Welcome To Ask or Share your Answers For Others

rand)?

posted Oct 6, 2021 in Technique[技术] by 深蓝 (71.8m points)

security - Why is gosec complaining about G404 Use of weak random number generator (math/rand instead of crypto/rand)?

I have this code in my hobby project:

import (
    "math/rand"
    "time"
)

func getRandomBool() bool {
  return rand.Int31()&(1<<30) == 0
}

func getRandomInt(min, max int) int {
  return rand.Intn(max-min+1) + min
}

func getRandomDate(min, max int64) time.Time {
  delta := max - min

  sec := rand.Int63n(delta) + min

  return time.Unix(sec, 0)
}

Why is gosec complaining about each line with rand...?

G404: Use of weak random number generator (math/rand instead of crypto/rand) (gosec)

I think it thinks this code is for generating something super secret: which is not!

Am I wrong?

question from:https://stackoverflow.com/questions/66056065/why-is-gosec-complaining-about-g404-use-of-weak-random-number-generator-math-ra

与恶龙缠斗过久,自身亦成为恶龙；凝视深渊过久,深渊将回以凝视…

1 Reply

...

Categories

security - Why is gosec complaining about G404 Use of weak random number generator (math/rand instead of crypto/rand)?

security - Why is gosec complaining about G404 Use of weak random number generator (math/rand instead of crypto/rand)?

Please log in or register to add a comment.

Please log in or register to reply this article.

1 Reply

Please log in or register to add a comment.

Just Browsing Browsing

Most popular tags