-*- mode: compilation; default-directory: "/home/eslerm/s390-tools/mantic/s390-tools-2.29.0"; -*-
genprotimg/src/utils/curl.c:100:8:
  Type: Incorrect sizeof expression (BAD_SIZEOF)

genprotimg/src/utils/curl.c:100:8:
  bad_sizeof: Taking the size of "&userdata", which is the address of an object, is suspicious.
genprotimg/src/utils/curl.c:100:8:
  remediation: Did you intend the size of "userdata" itself?

libpv/curl.c:97:7:
  Type: Incorrect sizeof expression (BAD_SIZEOF)

libpv/curl.c:97:7:
  bad_sizeof: Taking the size of "&userdata", which is the address of an object, is suspicious.
libpv/curl.c:97:7:
  remediation: Did you intend the size of "userdata" itself?

pvattest/src/common.c:30:3:
  Type: Unchecked return value from library (CHECKED_RETURN)

pvattest/src/common.c:29:2: Unchecked call to function
  1. path: Condition "rc", taking true branch.
pvattest/src/common.c:29:2:
  2. path: Condition "mode != 438", taking true branch.
pvattest/src/common.c:30:3:
  3. check_return: Calling "chmod(filename, mode)" without checking return value. This library function may fail and return an error code.

genprotimg/src/pv/pv_args.c:92:4:
  Type: Explicit null dereferenced (FORWARD_NULL)

genprotimg/src/pv/pv_args.c:69:2:
  1. path: Condition "cf_args->pcf", taking true branch.
genprotimg/src/pv/pv_args.c:69:2:
  2. path: Condition "cf_args->enable_pckmo == PV_NOT_SET", taking true branch.
genprotimg/src/pv/pv_args.c:69:2:
  3. path: Condition "cf_args->enable_dump == PV_NOT_SET", taking true branch.
genprotimg/src/pv/pv_args.c:78:2:
  4. path: Condition "cf_args->scf", taking true branch.
genprotimg/src/pv/pv_args.c:78:2:
  5. path: Condition "!(cf_args->enable_cck_extension_secret_enforcement == PV_NOT_SET)", taking false branch.
genprotimg/src/pv/pv_args.c:86:2:
  6. path: Condition "args->unused_values->len > 0", taking true branch.
genprotimg/src/pv/pv_args.c:87:14:
  7. assign_zero: Assigning: "unused" = "NULL".
genprotimg/src/pv/pv_args.c:89:3:
  8. path: Condition "i > 0", taking true branch.
genprotimg/src/pv/pv_args.c:90:15:
  9. alias_transfer: Assigning: "tmp" = "unused".
genprotimg/src/pv/pv_args.c:92:4:
  10. var_deref_model: Passing null pointer "tmp" to "g_strjoin", which dereferences it.

genprotimg/src/pv/pv_stage3.c:54:3:
  Type: Resource leak (RESOURCE_LEAK)

genprotimg/src/pv/pv_stage3.c:36:2:
  1. path: Condition "loader_size", taking true branch.
genprotimg/src/pv/pv_stage3.c:36:2:
  2. path: Falling through to end of if statement.
genprotimg/src/pv/pv_stage3.c:36:2:
  3. path: Condition "({...; _g_boolean_var_8;})", taking true branch.
genprotimg/src/pv/pv_stage3.c:36:2:
  4. path: Falling through to end of if statement.
genprotimg/src/pv/pv_stage3.c:39:2:
  5. path: Condition "!mapped_file", taking false branch.
genprotimg/src/pv/pv_stage3.c:42:2:
  6. alloc_fn: Storage is returned from allocation function "g_mapped_file_get_contents".
genprotimg/src/pv/pv_stage3.c:42:2:
  7. var_assign: Assigning: "loader_data" = storage returned from "g_mapped_file_get_contents(mapped_file)".
genprotimg/src/pv/pv_stage3.c:43:2:
  8. path: Condition "!loader_data", taking false branch.
genprotimg/src/pv/pv_stage3.c:50:2:
  9. path: Condition "tmp_loader_size < args_size", taking true branch.
genprotimg/src/pv/pv_stage3.c:54:3:
  10. leaked_storage: Variable "loader_data" going out of scope leaks the storage it points to.

