We are using ColsedXml.dll In our application. We are mandated by our organization to scan our code in Veracode Site for security scan. While running the scan we got __"Cross site scripting flaws in ColsedXml.dll"__
Please advise to fix/overcome these flaws.
__Issues Details:
Cross-Site Scripting - Insufficient Entropy (CWE ID 331) - Cryptographic Issues
Module: ClosedXML.dll (Product Version 0.69.1.0)__
1) In closedxml_dll.
File name : ClosedXML.Excel.CalcEngine.MathTrig
Method Name : RandBetween
2) In closedxml_dll.
File name : ClosedXML.Excel.CalcEngine.MathTrig
Method Name : Rand
Comments: Find out the fastest way to generate the following two random numbers using RNGCryptoServiceProvider and I'll include it. 1) A double >= 0 and < 1 See http://office.microsoft.com/en-us/excel-help/rand-HP005209229.aspx 2) An integer between two given integers. Floor and ceiling are included and can accept negative numbers. See http://office.microsoft.com/en-us/excel-help/randbetween-HP005209230.aspx
Please advise to fix/overcome these flaws.
__Issues Details:
Cross-Site Scripting - Insufficient Entropy (CWE ID 331) - Cryptographic Issues
Module: ClosedXML.dll (Product Version 0.69.1.0)__
1) In closedxml_dll.
File name : ClosedXML.Excel.CalcEngine.MathTrig
Method Name : RandBetween
2) In closedxml_dll.
File name : ClosedXML.Excel.CalcEngine.MathTrig
Method Name : Rand
Comments: Find out the fastest way to generate the following two random numbers using RNGCryptoServiceProvider and I'll include it. 1) A double >= 0 and < 1 See http://office.microsoft.com/en-us/excel-help/rand-HP005209229.aspx 2) An integer between two given integers. Floor and ceiling are included and can accept negative numbers. See http://office.microsoft.com/en-us/excel-help/randbetween-HP005209230.aspx