Last active
August 11, 2018 21:34
-
-
Save h3xstream/b3f577a05c10773e5399ecc1b0068792 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| pre > code.highlight { | |
| border-bottom: 3px dashed red; | |
| } | |
| .fa-exclamation-triangle { | |
| color: red; | |
| } | |
| .analysis-warning { | |
| border:1px solid #CCC; | |
| padding:10px; | |
| background-color:white; | |
| display:inline-block; | |
| font-family: Arial, Helvetica, sans-serif; /* Avoid the font override from the pre to affect the message */ | |
| } | |
| .analysis-warning-title { | |
| color: red; | |
| } | |
| .analysis-detail { | |
| margin:0px; | |
| padding:0px; | |
| white-space: normal; | |
| } | |
| .analysis-detail > pre { | |
| display: block; | |
| padding: 9.5px; | |
| margin: 0 0 10px; | |
| font-size: 13px; | |
| line-height: 1.4; | |
| word-break: break-all; | |
| word-wrap: break-word; | |
| color: #333333; | |
| background-color: #f5f5f5; | |
| border: 1px solid #cccccc; | |
| border-radius: 4px; | |
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <pre class="language-java line-numbers"><code>package com.h3xstream.sandbox; | |
| import java.util.Random; | |
| public class SpecialCase2 { | |
| } | |
| class CanYouSeeMeOuter { | |
| public String generateToken(String[] args){ | |
| </code><code class="highlight"> return ""+new Random().nextLong(); //FINDME: Insecure random generator | |
| </code><div class="analysis-warning"><i class="fas fa-exclamation-triangle"></i> <span class="analysis-warning-title">Random object created and used only once in com.h3xstream.sandbox.CanYouSeeMeOuter.generateToken(String[])</span> | |
| <div class="analysis-detail"><p> This code creates a java.util.Random object, uses it to generate one random number, and then discards | |
| the Random object. This produces mediocre quality random numbers and is inefficient. | |
| If possible, rewrite the code so that the Random object is created once and saved, and each time a new random number | |
| is required invoke a method on the existing Random object to obtain it. | |
| </p> | |
| <p>If it is important that the generated Random numbers not be guessable, you <em>must</em> not create a new Random for each random | |
| number; the values are too easily guessable. You should strongly consider using a java.security.SecureRandom instead | |
| (and avoid allocating a new SecureRandom for each random number needed). | |
| </p></div></div> | |
| <code> } | |
| } | |
| </code></pre> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment