gitlab.gosec.G404-1
unknown
Download Count*
License
Use of weak random number generator (math/rand instead of crypto/rand)
Run Locally
Run in CI
Defintion
rules:
- id: gosec.G404-1
patterns:
- patterns:
- pattern-inside: |
import $IMPORT "math/rand"
...
- pattern-not-inside: |
import "crypto/rand"
- pattern-either:
- pattern: $IMPORT.$METHOD(...)
- pattern: rand.$METHOD(...)
- metavariable-regex:
metavariable: $METHOD
regex: (Float32|Float64|Int31|Int31n|Int63|Int63n|NormalFloat64|Uint32|Uint64)
message: |
Use of weak random number generator (math/rand instead of crypto/rand)
metadata:
cwe: "CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator
(PRNG)"
owasp: "A3: Sensitive Data Exposure"
primary_identifier: gosec.G404-1
secondary_identifiers:
- name: Gosec Rule ID G404
type: gosec_rule_id
value: G404
license: MIT
severity: WARNING
languages:
- go
Short Link: https://sg.run/AXvB