I have been doing a static code analysis of my entire project with the KIUWAN tool
This tool has found some security issues in some Kendo JS files
I would like to know if they are false positives or if it can be justified in some way that there are no security problems
Problems found (the most important are the first 3):
- Do not update control vars in 'for' loop body Maintainability Control flow
- Potential denial-of-service attack through malicious regular expression(ReDoS)
- Never use JavaScript 'history' object or navigation-based positioning
- Avoid unused local variable
- Avoid accessing unreliable variable properties
- Standard pseudo-random number generators cannot withstand cryptographic attacks
The details of the analysis are in the attached file (a zip with a pdf file)
Kendo version: 2020.2.513