Forum Discussion
HKosova
SmartBear Alumni (Retired)
Swagger UI v. 2.2.6 is a very old version (from 2016). Try the latest version, 3.32.4.
faizz_UI
5 years agoNew Contributor
Version 3.32.4 uses Math.random() as well, which will warrant the HP Fortify warning as well. The code below is from swagger-ui-3.32.4\dist\swagger-ui.js
function(e,t)
{
var n=0,r=Math.random();
e.exports=function(e)
{
return"Symbol(".concat(void 0===e?"":e,")_",(++n+r).toString(36))
}
}
- tlai5 years agoSmartBear Alumni (Retired)
Math.random() is a commonly used function and is present in many popular libraries. SwaggerUI does not generate security sensitive context such as passwords or api keys. Thus, this notice should be a non-issue with regards to SwaggerUI.
- HKosova5 years agoSmartBear Alumni (Retired)
In that case, please open an issue here:
Related Content
- 2 years ago