I facing issue related to "Key Management: Hardcoded Encryption Key" for chart.js api. We are using Fortify Scanning for security purpose. How to avoid the 'Hardcoded Encryption Key'.

After scanning we found the line of code that is hardcoded in chart.js. Is there any way to resolve this issue.

var axisType = helpers.getValueOrDefault(valueObj.type, key === 'xAxes' ? 'category' : 'linear');

I facing issue related to "Key Management: Hardcoded Encryption Key" for chart.js api. We are using Fortify Scanning for security purpose. How to avoid the 'Hardcoded Encryption Key'.

After scanning we found the line of code that is hardcoded in chart.js. Is there any way to resolve this issue.

var axisType = helpers.getValueOrDefault(valueObj.type, key === 'xAxes' ? 'category' : 'linear');

• javascript
• encryption
• chart.js
• xss
• fortify

• 1 Besides the fact that Chart.js has no encryption related code at all in it (as far as I'm aware), that line of code is clearly not a hard-coded encryption key. So it's a false positive that you should report to the vendor. – timclutton Commented Oct 9, 2019 at 12:49

1 Answer 1

After analysed the chart.js code file, we have found there is no hardcode encryption key . Key is variable name.

Hp fortify identified the word, 'key' as encryption key. These are not encryption key it is a variable name. Hence it is a false positive.