I am a security engineer, we are looking to use Aspose.HTML and as part of my preliminary research I have run the component through our scanning tools. We are picking up that the library libwebp is being used, but it can not identify the version number.
Could someone provide me with this information?
Thanks so much.
We are gathering the related information and will get back to you shortly.
We have checked in details and want to share that the Aspose.HTML does not use libwebp. Can you please double check your process of scanning. OR you can share how you are scanning the API.
I’ve downloaded the free Aspose.Html_23.9.zip from Download C# Library to Process CSS & HTML | Aspose.HTML API.
I then ran that through our binary analysis scanner BlackDuck. Is there another way to do this if I wanted to run a preliminary binary scan?
Thanks for your help
Please allow us to check it further and get back to you shortly.
@asad.ali Thank you, let me know when you have some info
Hey @asad.ali, I’ve been asked to convey to you that this step is the last one in our evaluation of the product, and with visibility into the binaries we will be ready to purchase. Could you help us out? If there is a better channel for more consistent communication please let me know. Thanks so much
Aspose.HTML is a library written in a different language (C#), so it is unlikely to have this vulnerabilities. Our sonar analysis did not reveal any vulnerabilities in our code. Furthermore, a similar inquiry was also posted in reference to Aspose.Imaging in the past and we have checked at our end. We can confirm from our analysis that such vulnerability does not exist in our API.
@asad.ali Thank you for the response. Since this route does not seem to yield correct results, could you possibly point me in the direction of obtaining the file that would contain the binaries for Aspose.HTML? Sonar is a static analysis tool, and I am trying to conduct a binary scan.
We are afraid that we cannot make any kind of suggestions in this regard. We release APIs after performing a lot of tests and analysis. Therefore, we do not feel any need to encourage our customers to perform such analysis. However, if somehow you are still able to find any vulnerability, you can please share with us and we will work on removing it. In case you have any other inquiry, please feel free to ask.