Pseudorandom number generators use mathematical algorithms to produce a sequence of numbers with good statistical properties, but the numbers produced are not genuinely random.
The C Standard rand() function, exposed through the C++ standard library through <cstdlib> as std::rand(), makes no guarantees as to the quality of the random sequence produced. The numbers generated by some implementations of std::rand() have a comparatively short cycle, and the numbers can be predictable. Applications that have strong pseudorandom number requirements must use a generator that is known to be sufficient for their needs.
Noncompliant Code Example
The following noncompliant code generates an ID with a numeric part produced by calling the rand() function. The IDs produced are predictable and have limited randomness. Further, depending on the value of RAND_MAX, the resulting value can have modulo bias.
#include <cstdlib>
#include <string>
void f() {
std::string id("ID"); // Holds the ID, starting with the characters "ID" followed
// by a random integer in the range [0-10000].
id += std::to_string(std::rand() % 10000);
// ...
}
Compliant Solution
The C++ standard library provides mechanisms for fine-grained control over pseudorandom number generation. It breaks random number generation into two parts: one is the algorithm responsible for providing random values (the engine), and the other is responsible for distribution of the random values via a density function (the distribution). The distribution object is not strictly required, but it works to ensure that values are properly distributed within a given range instead of improperly distributed due to bias issues. This compliant solution uses the Mersenne Twister algorithm as the engine for generating random values and a uniform distribution to negate the modulo bias from the noncompliant code example.
#include <random>
#include <string>
void f() {
std::string id("ID"); // Holds the ID, starting with the characters "ID" followed
// by a random integer in the range [0-10000].
std::uniform_int_distribution<int> distribution(0, 10000);
std::random_device rd;
std::mt19937 engine(rd());
id += std::to_string(distribution(engine));
// ...
}
This compliant solution also seeds the random number engine, in conformance with MSC51-CPP. Ensure your random number generator is properly seeded.
Risk Assessment
Using the std::rand() function could lead to predictable random numbers.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC50-CPP | Medium | Unlikely | Low | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description |
|---|---|---|---|
| Axivion Bauhaus Suite | 7.2.0 | CertC++-MSC50 | |
| Clang | 4.0 (prerelease) | cert-msc50-cpp | Checked by clang-tidy |
| CodeSonar | 8.1p0 | BADFUNC.RANDOM.RAND | Use of rand |
| Compass/ROSE | |||
1.2 | CC2.MSC30 | Fully implemented | |
| LDRA tool suite | 9.7.1
| 44 S | Enhanced Enforcement |
| Parasoft C/C++test | 2023.1 | SECURITY-02 | |
| PRQA QA-C++ | 4.4 | Warncall -wc rand | Fully implemented |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
| SEI CERT C++ Coding Standard | MSC51-CPP. Ensure your random number generator is properly seeded |
| SEI CERT C Coding Standard | MSC30-C. Do not use the rand() function for generating pseudorandom numbers |
| CERT Oracle Secure Coding Standard for Java | MSC02-J. Generate strong random numbers |
| MITRE CWE | CWE-327, Use of a Broken or Risky Cryptographic Algorithm CWE-330, Use of Insufficiently Random Values |
Bibliography
| [ISO/IEC 9899:2011] | Subclause 7.22.2, "Pseudo-random Sequence Generation Functions" |
| [ISO/IEC 14882-2014] | Subclause 26.5, "Random Number Generation" |
