gitlab.security_code_scan.SCS0005-1

unknown
Download Count*
License

The use of a predictable random value can lead to vulnerabilities when used in certain security critical contexts.

Run Locally

Run in CI

Defintion

rules:
  - id: security_code_scan.SCS0005-1
    patterns:
      - pattern: (Random $RNG).$METHOD(...);
      - focus-metavariable: $RNG
    message: >
      The use of a predictable random value can lead to vulnerabilities when
      used in certain security

      critical contexts.
    languages:
      - csharp
    severity: WARNING
    metadata:
      category: security
      cwe: "CWE-338: Use of Cryptographically Weak Pseudo-Random Number Generator
        (PRNG)"
      license: MIT