Skip to content

Code Security Report: 211 total findings #4

New issue
New issue
Open
Open
Code Security Report: 211 total findings#4
Labels
Mend: code security findingsCode security findings detected by Mend
@mend-for-github-com

Description

@mend-for-github-com
mend-for-github-com
bot
opened on Jun 16, 2024

Code Security Report

Scan Metadata

Latest Scan: 2024-06-16 08:33pm
Total Findings: 211 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 43
Detected Programming Languages: 3 (C/C++ (Beta), Swift, iOS Objective-C)

  • Check this box to manually trigger a scan

Most Relevant Findings

The list below presents the 10 most relevant findings that need your attention. To view information on the remaining findings, navigate to the Mend Application.

SeverityVulnerability TypeCWEFileData FlowsDate
LowExternal URL Access

N/A

EventMonitor.swift:211

12024-06-16 08:34pm
Vulnerable Code

ios-interview/Pods/Alamofire/Source/EventMonitor.swift

Lines 206 to 211 in 7bf4785

/// downloaded file will be moved to.
func request(_ request: DownloadRequest, didCreateDestinationURL url: URL)
/// Event called when a `DownloadRequest` calls a `Validation`.
func request(_ request: DownloadRequest,
didValidateRequest urlRequest: URLRequest?,

1 Data Flow/s detected

ios-interview/Pods/Alamofire/Source/EventMonitor.swift

Line 211 in 7bf4785

didValidateRequest urlRequest: URLRequest?,

Secure Code Warrior Training Material
 
LowExternal URL Access

N/A

Response.swift:101

12024-06-16 08:34pm
Vulnerable Code

ios-interview/Pods/Alamofire/Source/Response.swift

Lines 96 to 101 in 7bf4785

/// `HTTPURLResponse`'s status code, headers, and body; the duration of the network and serialization actions; and
/// the `Result` of serialization.
public var debugDescription: String {
guard let urlRequest = request else { return "[Request]: None\n[Result]: \(result)" }
let requestDescription = DebugDescription.description(of: urlRequest)

1 Data Flow/s detected

ios-interview/Pods/Alamofire/Source/Response.swift

Line 101 in 7bf4785

let requestDescription = DebugDescription.description(of: urlRequest)

Secure Code Warrior Training Material
 
LowExternal URL Access

N/A

Session.swift:662

12024-06-16 08:34pm
Vulnerable Code

ios-interview/Pods/Alamofire/Source/Session.swift

Lines 657 to 662 in 7bf4785

/// - fileManager: `FileManager` instance to be used by the returned `UploadRequest`. `.default` instance by
/// default.
///
/// - Returns: The created `UploadRequest`.
open func upload(_ data: Data,
with convertible: URLRequestConvertible,

1 Data Flow/s detected

ios-interview/Pods/Alamofire/Source/Session.swift

Line 662 in 7bf4785

with convertible: URLRequestConvertible,

Secure Code Warrior Training Material
 
LowExternal URL Access

N/A

RequestInterceptor.swift:196

12024-06-16 08:34pm
Vulnerable Code

ios-interview/Pods/Alamofire/Source/RequestInterceptor.swift

Lines 191 to 196 in 7bf4785

open func adapt(_ urlRequest: URLRequest, for session: Session, completion: @escaping (Result<URLRequest, Error>) -> Void) {
adapt(urlRequest, for: session, using: adapters, completion: completion)
}
private func adapt(_ urlRequest: URLRequest,

1 Data Flow/s detected

ios-interview/Pods/Alamofire/Source/RequestInterceptor.swift

Line 196 in 7bf4785

private func adapt(_ urlRequest: URLRequest,

Secure Code Warrior Training Material
 
LowExternal URL Access

N/A

RequestInterceptor.swift:97

12024-06-16 08:34pm
Vulnerable Code

ios-interview/Pods/Alamofire/Source/RequestInterceptor.swift

Lines 92 to 97 in 7bf4785

/// Type that provides both `RequestAdapter` and `RequestRetrier` functionality.
public protocol RequestInterceptor: RequestAdapter, RequestRetrier {}
extension RequestInterceptor {
public func adapt(_ urlRequest: URLRequest, for session: Session, completion: @escaping (Result<URLRequest, Error>) -> Void) {
completion(.success(urlRequest))

