Add static analysis rule to detect unsecure random number usage#605
Merged
ThisaruGuruge merged 2 commits intoballerina-platform:masterfrom Sep 22, 2025
nureka-rodrigo:master
Merged
Add static analysis rule to detect unsecure random number usage#605ThisaruGuruge merged 2 commits intoballerina-platform:masterfrom nureka-rodrigo:master
ThisaruGuruge merged 2 commits intoballerina-platform:masterfrom
nureka-rodrigo:master
Conversation
Implemented a new static code analysis rule that checks for the usage of unsecure random number generation in the context of cryptographic functions. This includes identifying calls to random:createIntInRange() for initialization vectors in AES-GCM and AES-ECB functions. Additionally, updated related files and tests to support this new rule.
nureka-rodrigo
requested review from
DimuthuMadushan,
MohamedSabthar,
ThisaruGuruge and
shafreenAnfar
as code owners
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #605 +/- ##
=========================================
Coverage 82.22% 82.22%
Complexity 239 239
=========================================
Files 29 29
Lines 1367 1367
Branches 190 190
=========================================
Hits 1124 1124
Misses 197 197
Partials 46 46 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
compiler-plugin-tests/src/test/resources/static_code_analyzer/expected_output/rule1.json
Outdated
Show resolved
Hide resolved
Updated the file paths in rule<x>.json to use relative paths instead of absolute paths. This change improves portability and ensures that the rules can be used in different environments without modification.
|
TharmiganK
pushed a commit
that referenced
this pull request
Oct 21, 2025
* Add static analysis rule to detect unsecure random number usage Implemented a new static code analysis rule that checks for the usage of unsecure random number generation in the context of cryptographic functions. This includes identifying calls to random:createIntInRange() for initialization vectors in AES-GCM and AES-ECB functions. Additionally, updated related files and tests to support this new rule. * Refactor file paths in static analysis rules to be relative Updated the file paths in rule<x>.json to use relative paths instead of absolute paths. This change improves portability and ensures that the rules can be used in different environments without modification. (cherry picked from commit f394936)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Implemented a new static code analysis rule that checks for the usage of unsecure random number generation in the context of cryptographic functions. This includes identifying calls to random:createIntInRange() for initialization vectors in AES-GCM and AES-ECB functions. Additionally, updated related files and tests to support this new rule.
Purpose
Fixes: ballerina-platform/ballerina-library#8258
Examples
Checklist