Q
Detector Library
Kotlin detectors (23/23)
Insecure cookieCookie Without Http Only FlagImproper AuthenticationCryptographic key generatorWeak pseudorandom number generationPath traversalCross-site scriptingReusing Nonce and key in encryptionCode InjectionServer-side request forgeryCross-site request forgeryLog injectionHardcoded credentialsEnabling and overriding debug featureNull Pointer DereferenceInsecure hashingMissing encryption of sensitive dataImproper verification of IntentInsecure connection using unencrypted protocolOS Command InjectionInsecure Bean ValidationSQL injectionIncorrect Type Conversion
Weak pseudorandom number generation High
Insufficiently random generators or hardcoded seeds can make pseudorandom sequences predictable, which may lead to security vulnerabilities.
Detector ID
kotlin/weak-random-number-generation@v1.0
Category
Noncompliant example
1// Noncompliant: `Random()` is not a secure random number generator
2fun noncompliant() {
3 val random = Random()
4 val bytes = ByteArray(20)
5 random.nextBytes(bytes)
6}
Compliant example
1// Compliant: Using `SecureRandom()` to generate random numbers
2fun compliant() {
3 val random = SecureRandom()
4 val bytes = ByteArray(20)
5 random.nextBytes(bytes)
6}