SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 129

changes.mady.by.user Michal Rozenau

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

...

Predictable random number sequences can weaken the security of critical applications such as cryptography.

Rule

Severity

Likelihood

Detectable

RepairableRemediation Cost

Priority

Level

MSC02-J

High

Probable

No

MediumNo

P12P6

L1L2

Automated Detection

Tool
Version
Checker
Description
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.HARDCODED.SEED
JAVA.LIB.RAND.FUNC
JAVA.CRYPTO.RCF
JAVA.CRYPTO.RA
JAVA.CRYPTO.RF
JAVA.CRYPTO.BASE64
JAVA.CRYPTO.WHAF
JAVA.LIB.RAND.LEGACY.GEN

Hardcoded Random Seed
Insecure Random Number Generator
Risky Cipher Field
Risky Cryptographic Algorithm)
Risky Cryptographic Field
Unsafe Base64 Encoding
Weak Hash Algorithm Field
Legacy Random Generator

Coverity7.5RISKY_CRYPTOImplemented
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
SECURITYCRT.WSCMSC02.SRDUse 'java.security.SecureRandom' instead of 'java.util.Random' or 'Math.random()'
SonarQube
Include Page
SonarQube_V
SonarQube_V
S2245

...