Code Security Report: 3 total findings [develop]

[mend-for-github-com]

Code Security Report

Scan Metadata

Latest Scan: 2025-02-20 03:55am
Total Findings: 3 | New Findings: 0 | Resolved Findings: 0
Tested Project Files: 22
Detected Programming Languages: 1 (C/C++ (Beta))

• Check this box to manually trigger a scan

Finding Details

Severity	Vulnerability Type	CWE	File	Data Flows	Detected
Medium	Heap Inspection	CWE-244	openseachest_util_options.h:3825	1	2025-02-12 09:22pm
Vulnerable Code openSeaChest/include/openseachest_util_options.h Line 3825 in a11d400 void print_ATA_Security_Erase_Help(bool shortHelp, const char* password); Secure Code Warrior Training Material
Medium	Heap Inspection	CWE-244	openSeaChest_Erase.c:2058	1	2025-02-12 09:22pm
Vulnerable Code openSeaChest/utils/C/openSeaChest/openSeaChest_Erase.c Line 2058 in a11d400 char* passwordToUse = M_NULLPTR; Secure Code Warrior Training Material
Medium	Heap Inspection	CWE-244	openSeaChest_Security.c:1608	1	2025-02-12 09:22pm
Vulnerable Code openSeaChest/utils/C/openSeaChest/openSeaChest_Security.c Line 1608 in a11d400 char* passwordToUse = M_NULLPTR; Secure Code Warrior Training Material

[vonericsen]

My initial thought is that this is just matching "password" and triggering a warning. I've seen that from mend before, possibly with these exact lines of code.
I'll review this in depth to decide the appropriate action to take with each of these findings.