DeepSource
Dashboard Resources Pricing Discover Directory Log in

Run your first analysis.

Find thousands of code security and quality issues in your codebase, before they end up in production.

Start now

convox / convox

Audit the random number generation source (rand) GSC-G404
Security
Minor
11 days agoa year old
a05 a02 cwe-338 owasp top 10
Use of weak random number generator (math/rand instead of crypto/rand)
sdk/compat.go
326	if opts.Name != nil {
327		ro.Params["name"] = *opts.Name
328	} else {
329		ro.Params["name"] = fmt.Sprintf("%s-%d", kind, (rand.Intn(8999) + 1000))330	}
331
332	if opts.Parameters != nil {
Use of weak random number generator (math/rand instead of crypto/rand)
provider/k8s/resource.go
180		return nil, fmt.Errorf("parameter required: Url")
181	}
182
183	key := fmt.Sprintf("%s-%d", url, rand.Int63())184	name := common.DefaultString(opts.Name, fmt.Sprintf("webhook-%s", fmt.Sprintf("%x", sha256.Sum256([]byte(key)))[0:6]))
185
186	if err := p.webhookCreate(name, url); err != nil {
Use of weak random number generator (math/rand instead of crypto/rand)
provider/k8s/process.go
 31
 32	// if pid is a service name, pick one at random
 33	if len(pss) > 0 {
 34		pid = pss[rand.Intn(len(pss))].Id 35	}
 36
 37	req := p.Cluster.CoreV1().RESTClient().Post().Resource("pods").Name(pid).Namespace(p.AppNamespace(app)).SubResource("exec").Param("container", app)
Use of weak random number generator (math/rand instead of crypto/rand)
pkg/structs/id.go
 7func id(prefix string, size int) string {
 8	b := make([]rune, size)
 9	for i := range b {
10		b[i] = alphabet[rand.Intn(len(alphabet))]11	}
12	return prefix + string(b)
13}
Use of weak random number generator (math/rand instead of crypto/rand)
pkg/logstorage/logstorage.go
120		s.subscriptions[stream] = map[string]*subscription{}
121	}
122
123	handle := fmt.Sprintf("%v:%d", ch, rand.Int63())124
125	s.subscriptions[stream][handle] = &subscription{ch: ch, start: start}
126