Nemcio/GitBucket
1
0
Fork 0
mirror of https://github.com/gitbucket/gitbucket.git synced 2025-11-15 18:05:50 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use SecureRandom to generate access tokens.

Browse Source 
scala.util.Random uses java.util.Random which only provides 64 bits of randomness.
This commit is contained in:
Scf37
2018-05-17 20:10:41 +03:00
parent ecc50cd2ae
commit 72d07422a4
1 changed files with 5 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/main/scala/gitbucket/core/service/AccessTokenService.scala
View File

@@ -5,13 +5,13 @@ import gitbucket.core.model.Profile.profile.blockingApi._
import gitbucket.core.model.{AccessToken, Account} import gitbucket.core.model.{AccessToken, Account}
import gitbucket.core.util.StringUtil import gitbucket.core.util.StringUtil
import scala.util.Random import java.security.SecureRandom
trait AccessTokenService { trait AccessTokenService {
def makeAccessTokenString: String = { def makeAccessTokenString: String = {
val bytes = new Array[Byte](20) val bytes = new Array[Byte](20)
Random.nextBytes(bytes) AccessTokenService.secureRandom.nextBytes(bytes)
bytes.map("%02x".format(_)).mkString bytes.map("%02x".format(_)).mkString
} }
@@ -55,4 +55,6 @@ trait AccessTokenService {
} }
object AccessTokenService extends AccessTokenService object AccessTokenService extends AccessTokenService {
private val secureRandom = new SecureRandom()
}