1.. title:: clang-tidy - cert-msc51-cpp 2 3cert-msc51-cpp 4============== 5 6This check flags all pseudo-random number engines, engine adaptor 7instantiations and ``srand()`` when initialized or seeded with default argument, 8constant expression or any user-configurable type. Pseudo-random number 9engines seeded with a predictable value may cause vulnerabilities e.g. in 10security protocols. 11This is a CERT security rule, see 12`MSC51-CPP. Ensure your random number generator is properly seeded 13<https://wiki.sei.cmu.edu/confluence/display/cplusplus/MSC51-CPP.+Ensure+your+random+number+generator+is+properly+seeded>`_ and 14`MSC32-C. Properly seed pseudorandom number generators 15<https://wiki.sei.cmu.edu/confluence/display/c/MSC32-C.+Properly+seed+pseudorandom+number+generators>`_. 16 17Examples: 18 19.. code-block:: c++ 20 21 void foo() { 22 std::mt19937 engine1; // Diagnose, always generate the same sequence 23 std::mt19937 engine2(1); // Diagnose 24 engine1.seed(); // Diagnose 25 engine2.seed(1); // Diagnose 26 27 std::time_t t; 28 engine1.seed(std::time(&t)); // Diagnose, system time might be controlled by user 29 30 int x = atoi(argv[1]); 31 std::mt19937 engine3(x); // Will not warn 32 } 33 34Options 35------- 36 37.. option:: DisallowedSeedTypes 38 39 A comma-separated list of the type names which are disallowed. 40 Default values are ``time_t``, ``std::time_t``. 41