sdk/golang/Standard Library/GoMathRand

GoMathRand

math/rand package. Intn(), Float64() and related functions use a deterministic PRNG — a finding when used for cryptographic purposes (tokens, session IDs).

2 sinks

Taint flow0 sources → 2 sinks

Sinks — dangerous call

.Intn()Returns pseudo-random int

.Read()Fills p with pseudo-random bytes

Sinks

— dangerous functions taint must not reach

.Intn()Sink

Signature

Intn(n int) int

Returns pseudo-random int. Finding when used to generate security tokens.

.Read()Sink

Signature

Read(p []byte) (n int, err error)

Fills p with pseudo-random bytes. Finding when used as cryptographic randomness.

Fully-Qualified Names

FQN	Field
math/rand	fqns[0]

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

go.mod

// standard library — no go.mod entry required

rule.py

from codepathfinder.go_rule import GoMathRand

← PreviousGoMathCmplx

Next →GoMime