rspec/rules/S4347/java/comments-and-links.adoc

=== is related to: S2245

=== on 22 Oct 2020, 10:37:32 Alexandre Gigleux wrote:
This rule should be made more generic and at minimum be supported by C#.

I would rename it "Pseudo-Random Number Generator (PRNG) seeds should not be predictable".


The test cases from the SARD Juliet Suite (\https://samate.nist.gov/SARD/testsuite.php) should be used as a reference to know what should be detected or not: CWE336_Same_Seed_in_PRNG

=== on 3 Nov 2020, 11:31:26 Pavel Mikula wrote:
This rule is not relevant for .NET. ``++System.Random++`` can have seed, but should not be used for cryptography as RSPEC-2245 defines. Security-related APIs like ``++RandomNumberGenerator++`` or ``++RNGCryptoServiceProvider++`` don't have a way to set seed (for obvious reasons).