I have been doing a static code analysis of my entire project with the KIUWAN tool
This tool has found some security issues in some Kendo JS files
I would like to know if they are false positives or if it can be justified in some way that there are no security problems
Problems found (the most important are the first 3):
- Do not update control vars in 'for' loop body Maintainability Control flow
- Potential denial-of-service attack through malicious regular expression(ReDoS)
- Never use JavaScript 'history' object or navigation-based positioning
- Avoid unused local variable
- Avoid accessing unreliable variable properties
- Standard pseudo-random number generators cannot withstand cryptographic attacks
The details of the analysis are in the attached file (a zip with a pdf file)
Kendo version: 2020.2.513
3 Answers, 1 is accepted
Hi,
Thank you for getting in touch with us.
We will need some time to inspect the issues and will contact us as soon as we have more information about them. Please excuse us for this answer delay in advance.
Regards,
Plamen
Progress Telerik
Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.
Hi,
We have inspected the issues detected by the tool and can confirm that they are false positive.
If you need more information or have any concrete concerns please submit a support ticket so we could discuss them further.
Regards,
Plamen
Progress Telerik
Virtual Classroom, the free self-paced technical training that gets you up to speed with Telerik and Kendo UI products quickly just got a fresh new look + new and improved content including a brand new Blazor course! Check it out at https://learn.telerik.com/.
Rank 1
Thank you
We will consider the creation of the Support Ticket