For other CodeQL resources, including tutorials and examples, see the CodeQL documentation

InsecureRandomness

Module InsecureRandomnessCustomizations


                                import semmle.javascript.security.dataflow.InsecureRandomnessCustomizations

isAdditionalTaintStep	Holds if the step `pred` -> `succ` is an additional taint-step for random values that are not cryptographically secure.
randomBufferSource	Gets a Buffer/TypedArray containing cryptographically secure random numbers.

CryptoKeySink	A cryptographic key, considered as a sink for random values that are not cryptographically secure.
DefaultSource	A simple random number generator that is not cryptographically secure.
Sanitizer	A sanitizer for random values that are not cryptographically secure.
SensitiveWriteSink	A sensitive write, considered as a sink for random values that are not cryptographically secure.
Sink	A data flow sink for random values that are not cryptographically secure.
Source	A data flow source for random values that are not cryptographically secure.