...
Rule | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
MSC30-C | Medium | Unlikely | Yes | No | P4 | L3 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Astrée |
| stdlib-use-rand | Fully checked | ||||||
| Axivion Bauhaus Suite |
| CertC-MSC30 | |||||||
| Clang |
| cert-msc30-c | Checked by clang-tidy | ||||||
| CodeSonar |
| BADFUNC.RANDOM.RAND | Use of rand | ||||||
| Compass/ROSE | |||||||||
| Coverity |
| DONTCALL | Implemented - weak support | ||||||
| Cppcheck Premium |
| premium-cert-msc30-c | |||||||
| CC2.MSC30 | Fully implemented | |||||||
| Helix QAC |
| C5022 C++5029 | |||||||
| Klocwork |
| CERT.MSC.STD_RAND_CALL | |||||||
| LDRA tool suite |
| 44 S | Enhanced enforcement | ||||||
| Parasoft C/C++test |
| CERT_C-MSC30-a | Do not use the rand() function for generating pseudorandom numbers | ||||||
| PC-lint Plus |
| 586 | Fully supported | ||||||
| Polyspace Bug Finder |
| CERT C: Rule MSC30-C | Checks for vulnerable pseudo-random number generator (rule fully covered) | ||||||
| RuleChecker |
| stdlib-use-rand | Fully checked |
...
Key here for mapping notes
CWE-327 and MSC30-C
- CWE-327 forbids “broken or risky cryptographic algorithms” but does not specify what constitutes such an algo.
- Per CERT judgement, rand() qualifies, so:
- CWE-327 = Union( MSC30-C, list) where list =
- Invocation of broken/risky crypto algorithms besides rand()
CWE-338 and MSC30-C
CWE-338 = Union( MSC30-C, list) where list =
- Use of a weak PRNG besides standard C rand().
CWE-330 and MSC30-C
Independent( MSC30-C, MSC32-C, CON33-C)
...
MSC30-C, MSC32-C and CON33-C are independent, they have no intersections. They each specify distinct errors regarding PRNGs.
CWE-676 and MSC30-C
- Independent( ENV33-C, CON33-C, STR31-C, EXP33-C, MSC30-C, ERR34-C)
- MSC30-C implies that rand() is dangerous.
- CWE-676 = Union( MSC30-C, list) where list =
- Invocation of other dangerous functions, besides rand().
Bibliography
...