HP Fortify - Insecure Randomness
HP Fortify is flagging swagger-ui.js as insecure, citing Math.random() as "Insecure Randomness". I'm using Swagger UI v2.2.6. Has there been a fix or response for this? Thanks!
Forum Discussion
Swagger UI v. 2.2.6 is a very old version (from 2016). Try the latest version, 3.32.4.
Version 3.32.4 uses Math.random() as well, which will warrant the HP Fortify warning as well. The code below is from swagger-ui-3.32.4\dist\swagger-ui.js
function(e,t)
{
var n=0,r=Math.random();
e.exports=function(e)
{
return"Symbol(".concat(void 0===e?"":e,")_",(++n+r).toString(36))
}
}
Math.random() is a commonly used function and is present in many popular libraries. SwaggerUI does not generate security sensitive context such as passwords or api keys. Thus, this notice should be a non-issue with regards to SwaggerUI.
In that case, please open an issue here:
