Audit - Rules - MiscellaneousDescriptionThis group contains audit rules that don't fit into any of the other audit rule groups. |
Rules: |
Summary
The class java.util.Random is not as secure as java.security.SecureRandom.
Description
This audit rule looks for any use of the class java.util.Random, including any classes declared as a subclass of Random, and any instances of Random being instantiated. The class java.security.SecureRandom should be used instead.
Security Implications
By using a cryptographically strong random number generated by SecureRandom, any risks that may be caused by a malicious user being able to anticipate the outcome of a random number, will be prevented.
Example
The following would be flagged as a violation:
class A extends Random {}