1 Data Flow/s detected

ios-interview/Pods/Alamofire/Source/RequestInterceptor.swift

Line 97 in 7bf4785

completion(.success(urlRequest))

Secure Code Warrior Training Material
 
LowExternal URL Access

N/A

EventMonitor.swift:622

12024-06-16 08:34pm
Vulnerable Code

ios-interview/Pods/Alamofire/Source/EventMonitor.swift

Lines 617 to 622 in 7bf4785

/// Closure called on the `request(_:didFailToCreateURLRequestWithError:)` event.
open var requestDidFailToCreateURLRequestWithError: ((Request, AFError) -> Void)?
/// Closure called on the `request(_:didAdaptInitialRequest:to:)` event.
open var requestDidAdaptInitialRequestToAdaptedRequest: ((Request, URLRequest, URLRequest) -> Void)?

1 Data Flow/s detected

ios-interview/Pods/Alamofire/Source/EventMonitor.swift

Line 622 in 7bf4785

open var requestDidAdaptInitialRequestToAdaptedRequest: ((Request, URLRequest, URLRequest) -> Void)?

Secure Code Warrior Training Material
 
LowExternal URL Access

N/A

RedirectHandler.swift:82

12024-06-16 08:34pm
Vulnerable Code

ios-interview/Pods/Alamofire/Source/RedirectHandler.swift

Lines 77 to 82 in 7bf4785

// MARK: -
extension Redirector: RedirectHandler {
public func task(_ task: URLSessionTask,
willBeRedirectedTo request: URLRequest,

1 Data Flow/s detected

ios-interview/Pods/Alamofire/Source/RedirectHandler.swift

Line 82 in 7bf4785

willBeRedirectedTo request: URLRequest,

Secure Code Warrior Training Material
 
LowExternal URL Access

N/A

ParameterEncoder.swift:38

12024-06-16 08:34pm
Vulnerable Code

ios-interview/Pods/Alamofire/Source/ParameterEncoder.swift

Lines 33 to 38 in 7bf4785

/// - request: The `URLRequest` into which to encode the parameters.
///
/// - Returns: A `URLRequest` with the result of the encoding.
/// - Throws: An `Error` when encoding fails. For Alamofire provided encoders, this will be an instance of
/// `AFError.parameterEncoderFailed` with an associated `ParameterEncoderFailureReason`.
func encode<Parameters: Encodable>(_ parameters: Parameters?, into request: URLRequest) throws -> URLRequest

1 Data Flow/s detected

ios-interview/Pods/Alamofire/Source/ParameterEncoder.swift

Line 38 in 7bf4785

func encode<Parameters: Encodable>(_ parameters: Parameters?, into request: URLRequest) throws -> URLRequest

Secure Code Warrior Training Material
 
LowExternal URL Access

N/A

Session.swift:599

12024-06-16 08:34pm
Vulnerable Code

ios-interview/Pods/Alamofire/Source/Session.swift

Lines 594 to 599 in 7bf4785

let url: URLConvertible
let method: HTTPMethod
let headers: HTTPHeaders?
let requestModifier: RequestModifier?
func asURLRequest() throws -> URLRequest {

1 Data Flow/s detected

ios-interview/Pods/Alamofire/Source/Session.swift

Line 599 in 7bf4785

func asURLRequest() throws -> URLRequest {

Secure Code Warrior Training Material
 
LowExternal URL Access

N/A

Session.swift:247

12024-06-16 08:34pm
Vulnerable Code

ios-interview/Pods/Alamofire/Source/Session.swift

Lines 242 to 247 in 7bf4785

// MARK: - DataRequest
/// Closure which provides a `URLRequest` for mutation.
public typealias RequestModifier = (inout URLRequest) throws -> Void
struct RequestConvertible: URLRequestConvertible {

1 Data Flow/s detected

ios-interview/Pods/Alamofire/Source/Session.swift

Line 247 in 7bf4785

struct RequestConvertible: URLRequestConvertible {

Secure Code Warrior Training Material

Findings Overview

Severity Vulnerability Type CWE Language Count
Low External URL Access N/A Swift 211

Metadata

Metadata

Assignees

No one assigned

    Labels

    Mend: code security findingsCode security findings detected by Mend

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions