SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 91

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 92

changes.mady.by.user Yozo TODA

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: some link notations fixed.

...

Code Block
bgColor#ccccff
import java.security.SecureRandom;
import java.security.NoSuchAlgorithmException;
// ...

public static void main (String args[]) {
   try {
     SecureRandom number = SecureRandom.getInstance("SHA1PRNG");
     // Generate 20 integers 0..20
     for (int i = 0; i < 20; i++) {
       System.out.println(number.nextInt(21));
     }
   } catch (NoSuchAlgorithmException nsae) { 
     // Forward to handler
   }
}

Exceptions

Wiki Markup
*MSC02-EX0:* Using the default constructor for {{java.util.Random}} applies a seed value that is "very likely to be distinct from any other invocation of this constructor"
/
 \[[API
2006/] and may improve security marginally. As a result, it may be used only for noncritical applications operating on nonsensitive data. Java's default seed uses the system's time in milliseconds. When used, explicit documentation of this exception is 
 2006|AA. References#API 06]\] and may improve security marginally. As a result, it may be used only for noncritical applications operating on nonsensitive data. Java's default seed uses the system's time in milliseconds. When used, explicit documentation of this exception is required.

Code Block
bgColor#ccccff
import java.util.Random;
// ...

Random number = new Random(); // only used for demo purposes
int n;
//...
for (int i = 0; i < 20; i++) {
  // Re-seed generator
  number = new Random();
  // Generate another random integer in the range [0, 20]
  n = number.nextInt(21);
  System.out.println(n);
}

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="31e2698c2ec666bc-6d5fe6ba-4c684686-a6ce8b31-9364831193812264d53edeb3"><ac:plain-text-body><![CDATA[

[[API 2006

https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06AA. References#API 06]] 

[Class Random

http://java.sun.com/javase/6/docs/api/java/util/Random.html]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f4a2b5c63b9b1358-568c2b28-453f4cb0-890d85d2-26b0005c0ff9f288f282a6c7"><ac:plain-text-body><![CDATA[

[[API 2006

https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06AA. References#API 06]]

[Class SecureRandom

http://java.sun.com/javase/6/docs/api/java/security/SecureRandom.html]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d4745dc4fad57836-b55b3f1f-4d564548-9a939049-6a828506c3f5d59f07537359"><ac:plain-text-body><![CDATA[

[[Find Bugs FindBugs 2008

https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-FindBugs08AA. References#FindBugs 08]]

BC. Random objects created and used only once

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="285bc1cb41c559e8-4a1256c8-42f84f21-b35e861d-5790e76787701f37a02c6416"><ac:plain-text-body><![CDATA[

[[Monsch 2006

AA. References#Monsch 06]]

 

]]></ac:plain-text-body></ac:structured-macro>

...