I facing issue related to “Key Management: Hardcoded Encryption Key” for chart.js api. We are using Fortify Scanning for security purpose. How to avoid the ‘Hardcoded Encryption Key’.
After scanning we found the line of code that is hardcoded in chart.js. Is there any way to resolve this issue.
var axisType = helpers.getValueOrDefault(valueObj.type, key === 'xAxes' ? 'category' : 'linear');
Advertisement
Answer
After analysed the chart.js code file, we have found there is no hardcode encryption key . Key is variable name.
Hp fortify identified the word, ‘key’ as encryption key. These are not encryption key it is a variable name. Hence it is a false positive.