The file src/Attestation/Format/FormatBase.php contains a call to rand(), which is PHP's legacy/insecure random number function.
It is used to generate a temp file name:
This could lead to a temp file race vulnerability, as the output of rand() may be predictable.
If you want close to identical behavior, but with secure random numbers, you could use 'random_int(0, 2147483647);' instead of rand(). However, it's probably better to use a dedicated function to create secure temp files. In this case, tempnam would probably be the right one. It would mean that the file would not have a ".pem" extension, but I guess that doesn't really matter for a temp file.
The file src/Attestation/Format/FormatBase.php contains a call to rand(), which is PHP's legacy/insecure random number function. It is used to generate a temp file name:
This could lead to a temp file race vulnerability, as the output of rand() may be predictable.
If you want close to identical behavior, but with secure random numbers, you could use 'random_int(0, 2147483647);' instead of rand(). However, it's probably better to use a dedicated function to create secure temp files. In this case, tempnam would probably be the right one. It would mean that the file would not have a ".pem" extension, but I guess that doesn't really matter for a temp file.
So it'd be something like: