e373037a2a
Strip advisory identifiers (GHSA-*) from describe blocks, test docblocks, and inline comments. Replace with plain descriptive labels. Also clean up FQCNs to use imported class names and minor style fixes (string concatenation spacing).
15 lines
428 B
PHP
15 lines
428 B
PHP
<?php
|
|
|
|
/**
|
|
* Architecture tests to prevent use of insecure PRNGs in application code.
|
|
*
|
|
* mt_rand() and rand() are not cryptographically secure. Use random_int()
|
|
* or random_bytes() instead for any security-sensitive context.
|
|
*/
|
|
arch('app code must not use mt_rand')
|
|
->expect('App')
|
|
->not->toUse(['mt_rand', 'mt_srand']);
|
|
|
|
arch('app code must not use rand')
|
|
->expect('App')
|
|
->not->toUse(['rand', 'srand']);
|