Usage of insufficient random value

Overview

• Rule ID: javascript_lang_insufficiently_random_values

• Applicable Languages: Javascript

• Weakness ID: CWE-330

Description

Relying on predictable random values undermines your application's security, especially if these values are used for security-related purposes.

Remediation Guidelines

• Do use a robust library for generating random values to enhance security.

  Copy

  const crypto = require('crypto');
  crypto.randomBytes(16).toString('hex');
  

References

• OWASP Deserialization cheat sheet

• CWE-330: Use of Insufficiently Random Values

• OWASP Top 10: A02:2021 - Cryptographic Failures

Configuration

To omit this rule during a scan, and to provide you with continuous 24/7 code-level scanning, you can employ our SAST TOOL