SEI CERT C++ Coding Standard

Space shortcuts

Page tree

Versions Compared

Old Version 34

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Jill Britton

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The C Standard rand() function, exposed through the C++ standard library through <cstdlib> as std::rand(), makes no guarantees as to the quality of the random sequence produced. The numbers generated by some implementations of std::rand() have a comparatively short cycle, and the numbers can be predictable. Applications that have strong pseudorandom number requirements must use a generator that is known to be sufficient for their needs.

...

The following noncompliant code generates an ID with a numeric part produced by calling the rand() function. The IDs produced are predictable and have limited randomness. Further, depending on the value of RAND_MAX, the resulting value has can have modulo bias.

Code Block
bgColor#FFCCCC
langcpp
#include <cstdlib>
#include <string>
 
void f() {
  std::string id("ID"); // Holds the ID, starting with the characters "ID" followed
                        // by a random integer in the range [0-10000].
  id += std::to_string(std::rand() % 10000);
  // ...
}

...

The C++ standard library provides mechanisms for fine-grained control over pseudorandom number generation. It breaks random number generation down into two parts: one part is the algorithm responsible for providing random values (the engine), and the other is responsible for distribution of the random values via a density function (the distribution). The distribution object is not strictly required, but it works to ensure that values are properly distributed within a given range instead of improperly distributed due to bias issues. This compliant solution uses the Mersenne Twister algorithm as the engine for generating random values and a uniform distribution to negate the modulo bias from the noncompliant code example:.

Code Block
bgColor#ccccff
langcpp
#include <random>
#include <string>
 
void f() {
  std::string id("ID"); // Holds the ID, starting with the characters "ID" followed
                        // by a random integer in the range [0-10000].
  std::uniform_int_distribution<int> distribution(0, 10000);
  std::random_device rd;
  std::mt19937 engine(rd());
  id += std::to_string(distribution(engine));
  // ...
}

Note that this This compliant solution also seeds the random number engine, in conformance with MSC51-CPP. Ensure your random number generator is properly seeded.

Risk Assessment

Using the std::rand() function could lead to predictable random numbers.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MSC50-CPP

Medium

Unlikely

Low

P6

L2

Automated Detection

Tool

Version

Checker

Description

Astrée

Include Page
Astrée_V
Astrée_V

bad-function (AUTOSAR.26.5.1A)
Fully checked
Axivion Bauhaus Suite

Include Page
Axivion Bauhaus Suite_V
Axivion Bauhaus Suite_V

CertC++-MSC50
Clang
Include Page
Clang_40_V
Clang_40_V
cert-msc50-cppChecked by clang-tidy
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
BADFUNC.RANDOM.RANDUse of rand
Compass/ROSE

 

 

 




ECLAIR

Include Page
ECLAIR_V
ECLAIR_V

CC2.MSC30

Fully implemented

Fortify SCA
Helix QAC

Include Page

Helix QAC_V
Helix QAC_V

C++5028
Klocwork
Include Page
Klocwork
Fortify_VFortify
_V

 

Klocwork_V
CERT.MSC.STD_RAND_CALL
 

LDRA tool suite
Include Page
LDRA_V
LDRA_V
 

44 S

 

PRQA QA-C Include PagePRQA QA-C++_VPRQA QA-C++_VWarncall -wc rand

Enhanced Enforcement

Parasoft C/C++test
Include Page
Parasoft_V
Parasoft_V
CERT_CPP-MSC50-a

Do not use the rand() function for generating pseudorandom numbers

Polyspace Bug Finder

Include Page
Polyspace Bug Finder_V
Polyspace Bug Finder_V

CERT C++: MSC50-CPPChecks for use of vulnerable pseudo-random number generator (rule partially covered)
RuleChecker
Include Page
RuleChecker_V
RuleChecker_V
bad-function (AUTOSAR.26.5.1A)
Fully checked
Fully implemented

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

SEI CERT C++ Coding StandardMSC51-CPP. Ensure your random number generator is properly seeded
SEI CERT C Coding StandardMSC30-C. Do not use the rand() function for generating pseudorandom numbers
CERT Oracle Secure Coding Standard for JavaMSC02-J. Generate strong random numbers
MITRE CWECWE-327, Use of a Broken or Risky Cryptographic Algorithm
CWE-330, Use of Insufficiently Random Values

Bibliography

...

[ISO/IEC 9899:2011]Subclause 7.22.2, "Pseudo-random Sequence Generation Functions"

...

[ISO/IEC 14882-2014]Subclause 26.5, "Random Number Generation"


...

Image Modified Image Modified Image Modified