gitlab.security_code_scan.SCS0005-1

unknown

Download Count*

MIT

License

The use of a predictable random value can lead to vulnerabilities when used in certain security critical contexts.

Run Locally

Run in CI

Semgrep CI docs

Defintion

Edit Rule View Source

Open in Playground

rules:
  - id: security_code_scan.SCS0005-1
    patterns:
      - pattern: (Random $RNG).$METHOD(...);
      - focus-metavariable: $RNG
    message: >
      The use of a predictable random value can lead to vulnerabilities when
      used in certain security

      critical contexts.
    languages:
      - csharp
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator
        (PRNG)"
      license: MIT

Short Link: https://sg.run/Rw5q