CodeQL bugs - js/insecure-randomness and js/incomplete-sanitization in ReactJS based portal

Abhijit Jadhav (INFOSYS LIMITED) 6 Reputation points Microsoft Vendor

We have react application and it is being bundled using webpack. CodeQL tool has reported a 'js/insecure-randomness' and 'js/incomplete-sanitization' compliance bugs in app.js file( file which gets created post bundling).

In this App.js, we see many occurrences of Math.Random function or code which generates cryptographically insecure pseudo-random number and instances of replace functions, however such functions or code we don't have in our React files. Therefore , we are unable to understand what and where we have to do a fixes in this case.

Can someone please help here and share pointers to fix these bugs.. Is this due to older dependencies or packages used? As above mentioned codes is not present in source files, it seems this doesn't need fix from code. Please help.

JavaScript API
JavaScript API
An Office service that supports add-ins to interact with objects in Office client applications.
752 questions
0 comments No comments
{count} votes