Veracode Static Analysis - Flaws Identified

3 posts, 0 answers
  1. Sandeep
    Sandeep avatar
    2 posts
    Member since:
    Jul 2012

    Posted 30 Jul 2012 Link to this post

    Hi,

    We performed a Veracode static analysis for security on our project DLLs and in the report generated we see some flaws identified in Telerik DLLs. The flaws are listed below. Please suggest how we can fix or mitigate these issues.

    Scope CWE Name Flaw Category
    TransparentThemeBackgroundConverter Insufficient Entropy Cryptographic Issues
    ZipOutputStream Insecure Temporary File Time and State
    TxtFormatProvider Improper Resource Shutdown or Release Code Quality
    ProtectionHelper Insufficient Entropy Cryptographic Issues
    RadUploadHandler External Control of File Name or Path Directory Traversal
    RadUploadHandler External Control of File Name or Path Directory Traversal



    Our project has Silverlight 5 with C# and uses Telerik Controls version 2012.1.0215.1050
    Do let me know if you need more information.

    Regards,
    Sandeep
  2. Sandeep
    Sandeep avatar
    2 posts
    Member since:
    Jul 2012

    Posted 31 Jul 2012 Link to this post

    I have an excel report which contains the flaw list which I am not able to upload. Where can I do that?
  3. Dimitrina
    Admin
    Dimitrina avatar
    3769 posts

    Posted 02 Aug 2012 Link to this post

    Hello,

    I would suggest you to as well test with our latest assemblies version Q2 2012 Service Pack (2012.2.725). As to attaching the file, you can open a support ticket and upload it there.

    Greetings,
    Didie
    the Telerik team

    Explore the entire Telerik portfolio by downloading Telerik DevCraft Ultimate.

Back to Top