1,066 questions
CodeQL bugs - js/insecure-randomness and js/incomplete-sanitization in ReactJS based portal
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(112.00000000000001, 38%, 20%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EAJ%3C/text%3E%3C/svg%3E)
Abhijit Jadhav (INFOSYS LIMITED)
11
Reputation points Microsoft External Staff
We have react application and it is being bundled using webpack. CodeQL tool has reported a 'js/insecure-randomness' and 'js/incomplete-sanitization' compliance bugs in app.js file( file which gets created post bundling).
In this App.js, we see many occurrences of Math.Random function or code which generates cryptographically insecure pseudo-random number and instances of replace functions, however such functions or code we don't have in our React files. Therefore , we are unable to understand what and where we have to do a fixes in this case.
Can someone please help here and share pointers to fix these bugs.. Is this due to older dependencies or packages used? As above mentioned codes is not present in source files, it seems this doesn't need fix from code. Please help.
Microsoft 365 and Office Development Office JavaScript API
Sign in to answer