genprotimg/src/pv/pv_stage3.c:71:2:
  Type: Resource leak (RESOURCE_LEAK)

genprotimg/src/pv/pv_stage3.c:36:2:
  1. path: Condition "loader_size", taking true branch.
genprotimg/src/pv/pv_stage3.c:36:2:
  2. path: Falling through to end of if statement.
genprotimg/src/pv/pv_stage3.c:36:2:
  3. path: Condition "({...; _g_boolean_var_8;})", taking true branch.
genprotimg/src/pv/pv_stage3.c:36:2:
  4. path: Falling through to end of if statement.
genprotimg/src/pv/pv_stage3.c:39:2:
  5. path: Condition "!mapped_file", taking false branch.
genprotimg/src/pv/pv_stage3.c:42:2:
  6. alloc_fn: Storage is returned from allocation function "g_mapped_file_get_contents".
genprotimg/src/pv/pv_stage3.c:42:2:
  7. var_assign: Assigning: "loader_data" = storage returned from "g_mapped_file_get_contents(mapped_file)".
genprotimg/src/pv/pv_stage3.c:43:2:
  8. path: Condition "!loader_data", taking false branch.
genprotimg/src/pv/pv_stage3.c:50:2:
  9. path: Condition "tmp_loader_size < args_size", taking false branch.
genprotimg/src/pv/pv_stage3.c:60:2:
  10. path: Condition "data_aligned", taking true branch.
genprotimg/src/pv/pv_stage3.c:66:2:
  11. noescape: Resource "loader_data" is not freed or pointed-to in "memcpy". [Note: The source code implementation of the function has been overridden by a builtin model.]
genprotimg/src/pv/pv_stage3.c:71:2:
  12. leaked_storage: Variable "loader_data" going out of scope leaks the storage it points to.

pvattest/src/log.c:68:7:
  Type: Dereference before null check (REVERSE_INULL)

pvattest/src/log.c:65:29:
  deref_ptr_in_call: Dereferencing pointer "prefix".
pvattest/src/log.c:68:7:
  check_after_deref: Null-checking "prefix" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.

netboot/Dockerfile:5:
  Type: Container running as root (SIGMA.container_running_as_root)

netboot/Dockerfile:5:
  1. Sigma main event: The Docker container is configured to run as the root user.
netboot/Dockerfile:5:
  2. remediation: Explicitly set the last `USER` value to a non-root user to prevent the container from running in a privileged context.

rust-vendor/curl/ci/Dockerfile-centos7:1:
  Type: Container running as root (SIGMA.container_running_as_root)

rust-vendor/curl/ci/Dockerfile-centos7:1:
  1. Sigma main event: The Docker container is configured to run as the root user.
rust-vendor/curl/ci/Dockerfile-centos7:1:
  2. remediation: Explicitly set the last `USER` value to a non-root user to prevent the container from running in a privileged context.

rust-vendor/curl/ci/Dockerfile-linux32:1:
  Type: Container running as root (SIGMA.container_running_as_root)

rust-vendor/curl/ci/Dockerfile-linux32:1:
  1. Sigma main event: The Docker container is configured to run as the root user.
rust-vendor/curl/ci/Dockerfile-linux32:1:
  2. remediation: Explicitly set the last `USER` value to a non-root user to prevent the container from running in a privileged context.

rust-vendor/curl/ci/Dockerfile-linux64:1:
  Type: Container running as root (SIGMA.container_running_as_root)

rust-vendor/curl/ci/Dockerfile-linux64:1:
  1. Sigma main event: The Docker container is configured to run as the root user.
rust-vendor/curl/ci/Dockerfile-linux64:1:
  2. remediation: Explicitly set the last `USER` value to a non-root user to prevent the container from running in a privileged context.

rust-vendor/curl/ci/Dockerfile-linux64-curl:1:
  Type: Container running as root (SIGMA.container_running_as_root)

rust-vendor/curl/ci/Dockerfile-linux64-curl:1:
  1. Sigma main event: The Docker container is configured to run as the root user.
rust-vendor/curl/ci/Dockerfile-linux64-curl:1:
  2. remediation: Explicitly set the last `USER` value to a non-root user to prevent the container from running in a privileged context.

rust-vendor/curl/ci/Dockerfile-mingw:1:
  Type: Container running as root (SIGMA.container_running_as_root)

rust-vendor/curl/ci/Dockerfile-mingw:1:
  1. Sigma main event: The Docker container is configured to run as the root user.
rust-vendor/curl/ci/Dockerfile-mingw:1:
  2. remediation: Explicitly set the last `USER` value to a non-root user to prevent the container from running in a privileged context.

rust-vendor/curl/ci/Dockerfile-musl:1:
  Type: Container running as root (SIGMA.container_running_as_root)

rust-vendor/curl/ci/Dockerfile-musl:1:
  1. Sigma main event: The Docker container is configured to run as the root user.
rust-vendor/curl/ci/Dockerfile-musl:1:
  2. remediation: Explicitly set the last `USER` value to a non-root user to prevent the container from running in a privileged context.

rust/pv/Cargo.toml:32:
  Type: Hard-coded secret (SIGMA.hardcoded_secret)

rust/pv/Cargo.toml:32:
  1. Sigma main event: A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to. Secret type: Secret.
rust/pv/Cargo.toml:32:
  2. remediation: Avoid setting sensitive configuration values as string literals. Instead, these values should be set using variables with the sensitive data loaded from an encrypted file or a secret store.

