[SERVER-18342] Coverity analysis defect 72071: Don't call Created: 06/May/15  Updated: 06/May/15  Resolved: 06/May/15

Status: Closed
Project: Core Server
Component/s: Testing Infrastructure
Affects Version/s: None
Fix Version/s: None

Type: Bug Priority: Major - P3
Reporter: Coverity Collector User Assignee: Matt Kangas
Resolution: Done Votes: 0
Labels: coverity
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Backwards Compatibility: Fully Compatible
Operating System: ALL
Participants:

 Description   

The called function is unsafe for security related code

Defect 72071 (STATIC_C)
Checker DC.WEAK_CRYPTO (subcategory none)
File: /src/mongo/scripting/bson_template_evaluator.cpp
Function mongo::BsonTemplateEvaluator::evalRandInt(mongo::BsonTemplateEvaluator*, const char *, const mongo::BSONObj &, mongo::BSONObjBuilder &)
/src/mongo/scripting/bson_template_evaluator.cpp, line: 172
"rand()" should not be used for security related applications, as linear congruential algorithms are too easy to break.

            int randomNum = min + (rand() % (max - min));


Generated at Thu Feb 08 03:47:22 UTC 2024 using Jira 9.7.1#970001-sha1:2222b88b221c4928ef0de3161136cc90c8356a66.