SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 75

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 76

changes.mady.by.user Tracey Tamules

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This rule appears in the C++ Secure Coding Standard as MSC30-CPP. Do not use the rand() function for generating pseudorandom numbers.

Related Guidelines

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f752fe3b-9289-4ad6-a65e-62c4a76431ba"><ac:plain-text-body><![CDATA[

[[MITRE 2009

AA. Bibliography#MITRE 09]]

[CWE ID 330

http://cwe.mitre.org/data/definitions/330.html] "Use of Insufficiently Random Values"

]]></ac:plain-text-body></ac:structured-macro>

 

CWE ID 327 "Use of a Broken or Risky Cryptographic Algorithm"

 

CWE ID 330 "Use of Insufficiently Random Values"

 

CWE ID 333 "Improper Handling of Insufficient Entropy in TRNG"

 

CWE ID 332 "Insufficient Entropy in PRNG"

 

CWE ID 337 "Predictable Seed in PRNG"

 

CWE ID 336 "Same Seed in PRNG"

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup

...

" ac:schema-version="1" ac:macro-id="f06fb5ef-76b6-4ad8-ba31-5800a27c9c30"><ac:plain-text-body><![CDATA[

[[API

...

2006

...

https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06]

...

]

...

 

[Class

...

Random

...

http://java.sun.com/javase/6/docs/api/java/util/Random.html

...

]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9e0719ae-4f19-4f78-8e27-491162a988bd"><ac:plain-text-body><![CDATA[

[[API

...

2006

...

https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-API06]

...

]

...

[Class

...

SecureRandom

...

http://java.sun.com/javase/6/docs/api/java/security/SecureRandom.html

...

]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2298b482-222e-4746-b430-0d66dac9ed5c"><ac:plain-text-body><![CDATA[

[[Find

...

Bugs

...

2008

...

https://www.securecoding.cert.org/confluence/display/java/AA.+Java+References#AA.JavaReferences-FindBugs08]

...

]

...

BC:

...

Random

...

objects

...

created

...

and

...

used

...

only

...

once

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="13a11349-6246-4c75-9b65-840ef9f57c64"><ac:plain-text-body><![CDATA[

[[Monsch 2006

AA. Bibliography#Monsch 06]]

 

]]></ac:plain-text-body></ac:structured-macro>

...

      49. Miscellaneous (MSC)      MSC03-J. Never hardcode sensitive information