[PATCH] D44143: Create properly seeded random generator check
Borsik Gábor via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Tue Mar 6 03:58:03 PST 2018
boga95 created this revision.
boga95 added a reviewer: clang-tools-extra.
boga95 added a project: clang-tools-extra.
Herald added subscribers: cfe-commits, mgorny.
This check flags all pseudo-random number engines and engine adaptors instantiations when it initialized or seeded with default argument or a constant expression. Pseudo-random number engines seeded with a predictable value may cause vulnerabilities e.g. in security protocols.
This is a CERT security rule, see MSC51-CPP <https://wiki.sei.cmu.edu/confluence/display/cplusplus/MSC51-CPP.+Ensure+your+random+number+generator+is+properly+seeded>.
Example:
void foo() {
std::mt19937 engine1; // Bad, always generate the same sequence
std::mt19937 engine2(1); // Bad
engine1.seed(); // Bad
engine2.seed(1); // Bad
std::time_t t;
engine1.seed(std::time(&t)); // Bad, system time might be controlled by user
std::random_device dev;
std::mt19937 engine3(dev()); // Good
}
Repository:
rCTE Clang Tools Extra
https://reviews.llvm.org/D44143
Files:
clang-tidy/cert/CERTTidyModule.cpp
clang-tidy/cert/CMakeLists.txt
clang-tidy/cert/ProperlySeededRandomGeneratorCheck.cpp
clang-tidy/cert/ProperlySeededRandomGeneratorCheck.h
docs/ReleaseNotes.rst
docs/clang-tidy/checks/cert-properly-seeded-random-generator.rst
test/clang-tidy/cert-properly-seeded-random-generator.cpp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D44143.137151.patch
Type: text/x-patch
Size: 17609 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20180306/d31cb176/attachment-0001.bin>
More information about the cfe-commits
mailing list