lang:

C#

regex:

Rnd\s?\(|Random\s?\(

description:

These functions are pseudo-random number generation that are not cryptographically secure. Ensure they are not being used with sensitive operations (e.g. cryptography). Use RNGCryptoServiceProvider for sensitive operations.
tags:
insecure weak random entropy
results