chehxing opened a new issue #9964: 安全漏洞:加密密钥进行硬编码 URL: https://github.com/apache/incubator-echarts/issues/9964 ### Version 3.3.0 ### Steps to reproduce 用Fortify Audit Workbench扫描系统, 发现系统报了一个关于echarts的漏洞。 ### What is expected? 通过验证 ### What is actually happening? Porous Defenses - CWE ID 798 使用硬编码凭证。 CWE-798 声明:“软件包含硬编码凭证,例如密码或加密密钥,用于自身的入站验证、 外部组件的出站通信或者内部数据的加密”。 public/js/echarts.min.js:1 Sink: Operation Enclosing Method: lambda() Source: SCA public/js/echarts.min.js:1 Sink: Operation Enclosing Method: hv() Source: SCA <!-- This issue is generated by echarts-issue-helper. DO NOT REMOVE -->
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
