# Use of Insufficiently Random Values (CWE-330)

The product uses insufficiently random numbers or values in a security context that depends on unpredictable numbers.

- Prevalence: Élevée Fréquemment exploitée
- Impact: Moyen Revue recommandée
- Prevention: Documentée 1 exemples de correctifs

**OWASP:** Cryptographic Failures (A02:2021-Cryptographic Failures) - #2

## Description

When random values are predictable, attackers can guess them and bypass security mechanisms that depend on their unpredictability, such as session tokens, CSRF tokens, or cryptographic nonces.

## Prevention

### Go

Sort slices after collecting keys or values from map iteration

## Warning Signs

- [MEDIUM] Map iteration order in Go is non-deterministic. This code converts a map
to a slice without sorting, which will produce 

## Consequences

- Contourner le mécanisme de protection
- Obtenir des privilèges

## Mitigations

- Utilisez des générateurs de nombres aléatoires cryptographiquement sécurisés
- N'utilisez pas de valeurs basées sur le temps ou séquentielles à des fins de sécurité
- Assurez une entropie suffisante dans la génération de nombres aléatoires

## Detection

- Total rules: 1
- Languages: go

## Rules by Language

### Go (1 rules)

- **Non-deterministic Map Iteration** [MEDIUM]: Converts map to slice without sorting, producing non-deterministic output.
  - Remediation: Add sorting after collecting keys/values from the map:

```go
// Before (non-deterministic):
result := make([]string, 0, len(myMap))
for key := range myMap {
    result = append(result, key)
}
return result  // Order varies!

// After (deterministic):
result := make([]string, 0, len(myMap))
for key := range myMap {
    result = append(result, key)
}
sort.Strings(result)  // Always same order
return result
```

For non-string types, use sort.Slice:
```go
sort.Slice(result, func(i, j int) bool {
    return result[i].Name < result[j].Name
})
```