...
The C++ standard library provides mechanisms for fine-grained control over pseudorandom number generation. It breaks random number generation down into two parts: one part is the algorithm responsible for providing random values (the engine), and the other is responsible for distribution of the random values via a density function (the distribution). The distribution object is not strictly required, but it works to ensure that values are properly distributed within a given range instead of improperly distributed due to bias issues. This compliant solution uses the Mersenne Twister algorithm as the engine for generating random values and a uniform distribution to negate the modulo bias from the noncompliant code example:.
Code Block | ||||
---|---|---|---|---|
| ||||
#include <random> #include <string> void f() { std::string id("ID"); // Holds the ID, starting with the characters "ID" followed // by a random integer in the range [0-10000]. std::uniform_int_distribution<int> distribution(0, 10000); std::random_device rd; std::mt19937 engine(rd()); id += std::to_string(distribution(engine)); // ... } |
Note that this This compliant solution also seeds the random number engine, in conformance with MSC51-CPP. Ensure your random number generator is properly seeded.
Risk Assessment
Using the std::rand()
function could lead to predictable random numbers.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MSC50-CPP | Medium | Unlikely | Low | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
---|---|---|---|---|---|---|---|---|---|
Astrée |
| bad-function (AUTOSAR.26.5.1A) | Fully checked | ||||||
Axivion Bauhaus Suite |
| CertC++-MSC50 | |||||||
Clang |
| cert-msc50-cpp | Checked by clang-tidy | ||||||
CodeSonar |
| BADFUNC.RANDOM.RAND | Use of rand | ||||||
Compass/ROSE |
| CC2.MSC30 | Fully implemented |
Helix QAC |
|
|
C++5028 | |||||
Klocwork |
|
|
| CERT.MSC.STD_RAND_CALL |
LDRA tool suite |
| 44 S | Enhanced Enforcement | ||||||
Parasoft C/C++test |
| CERT_CPP-MSC50-a | Do not use the rand() function for generating pseudorandom numbers | |||||||
Polyspace Bug Finder |
| CERT C++: MSC50-CPP | Checks for use of vulnerable pseudo-random number generator (rule partially covered) | ||||||
RuleChecker |
| bad-function (AUTOSAR.26.5.1A) | Fully checked |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
SEI CERT C++ Coding Standard | MSC51-CPP. Ensure your random number generator is properly seeded |
SEI CERT C Coding Standard | MSC30-C. Do not use the rand() function for generating pseudorandom numbers |
CERT Oracle Secure Coding Standard for Java | MSC02-J. Generate strong random numbers |
MITRE CWE | CWE-327, Use of a Broken or Risky Cryptographic Algorithm CWE-330, Use of Insufficiently Random Values |
Bibliography
[ISO/IEC 9899:2011] | Subclause 7.22.2, "Pseudo-random Sequence Generation Functions" |
[ISO/IEC 14882-2014] | Subclause 26.5, "Random Number Generation" |
...
...