Audit - Rules - Miscellaneous

Description
This group contains audit rules that don't fit into any of the other audit rule groups.

Rules:

Details

Use of Random

Summary
The class java.util.Random is not as secure as java.security.SecureRandom.

Description
This audit rule looks for any use of the class java.util.Random, including any classes declared as a subclass of Random, and any instances of Random being instantiated. The class java.security.SecureRandom should be used instead.

Security Implications
By using a cryptographically strong random number generated by SecureRandom, any risks that may be caused by a malicious user being able to anticipate the outcome of a random number, will be prevented.

Example
The following would be flagged as a violation:

    class A extends Random {}