rust/pv/Cargo.toml:32:
  Type: Hard-coded secret (SIGMA.hardcoded_secret)

rust/pv/Cargo.toml:32:
  1. Sigma main event: A secret, such as a password, cryptographic key, or token is stored in plaintext directly in the source code, in an application's properties, or configuration file. Users with access to the secret may then use the secret to access resources that they otherwise would not have access to. Secret type: Secret.
rust/pv/Cargo.toml:32:
  2. remediation: Avoid setting sensitive configuration values as string literals. Instead, these values should be set using variables with the sensitive data loaded from an encrypted file or a secret store.

rust-vendor/curl/ci/Dockerfile-musl:9:
  Type: Shell pipe without pipefail option (SIGMA.shell_missing_pipefail)

rust-vendor/curl/ci/Dockerfile-musl:9:
  1. Sigma main event: The Dockerfile command directs output through the pipe operator `|` without enabling the shell option `pipefail`. As a result, the exit code will be determined by the success or failure of the last command, ignoring any upstream failures in the pipe chain. This can result in unexpected behavior due to undetected build failures.
rust-vendor/curl/ci/Dockerfile-musl:9:
  2. remediation: Explicitly set the `pipefail` option for the current shell context when using the pipe operator `|`.

rust-vendor/curl/ci/Dockerfile-centos7:3:
  Type: Update command runs in isolation (SIGMA.update_command_runs_in_isolation)

rust-vendor/curl/ci/Dockerfile-centos7:3:
  1. Sigma main event: The Dockerfile uses a package-manager `update` command isolated within a single `RUN` instruction to update the system software. This can cause caching issues when building docker image layers and subsequent package-manager `install` instructions will then fail. The main Linux package managers are `apt-get`, `apk`, `dnf`, `yum`, and `zypper`.
rust-vendor/curl/ci/Dockerfile-centos7:3:
  2. remediation: Always combine `update` with `install` in the same `RUN` instruction, such as `RUN <package-manager> update && <package-manager> install -y`.

rust-vendor/curl/ci/Dockerfile-linux64:3:
  Type: Update command runs in isolation (SIGMA.update_command_runs_in_isolation)

rust-vendor/curl/ci/Dockerfile-linux64:3:
  1. Sigma main event: The Dockerfile uses a package-manager `update` command isolated within a single `RUN` instruction to update the system software. This can cause caching issues when building docker image layers and subsequent package-manager `install` instructions will then fail. The main Linux package managers are `apt-get`, `apk`, `dnf`, `yum`, and `zypper`.
rust-vendor/curl/ci/Dockerfile-linux64:3:
  2. remediation: Always combine `update` with `install` in the same `RUN` instruction, such as `RUN <package-manager> update && <package-manager> install -y`.

rust-vendor/curl/ci/Dockerfile-linux64-curl:3:
  Type: Update command runs in isolation (SIGMA.update_command_runs_in_isolation)

rust-vendor/curl/ci/Dockerfile-linux64-curl:3:
  1. Sigma main event: The Dockerfile uses a package-manager `update` command isolated within a single `RUN` instruction to update the system software. This can cause caching issues when building docker image layers and subsequent package-manager `install` instructions will then fail. The main Linux package managers are `apt-get`, `apk`, `dnf`, `yum`, and `zypper`.
rust-vendor/curl/ci/Dockerfile-linux64-curl:3:
  2. remediation: Always combine `update` with `install` in the same `RUN` instruction, such as `RUN <package-manager> update && <package-manager> install -y`.

rust-vendor/curl/ci/Dockerfile-mingw:3:
  Type: Update command runs in isolation (SIGMA.update_command_runs_in_isolation)

rust-vendor/curl/ci/Dockerfile-mingw:3:
  1. Sigma main event: The Dockerfile uses a package-manager `update` command isolated within a single `RUN` instruction to update the system software. This can cause caching issues when building docker image layers and subsequent package-manager `install` instructions will then fail. The main Linux package managers are `apt-get`, `apk`, `dnf`, `yum`, and `zypper`.
rust-vendor/curl/ci/Dockerfile-mingw:3:
  2. remediation: Always combine `update` with `install` in the same `RUN` instruction, such as `RUN <package-manager> update && <package-manager> install -y`.

rust-vendor/curl/ci/Dockerfile-musl:3:
  Type: Update command runs in isolation (SIGMA.update_command_runs_in_isolation)

rust-vendor/curl/ci/Dockerfile-musl:3:
  1. Sigma main event: The Dockerfile uses a package-manager `update` command isolated within a single `RUN` instruction to update the system software. This can cause caching issues when building docker image layers and subsequent package-manager `install` instructions will then fail. The main Linux package managers are `apt-get`, `apk`, `dnf`, `yum`, and `zypper`.
rust-vendor/curl/ci/Dockerfile-musl:3:
  2. remediation: Always combine `update` with `install` in the same `RUN` instruction, such as `RUN <package-manager> update && <package-manager> install -y`.