Forums Home / ActiveReports / ActiveReports v7+
Posted by: renu.ap on 4 July 2018, 6:24 am EST
renu.ap
Posted 4 July 2018, 6:24 am EST
Hi,
We have scanned our windows based console application with Veracode static scanner and got few vulnerabilities from Grapecity libraries. Attached screenshots from report. Please suggest how to apply remediation for those issues.
Regards
Renu
ilia
Posted 4 July 2018, 7:00 am EST
After attaching the screenshots, you need to wait a few seconds before they appear in Text box.
renu.ap
Posted 4 July 2018, 7:28 am EST
mohitg
Posted 4 July 2018, 9:41 am EST
Hello Renu,
the DataLayer class mentioned by Veracode is used in the section reports.
“dynamically constructed query” means the case when the query in the report contains the parameters like “select * from mytable where field1=<%ParameterName%>”, and the internal API replaces <%ParameterName%> by the value entered in UI or created in code at run time.
“To add parameters directly using a SQL query”:
http://help.grapecity.com/activereports/webhelp/AR12/AddParameters.html
Thanks,
Mohit
renu.ap
Posted 4 July 2018, 12:21 pm EST
Hi,
In our case we have code based reports and data fetched from database through code on report start and populated to the fields using code. We never set data source to the report.
Regards
Renu
mohitg
Posted 5 July 2018, 9:28 am EST
Hello,
I have escalated the issue to our developer team(ID 260389) and will inform you once I get any information from them.
Thanks,
Mohit
mohitg
Posted 6 July 2018, 7:14 am EST
Hello Renu,
Could you please explain the how you fetch from database through code on report start and populated to the fields using code. If possible could you please share the code with us.
Thanks,
