 series). Legacy data path unchanged. Compare with /scan/8cda9cc0-bfdb-41ae-adf8-e09d6275c1f7/.