SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 82

changes.mady.by.user Todd Nowacki

Saved on

compared with

New Version 83

changes.mady.by.user Tracey Tamules

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
import java.security.SecureRandom;
import java.security.NoSuchAlgorithmException;
// ...

public static void main (String args[]) {
   try {
     SecureRandom number = SecureRandom.getInstance("SHA1PRNG");
     // Generate 20 integers 0..20
     for (int i = 0; i < 20; i++) {
       System.out.println(number.nextInt(21));
     }
   } catch (NoSuchAlgorithmException nsae) { 
     // Forward to handler
   }
}

Exceptions

MSC02-EX1EX0: Using the default constructor for java.util.Random applies a seed value that is "very likely to be distinct from any other invocation of this constructor" (API 2006), and may improve security marginally. As a result, it may only be used for non-critical applications operating on non-sensitive data. Java's default seed uses the system's time in milliseconds. When used, explicit documentation of this exception is required.

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="55b2430b8456bcb3-5902cd49-43c34249-bddaa35b-eaba1599a83db8afcabbb37f"><ac:plain-text-body><![CDATA[

[[API 2006

https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06]] 

[Class Random

http://java.sun.com/javase/6/docs/api/java/util/Random.html]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a5436bde271abe1c-b7d0219b-46ad4ecb-af68af66-d3e9de99e26a9660ac5a7e5b"><ac:plain-text-body><![CDATA[

[[API 2006

https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06]]

[Class SecureRandom

http://java.sun.com/javase/6/docs/api/java/security/SecureRandom.html]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="bcff40bce01adb8f-e89be6fc-4f3a489d-a58e9a3e-4aa1ed55d887a8efdd2ee038"><ac:plain-text-body><![CDATA[

[[Find Bugs 2008

https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-FindBugs08]]

BC: Random objects created and used only once

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a546fafdc5c80e1c-84fa7831-4a0a4836-a401a344-81ec5688082b671a9ea7a03c"><ac:plain-text-body><![CDATA[

[[Monsch 2006

AA. Bibliography#Monsch 06]]

 

]]></ac:plain-text-body></ac:structured-macro>

...