...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
MSC50-CPP | Medium | Unlikely | Low | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
Astrée |
| bad-function (AUTOSAR.26.5.1A) | Fully checked | |||||||||||
Axivion Bauhaus Suite |
| CertC++-MSC50 | ||||||||||||
Clang |
| cert-msc50-cpp | Checked by clang-tidy | |||||||||||
CodeSonar |
| BADFUNC.RANDOM.RAND | Use of rand | |||||||||||
Compass/ROSE | ||||||||||||||
| CC2.MSC30 | Fully implemented | ||||||||||||
Helix QAC |
| C++5028 | ||||||||||||
Klocwork |
| CERT.MSC.STD_RAND_CALL | ||||||||||||
LDRA tool suite |
| 44 S | Enhanced Enforcement | |||||||||||
Parasoft C/C++test |
| SECURITY-02 | PRQA QA-C++ | |||||||||||
Include Page | PRQA QA-C++_V | PRQA QA-C++_V | CERT_CPP-MSC50-a | Do not use the rand() function for generating pseudorandom numbers | ||||||||||
Polyspace Bug Finder |
| CERT C++: MSC50-CPP | Checks for use of vulnerable pseudo-random number generator (rule partially covered) | |||||||||||
RuleChecker |
| bad-function (AUTOSAR.26.5.1A) | Fully checked | Warncall -wc rand | Fully implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...