From 3fc4ef478d03cd20169d5a3dcdef6233724446be Mon Sep 17 00:00:00 2001 From: dahn Date: Wed, 9 Feb 2022 16:38:33 +0100 Subject: [PATCH] replace Random with SecureRandom (#5966) Co-authored-by: Daan Hoogland --- .../main/java/com/cloud/projects/ProjectManagerImpl.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/server/src/main/java/com/cloud/projects/ProjectManagerImpl.java b/server/src/main/java/com/cloud/projects/ProjectManagerImpl.java index eb8c58b3060..02d371aa981 100644 --- a/server/src/main/java/com/cloud/projects/ProjectManagerImpl.java +++ b/server/src/main/java/com/cloud/projects/ProjectManagerImpl.java @@ -17,10 +17,10 @@ package com.cloud.projects; import java.io.UnsupportedEncodingException; +import java.security.SecureRandom; import java.util.List; import java.util.Map; import java.util.Optional; -import java.util.Random; import java.util.TimeZone; import java.util.UUID; import java.util.concurrent.Executors; @@ -106,6 +106,8 @@ import org.apache.commons.lang3.BooleanUtils; public class ProjectManagerImpl extends ManagerBase implements ProjectManager, Configurable { public static final Logger s_logger = Logger.getLogger(ProjectManagerImpl.class); + private static final SecureRandom secureRandom = new SecureRandom(); + @Inject private DomainDao _domainDao; @Inject @@ -1349,10 +1351,9 @@ public class ProjectManagerImpl extends ManagerBase implements ProjectManager, C public static String generateToken(int length) { String charset = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; - Random rand = new Random(System.currentTimeMillis()); StringBuffer sb = new StringBuffer(); for (int i = 0; i < length; i++) { - int pos = rand.nextInt(charset.length()); + int pos = secureRandom.nextInt(charset.length()); sb.append(charset.charAt(pos)); } return sb.toString();