Products Book A Demo Contact Us

Usage of insufficient random value

Overview

  • Rule ID: javascript_lang_insufficiently_random_values

  • Applicable Languages: Javascript

  • Weakness ID: CWE-330

Description

Relying on predictable random values undermines your application's security, especially if these values are used for security-related purposes.

Remediation Guidelines

  • Do use a robust library for generating random values to enhance security.

    const crypto = require('crypto');
crypto.randomBytes(16).toString('hex');

References

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL

PreviousUsage of insecure websocket connectionNextUsage of manual HTML sanitization (XSS)

Last updated