Usage of insufficient random value

Description

Using predictable random values makes our application vulnerable to attacks, especially if these values are used for security purposes.

Remediations

✅ Use a stronger library when generating random values

import (
"crypto/rand"
"encoding/base64"
"fmt"
)

func generateSecureToken(length int) (string, error) {
bytes := make([]byte, length)
_, err := rand.Read(bytes)
if err != nil {
return "", err
}

// Encode the binary data to a string for easier use
return base64.URLEncoding.EncodeToString(bytes), nil
}

Resources

Use of Insufficiently Random Values

Associated CWE

OWASP Top 10

Configuration

To skip this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --skip-rule=go_lang_insufficiently_random_values

To run only this rule during a scan, use the following flag

bearer scan /path/to/your-project/ --only-rule=go_lang_insufficiently_random_values