Page History

...

On Windows platforms, the BcryptGenRandomBCryptGenRandom() function can be used to generate cryptographically strong random numbers. The Microsoft Developer Network BCryptGenRandom() reference [MSDN] states:

...

Supported, but no explicit checkerUsing a cryptographically weak PRQA QA-CFully implemented

Tool

Version

Checker

Description

Astrée

Include Page

	Astrée_V
	Astrée_V

stdlib-use-rand

Fully checked

Axivion Bauhaus Suite

Include Page

	Axivion Bauhaus Suite_V
	Axivion Bauhaus Suite_V

CertC-MSC30

Clang

Include Page

	Clang_40_V
	Clang_40_V

cert-msc30-c

Checked by clang-tidy

CodeSonar

Include Page

	CodeSonar_V
	CodeSonar_V

BADFUNC.RANDOM.RAND

Use of rand

Compass/ROSE

Coverity

Include Page

	Coverity_V
	Coverity_V

DONTCALL

Implemented - weak support

Cppcheck Premium

Include Page

	Cppcheck Premium_V
	Cppcheck Premium_V

premium-cert-msc30-c

Fully implemented

ECLAIR

Include Page

	ECLAIR_V
	ECLAIR_V

CC2.MSC30

Fully implemented

Helix QAC

Include Page

	Helix QAC_V
	Helix QAC_V

C5022

C++5029

Klocwork

Include Page

	Klocwork_V
	Klocwork_V

CERT.MSC.STD_RAND_CALL

LDRA tool suite

Include Page

	LDRA_V
	LDRA_V

44 S

Enhanced enforcement

Parasoft C/C++test

Include Page

	Parasoft_V
	Parasoft_V

CERT_C-MSC30-a

Do not use the rand() function for generating pseudorandom numbers

PC-lint Plus

Include Page

	PC-lint Plus_V
	PC-lint Plus_V

586

Fully supported

Polyspace Bug Finder

Include Page

	Polyspace Bug Finder_V
	Polyspace Bug Finder_V

Vulnerable pseudo-random number generator

CERT C: Rule MSC30-C

Checks for vulnerable pseudo-random number generator

(rule fully covered)

RuleChecker

Include Page

PRQA QA-C_v

	RuleChecker_V
	RuleChecker_V

stdlib-use-rand

Fully checked

PRQA QA-C_v

5022

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

...

Space shortcuts

Page tree

Versions Compared

Old Version 133

New Version Current

Key

Related Vulnerabilities