RxCrossroads have been using ASPOSE DLL in number of applications. We did Veracode scan of our applications using the older version of the ASPOSE and we found number of Veracode issues. When we contacted ASPOSE, we were told that the latest version of the ASPOSE does not have those vulnerabilities. Subsequently, we procured the latest version of ASPOSE and also procured premier support license (license Order ID: 160718174414). However, when we rescanned our applications after integrating the latest version, we are still seeing numerous Veracode issues. Due to these issues are not able to move the application to CVS data center. Please find attached the list of issues and sample code snippet. We need urgent resolution of these issues. Our team has been posting the issues in ASPOSE forum since last week. However, we are not getting timely response despite having premium support license. We need urgent attention from ASPOSE to get the issues resolved. We are willing to upgrade our support license if needed.
Hi Mazibur,
mansary@rxcrossroads.com:However, we are not getting timely response despite having premium support license.
Thanks for your response. I believe, the issue has to be fixed in ASPOSE DLL. We encountered similar issues in our code and we have rectified those issues.
The spread sheet that is provided explains the code where the issues are present since you have the code we cannot find the code snippets for you.
2) If any help is required on how to resolve the issues we can have any call where we can explain the issues.
3) Below is the example how we have resolved the issue at our end.
///
/// Generate a random integer to use as a salt value.
///
///
public static int GenerateRandomSalt()
{
// generate a random number of at least 6 digits, up to the int max
//var rand = new Random();
//return rand.Next(100000, int.MaxValue);
// <CWEID=331> < IssueID=81>< Hub Services(Front End ) Policy Scan> <[2016-08-08] ><Cryptography Issue - RNGCryptoServiceProvider Implemented>
RNGCryptoServiceProvider random= new RNGCryptoServiceProvider();
int max = int.MaxValue;
int min = 100000;
byte[] b = new byte[sizeof(UInt32)];
random.GetBytes(b);
double d = BitConverter.ToUInt32(b, 0) / (double)UInt32.MaxValue;
return min + (int)((max - min) * d);
}
We need the remediated Product ASAP. Otherwise, our security team will not allow using ASPOSE in any of our applications and we have to cancel our license as well as Premier Support agreement that we have with ASPOSE now. I would appreciate your prompt Response.
Hi Mazibur,
Hi Mazibur,
Hi Mazibur,
Thanks Imran for the update. We have downloaded the latest version of the DLL,integrated with our applications and submitted for re-scanning. We will revert if we find any issues in the re-scan. In the meantime, I would appreciate if you fix the issues in ASPOSE Words and ASPOSE pdf and share the updated version. We are in a time crunch situation and we are holding up our multiple applications from Going Live pending remediation of these issues. We will greatly appreciate your help.
Hi Mazibur,
Hi Mazibur,
The issues you have found earlier (filed as WORDSNET-14349) have been fixed in this Aspose.Words for .NET 17.5 update and this Aspose.Words for Java 17.5 update.
This message was posted using Notification2Forum from Downloads module by aspose.notifier.