What severity is GCI0048?

GCI0048 is a Warn severity rule. Warn rules are reported but do not block the commit unless exitOn is set to Warn in .gauntletci.json.

How do I disable GCI0048?

Add the rule to .gauntletci.json: { "rules": { "GCI0048": { "enabled": false } } }. You can also override the severity to Block or Warn without disabling the rule. See the Configuration docs at https://gauntletci.com/docs/configuration for the full schema.

All rules

GCI0048WarnSecurity

Insecure Random in Security Context

Detects System.Random instantiation within 5 lines of security-sensitive identifiers such as token, apikey, salt, or password. System.Random is not cryptographically secure.

Why this rule exists

System.Random is a linear congruential generator with a predictable seed. Using it for tokens, salts, or password resets makes those values guessable by anyone who can observe a few outputs.

Code example

Triggers the rule

+ var rng = new Random();
+ var token = rng.Next().ToString("x");

Passes the rule

+ var bytes = RandomNumberGenerator.GetBytes(32);
+ var token = Convert.ToHexString(bytes);

Configuration

Disable or adjust the severity of this rule in .gauntletci.json:

{
  "rules": {
    "GCI0048": { "enabled": true, "severity": "Warn" }
  }
}

See Configuration for the full schema.

Related rules

GCI0010Block

Hardcoding and Configuration

Detects hardcoded IPs, URLs, connection strings, secrets, and environment names committed to source.

GCI0012Block

Security Risk

Detects SQL injection patterns, weak crypto algorithms (MD5, SHA1, DES), dangerous APIs (Assembly.Load, Process.Start), and credential exposure.

Implemented in src/GauntletCI.Core/Rules/Implementations/GCI0048_*.cs.

About the author

Eric Cogen -- Founder, GauntletCI

Twenty years as a senior technical consultant building and modernizing enterprise platforms across .NET, AWS, serverless, microservices, and AI-driven systems.

@EricCogen/GauntletCI on GitHub/More about Eric