Security issues in grid and treegrid (Kiuwan security tool)


We recently launch a SAST security analysis in our project, with Kiuwan. It detects two very high security vulnerabilties in dhtmlxgrid and dhtmlxtreegrid:

  • Do not update control vars in ‘for’ loop body.

  • Do not use eval() function, for security and performance reasons.

We are using dhtmlx 3.1 in our project. Is there any way to avoid/fix this security issues or can we mark it as false positive?

Thanks in advanced.