SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 44

changes.mady.by.user Ankur Goyal

Saved on

compared with

New Version 45

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot

...

Code Block
bgColor#FFCCCC
import java.util.Random;
// ...

Random number = new Random(123L);
//...
for (int i=0; i&lti<20;20; i++) {
  // generate another random integer in the range [0, 20]
  int n = number.nextInt(21);
  System.out.println(n);
}

...

Code Block
bgColor#ccccff
import java.security.SecureRandom;
import java.security.NoSuchAlgorithmException;
// ...

public static void main (String args[]) {
   try {
     SecureRandom number = SecureRandom.getInstance(&quot;SHA1PRNG&quot;"SHA1PRNG");
     // Generate 20 integers 0..20
     for (int i = 0; i &lt;< 20; i++) {
       System.out.println(number.nextInt(21));
     }
   }
   catch (NoSuchAlgorithmException nsae) { 
     // Forward to handler
   }
}

...

Code Block
bgColor#ccccff
import java.util.Random;
// ...

Random number = new Random();
int n;
//...
for (int i=0; i&lt;20i<20; i++) {
  // Re-seed generator
  number = new Random();
  // Generate another random integer in the range [0, 20]
  n = number.nextInt(21);
  System.out.println(n);
}

...

Wiki Markup
\[[API 06|https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06]\]&amp;nbsp;[Class Random|http://java.sun.com/javase/6/docs/api/java/util/Random.html]
\[[API 06|https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06]\] [Class SecureRandom|http://java.sun.com/javase/6/docs/api/java/security/SecureRandom.html]
\[[Find Bugs 08|https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-FindBugs08]\] BC: Random objects created and used only once
\[[Monsch 06|AA. Java References#Monsch 06]\]
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 330|http://cwe.mitre.org/data/definitions/330.html] &quot;"Use of Insufficiently Random Values&quot;", [CWE ID 327 |http://cwe.mitre.org/data/definitions/327.html], &quot;"Use of a Broken or Risky Cryptographic Algorithm,&quot;" [CWE ID 330|http://cwe.mitre.org/data/definitions/330.html], &quot;"Use of Insufficiently Random Values&quot;", [CWE ID 333| http://cwe.mitre.org/data/definitions/333.html] &quot;"Failure to Handle Insufficient Entropy in TRNG&quot;", [CWE ID 332|http://cwe.mitre.org/data/definitions/332.html] &quot;"Insufficient Entropy in PRNG&quot;", [CWE ID 337|http://cwe.mitre.org/data/definitions/337.html] &quot;"Predictable Seed in PRNG&quot;", [CWE ID 336|http://cwe.mitre.org/data/definitions/336.html] &quot;"Same Seed in PRNG&quot;"

...

MSC07MSC09-J. Do not assume infinite heap space&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;use insecure or weak cryptographic algorithms      49. Miscellaneous (MSC)&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;      MSC31-J. Never hardcode sensitive information