Extend the insecure random rule with more insecure random functions

Signed-off-by: Cosmin Cojocar <cosmin.cojocar@gmx.ch>
2024-11-05 19:45:51 +00:00 · 2020-06-15 12:00:13 +02:00 · 2020-06-15 12:00:13 +02:00 · 6bbf8f9cbc
commit 6bbf8f9cbc
parent af699f6a62
2 changed files with 2 additions and 2 deletions
--- a/helpers.go
+++ b/helpers.go
@ -37,7 +37,6 @@ import (
 // 	node, matched := MatchCallByPackage(n, ctx, "math/rand", "Read")
 //
 func MatchCallByPackage(n ast.Node, c *Context, pkg string, names ...string) (*ast.CallExpr, bool) {
-
 	importedName, found := GetImportedName(pkg, c)
 	if !found {
 		return nil, false
--- a/rules/rand.go
+++ b/rules/rand.go
@ -43,7 +43,8 @@ func (w *weakRand) Match(n ast.Node, c *gosec.Context) (*gosec.Issue, error) {
 // NewWeakRandCheck detects the use of random number generator that isn't cryptographically secure
 func NewWeakRandCheck(id string, conf gosec.Config) (gosec.Rule, []ast.Node) {
 	return &weakRand{
-		funcNames:   []string{"Read", "Int"},
+		funcNames: []string{"New", "Read", "Float32", "Float64", "Int", "Int31",
+			"Int31n", "Int63", "Int63n", "Intn", "NormalFloat64", "Uint32", "Uint64"},
 		packagePath: "math/rand",
 		MetaData: gosec.MetaData{
 			ID:         id,