f493b96be3
Replace mt_rand/rand with random_int for stronger randomness guarantees in verification code generation and Blade component keying. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
17 lines
459 B
PHP
17 lines
459 B
PHP
<?php
|
|
|
|
/**
|
|
* Architecture tests to prevent use of insecure PRNGs in application code.
|
|
*
|
|
* mt_rand() and rand() are not cryptographically secure. Use random_int()
|
|
* or random_bytes() instead for any security-sensitive context.
|
|
*
|
|
* @see GHSA-33rh-4c9r-74pf
|
|
*/
|
|
arch('app code must not use mt_rand')
|
|
->expect('App')
|
|
->not->toUse(['mt_rand', 'mt_srand']);
|
|
|
|
arch('app code must not use rand')
|
|
->expect('App')
|
|
->not->toUse(['rand', 'srand']);
|