changing Math.random to SecureRandom

rcaa · rcaa · commit a1fc7e7228d7 · 2016-12-11T19:12:27.000-03:00
diff --git a/src/main/java/com/gitblit/models/UserModel.java b/src/main/java/com/gitblit/models/UserModel.java
@@ -17,6 +17,7 @@
 
 import java.io.Serializable;
 import java.security.Principal;
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
@@ -662,6 +663,9 @@ public boolean isMyPersonalRepository(String repository) {
 	}
 	
 	public String createCookie() {
-		return StringUtils.getSHA1(String.valueOf(Math.random()));
+		SecureRandom random = new SecureRandom();
+		byte[] values = new byte[20];
+		random.nextBytes(values);
+		return StringUtils.getSHA1(String.valueOf(values));
 	}
 }

Original file line number	Diff line number	Diff line change
`@@ -17,6 +17,7 @@`
`17`	`17`
`18`	`18`	`import java.io.Serializable;`
`19`	`19`	`import java.security.Principal;`
	`20`	`+import java.security.SecureRandom;`
`20`	`21`	`import java.util.ArrayList;`
`21`	`22`	`import java.util.Collections;`
`22`	`23`	`import java.util.HashSet;`
`@@ -662,6 +663,9 @@ public boolean isMyPersonalRepository(String repository) {`
`662`	`663`	`}`
`663`	`664`
`664`	`665`	`public String createCookie() {`
`665`		`- return StringUtils.getSHA1(String.valueOf(Math.random()));`
	`666`	`+ SecureRandom random = new SecureRandom();`
	`667`	`+ byte[] values = new byte[20];`
	`668`	`+ random.nextBytes(values);`
	`669`	`+ return StringUtils.getSHA1(String.valueOf(values));`
`666`	`670`	`}`
`667`	`671`	`}`