Forum Discussion

New Contributor

5 years ago

HP Fortify - Insecure Randomness

HP Fortify is flagging swagger-ui.js as insecure, citing Math.random() as "Insecure Randomness". I'm using Swagger UI v2.2.6. Has there been a fix or response for this? Thanks!

Swagger UI

HKosova

SmartBear Alumni (Retired)

5 years ago

Swagger UI v. 2.2.6 is a very old version (from 2016). Try the latest version, 3.32.4.

faizz_UI
New Contributor
5 years ago
Version 3.32.4 uses Math.random() as well, which will warrant the HP Fortify warning as well. The code below is from swagger-ui-3.32.4\dist\swagger-ui.js

function(e,t)
{
    var n=0,r=Math.random();
    e.exports=function(e)
    {
        return"Symbol(".concat(void 0===e?"":e,")_",(++n+r).toString(36))
    }
}
- tlai
  SmartBear Alumni (Retired)
  5 years ago
  Math.random() is a commonly used function and is present in many popular libraries. SwaggerUI does not generate security sensitive context such as passwords or api keys. Thus, this notice should be a non-issue with regards to SwaggerUI.
- HKosova
  SmartBear Alumni (Retired)
  5 years ago
  In that case, please open an issue here:
  
  https://github.com/swagger-api/swagger-ui/issues

Recent Discussions

Python 3.6 client support
7 days ago
jcalcote
I want to add variable in swagger like postman
7 days ago
shraddha_1
Endpoint Expansion
13 days ago
micscopau
Mixed-Type Arrays with java swagger-annotations 2.0.3.
13 days ago
danijelsudimac
same http method and same URL END POINT
14 days ago
shraddha_1

Forum Discussion

HP Fortify - Insecure Randomness

Related Content

How to set using insecure ssl in SoapUI?

Generate a random number within a range

entering random keys

Random factor calculation for Load Profile= Random

Random Date Project Property

Recent Discussions

Python 3.6 client support

I want to add variable in swagger like postman

Endpoint Expansion

Mixed-Type Arrays with java swagger-annotations 2.0.3.

same http method and same URL END POINT