SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 51

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 52

changes.mady.by.user Aleksandr Karbyshev

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: axivion bauhaus

...

Using the std::rand() function could lead to predictable random numbers.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC50-CPP

Medium

Unlikely

Low

P6

L2

Automated Detection

Tool

Version

Checker

Description

Axivion Bauhaus Suite

Include Page
c:Axivion Bauhaus Suite_V
c:Axivion Bauhaus Suite_V

CertC++-MSC50
Clang
Include Page
Clang_40_V
Clang_40_V
cert-msc50-cppChecked by clang-tidy
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
BADFUNC.RANDOM.RANDUse of rand
Compass/ROSE

 

 

 




ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.MSC30

Fully implemented

LDRA tool suite
Include Page
LDRA_V
LDRA_V

44 S

Enhanced Enforcement

Parasoft C/C++test
Include Page
cplusplus:
Parasoft_V
cplusplus:
Parasoft_V
SECURITY-02
 

PRQA QA-C++
Include Page
PRQA QA-C++_V
PRQA QA-C++_V
Warncall -wc randFully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardMSC51-CPP. Ensure your random number generator is properly seeded
SEI CERT C Coding StandardMSC30-C. Do not use the rand() function for generating pseudorandom numbers
CERT Oracle Secure Coding Standard for JavaMSC02-J. Generate strong random numbers
MITRE CWECWE-327, Use of a Broken or Risky Cryptographic Algorithm
CWE-330, Use of Insufficiently Random Values

Bibliography

[ISO/IEC 9899:2011]Subclause 7.22.2, "Pseudo-random Sequence Generation Functions"
[ISO/IEC 14882-2014]Subclause 26.5, "Random Number Generation"

...


...