Script issues and vulnerabilities
HiZackDavid opened this issue · comments
We use SonarCloud to help us identify issues and vulnerabilities. After implementing BlazorApplicationInsights 3.0.4, SonarCloud raised multiple issues and brought to our attention two possible vulnerabilities.
Security hotspots (Vulnerabilities)
Issues (I can't open them all there are just too many 😅. 40 to be exact)
Note : We marked them as fixed without applying any fix out of trust but we would like to get back to them.
BlazorApplicationInsights works and doesn't show any console or network error. That being said, these issues and vulnerability SonarCloud is showing us is raising concerns among us.
I was wondering if these issues were known or if there are any plans on handling them ?
That's very odd, that code is literally 100% Microsoft's Application Insights JS Snippit. You can see it here, https://github.com/microsoft/ApplicationInsights-JS?tab=readme-ov-file#snippet-setup-ignore-if-using-npm-setup
The major change in 3.0.0 was to embed the snippet in the library so that in most cases, devs wont need to add it themselves.
See here,
Thanks for the information. I think we can close this ticket. I will try to get more information from Microsoft's Application Insights