Hi,
We performed a Veracode static analysis for security on our project DLLs and in the report generated we see some flaws identified in Telerik DLLs. The flaws are listed below. Please suggest how we can fix or mitigate these issues.
Our project has Silverlight 5 with C# and uses Telerik Controls version 2012.1.0215.1050
Do let me know if you need more information.
Regards,
Sandeep
We performed a Veracode static analysis for security on our project DLLs and in the report generated we see some flaws identified in Telerik DLLs. The flaws are listed below. Please suggest how we can fix or mitigate these issues.
| Scope | CWE Name | Flaw Category |
| TransparentThemeBackgroundConverter | Insufficient Entropy | Cryptographic Issues |
| ZipOutputStream | Insecure Temporary File | Time and State |
| TxtFormatProvider | Improper Resource Shutdown or Release | Code Quality |
| ProtectionHelper | Insufficient Entropy | Cryptographic Issues |
| RadUploadHandler | External Control of File Name or Path | Directory Traversal |
| RadUploadHandler | External Control of File Name or Path | Directory Traversal |
Our project has Silverlight 5 with C# and uses Telerik Controls version 2012.1.0215.1050
Do let me know if you need more information.
Regards,
Sandeep
2 Answers, 1 is accepted
0
Sandeep
Top achievements
Rank 1
Rank 1
answered on 31 Jul 2012, 01:43 PM
I have an excel report which contains the flaw list which I am not able to upload. Where can I do that?
0
Hello,
Didie
the Telerik team
I would suggest you to as well test with our latest assemblies version Q2 2012 Service Pack (2012.2.725). As to attaching the file, you can open a support ticket and upload it there.
Didie
the Telerik team
Explore the entire Telerik portfolio by downloading Telerik DevCraft Ultimate.