gitlab.bandit.B311

385

Download Count*

MIT

License

Standard pseudo-random generators are not suitable for security/cryptographic purposes.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: bandit.B311
    pattern-either:
      - pattern: random.random(...)
      - pattern: random.randrange(...)
      - pattern: random.randint(...)
      - pattern: random.choice(...)
      - pattern: random.uniform(...)
      - pattern: random.triangular(...)
    message: >
      Standard pseudo-random generators are not suitable for
      security/cryptographic purposes.
    metadata:
      cwe: "CWE-330: Use of Insufficiently Random Values"
      owasp: "A3: Sensitive Data Exposure"
      primary_identifier: bandit.B311
      secondary_identifiers:
        - name: Bandit Test ID B311
          type: bandit_test_id
          value: B311
      license: MIT
    severity: INFO
    languages:
      - python

Short Link: https://sg.run/B4PR