SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 29

changes.mady.by.user Aaron Ballman

Saved on

compared with

New Version 30

changes.mady.by.user Barbara White

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The C Standard rand() function, exposed through the C++ standard library through <cstdlib> as std::rand(), makes no guarantees as to the quality of the random sequence produced. The numbers generated by some implementations of std:rand() have a comparatively short cycle, and the numbers can be predictable. Applications that have strong pseudorandom number requirements must use a generator that is known to be sufficient for their needs.

Noncompliant Code Example

The following noncompliant code generates an ID with a numeric part produced by calling the rand() function. The IDs produced are predictable and have limited randomness. Further, depending on the value of RAND_MAX, the resulting value has modulo bias.

Code Block
bgColor#FFCCCC
langcpp
#include <cstdlib>
#include <string>
 
void f() {
  std::string id("ID"); // Holds the ID, starting with the characters "ID" followed
                        // by a random integer in the range [0-10000].
  id += std::to_string(std::rand() % 10000);
  // ...
}

Compliant Solution

The C++ Standard Library provides mechanisms for fine-grained control over pseudorandom number generation. It breaks number generation down into two parts: one part is the algorithm responsible for providing random values (the engine), and the other is responsible for distribution of the random values via a density function (the distribution). The distribution object is not strictly required, but works to ensure that values are properly distributed within a given range, instead of improperly distributed due to bias issues. This compliant solution uses the Mersenne Twister algorithm as the engine for generating random values, and a uniform distribution to negate the modulo bias from the noncompliant code example:

...

Note that this compliant solution also seeds the random number engine, in conformance with MSC32MSC51-CPP. Ensure your random number generator is properly seeded.

Risk Assessment

Using std::rand() function could lead to predictable random numbers.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC30-CPP

Medium

Unlikely

Low

P6

L2

Automated Detection

Tool

Version

Checker

Description

CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
BADFUNC.RANDOM.RANDUse of rand

Compass/ROSE

 

 

 

ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.MSC30

Fully implemented

Fortify SCA

Include Page
Fortify_V
Fortify_V

 

 

LDRA tool suite

Include Page
LDRA_V
LDRA_V

 

 

PRQA QA-C
Include Page
PRQA QA-C++_V
PRQA QA-C++_V
Warncall -wc randFully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

CERT C++ Coding StandardMSC32MSC51-CPP. Ensure your random number generator is properly seeded
CERT C Coding StandardMSC30-C. Do not use the rand() function for generating pseudorandom numbers
CERT Oracle Secure Coding Standard for JavaMSC02-J. Generate strong random numbers
MITRE CWECWE-327, Use of a Broken or Risky Cryptographic Algorithm
CWE-330, Use of Insufficiently Random Values

Bibliography

[ISO/IEC 14882-2014]26.5, "Random Number Generation"
[ISO/IEC 9899:2011]7.22.2, "Pseudo-random Sequence Generation Functions"

...