This is an automated email from the ASF dual-hosted git repository.
jleroux pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/ofbiz-plugins.git
The following commit(s) were added to refs/heads/trunk by this push:
new ac6acf0 Improved: Fix some bugs Spotbugs reports (OFBIZ-12386)
ac6acf0 is described below
commit ac6acf03a362804b12e6958b31b05661ba36a0b9
Author: Jacques Le Roux <jacques.le.r...@les7arts.com>
AuthorDate: Sun Dec 26 13:32:04 2021 +0100
Improved: Fix some bugs Spotbugs reports (OFBIZ-12386)
Random object created and used only once in
OFBizCasAuthenticationHandler.rand(int, int)
SampleHtmlThread.run()
This code creates a java.util.Random object, uses it to generate one random
number, and then discards the Random object. This produces mediocre quality
random numbers and is inefficient. If possible, rewrite the code so that the
Random object is created once and saved, and each time a new random number
is
required invoke a method on the existing Random object to obtain it.
If it is important that the generated Random numbers not be guessable, you
must
not create a new Random for each random number; the values are too easily
guessable. You should strongly consider using a java.security.SecureRandom
instead (and avoid allocating a new SecureRandom for each random number
needed).
Rank: Troubling (14), confidence: High
Pattern: DMI_RANDOM_USED_ONLY_ONCE
Type: DMI, Category: BAD_PRACTICE (Bad practice)
---
.../org/apache/ofbiz/ldap/cas/OFBizCasAuthenticationHandler.java | 7 +++----
.../java/org/apache/ofbiz/htmlreport/sample/SampleHtmlThread.java | 6 ++++--
2 files changed, 7 insertions(+), 6 deletions(-)
diff --git
a/ldap/src/main/java/org/apache/ofbiz/ldap/cas/OFBizCasAuthenticationHandler.java
b/ldap/src/main/java/org/apache/ofbiz/ldap/cas/OFBizCasAuthenticationHandler.java
index 203903a..36a3e34 100644
---
a/ldap/src/main/java/org/apache/ofbiz/ldap/cas/OFBizCasAuthenticationHandler.java
+++
b/ldap/src/main/java/org/apache/ofbiz/ldap/cas/OFBizCasAuthenticationHandler.java
@@ -47,11 +47,11 @@ import org.w3c.dom.Element;
public final class OFBizCasAuthenticationHandler extends
AbstractOFBizAuthenticationHandler {
public static final String PARAM_TICKET = "ticket";
-
public static final String PARAM_SERVICE = "service";
-
public static final String PARAM_RENEW = "renew";
+ private static final SecureRandom SECURE_RANDOM = new SecureRandom();
+
/**
* Public constructor, initializes some required member variables.<p>
*/
@@ -118,9 +118,8 @@ public final class OFBizCasAuthenticationHandler extends
AbstractOFBizAuthentica
}
private static int rand(int lo, int hi) {
- java.util.Random rn = new SecureRandom();
int n = hi - lo + 1;
- int i = rn.nextInt() % n;
+ int i = SECURE_RANDOM.nextInt() % n;
if (i < 0) {
i = -i;
}
diff --git
a/pricat/src/main/java/org/apache/ofbiz/htmlreport/sample/SampleHtmlThread.java
b/pricat/src/main/java/org/apache/ofbiz/htmlreport/sample/SampleHtmlThread.java
index 85f8595..774deb9 100644
---
a/pricat/src/main/java/org/apache/ofbiz/htmlreport/sample/SampleHtmlThread.java
+++
b/pricat/src/main/java/org/apache/ofbiz/htmlreport/sample/SampleHtmlThread.java
@@ -43,6 +43,9 @@ public class SampleHtmlThread extends AbstractReportThread {
"FORMAT_OK", "FORMAT_ERROR", "FORMAT_THROWABLE"};
public static final List<String> MESSAGES =
Collections.unmodifiableList(Arrays.asList(MESSAGE_LABLES));
private static final String RESOURCE = "PricatUiLabels";
+
+ private static final SecureRandom SECURE_RANDOM = new SecureRandom();
+
/**
* Constructor, creates a new HtmlImportThreat.
*/
@@ -61,11 +64,10 @@ public class SampleHtmlThread extends AbstractReportThread {
try {
if (getName().startsWith(COUNT_DOWN)) {
getReport().println(UtilProperties.getMessage(RESOURCE,
"START_COUNT_DOWN", getLocale()), InterfaceReport.FORMAT_HEADLINE);
- SecureRandom random = new SecureRandom();
int j = 0;
for (int i = 1000; i > 0; i--) {
sleep(20);
- j = random.nextInt(7);
+ j = SECURE_RANDOM.nextInt(7);
if (j == 6) {
getReport().println(new
Throwable(UtilProperties.getMessage(RESOURCE, MESSAGES.get(j), new Object[]
{i}, getLocale())));
} else {
