This is an automated email from the ASF dual-hosted git repository.
chenli pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/texera.git
The following commit(s) were added to refs/heads/main by this push:
new 8e2d20c165 refactor(auth): use SecureRandom for random hex string
generation (#4285)
8e2d20c165 is described below
commit 8e2d20c165a2fcdbdabb960c434991f7c795ec2a
Author: carloea2 <[email protected]>
AuthorDate: Wed Mar 25 17:49:21 2026 -0700
refactor(auth): use SecureRandom for random hex string generation (#4285)
### What changes were proposed in this PR?
This PR updates random hex string generation in the Auth module to use
`SecureRandom` instead of `Random`.
It also changes the hex string construction to use fixed-width
integer-to-hex conversion (`%08x`), so each generated integer
consistently contributes 8 hexadecimal characters. This keeps the
generated value length stable and makes the implementation more
predictable across environments.
Current Implementation:
https://github.com/apache/texera/blob/3e46ceaf3d3fb84b1ca003c0ad36235f2f3bb2d7/common/config/src/main/scala/org/apache/texera/config/AuthConfig.scala#L48-L55
### Any related issues, documentation, discussions?
Closes #4284
### How was this PR tested?
Manually verified that the updated implementation:
* returns a 32-character hexadecimal string
* preserves the existing method behavior and output length
* uses fixed-width 8-character hex chunks for each generated integer
### Was this PR authored or co-authored using generative AI tooling?
No
Co-authored-by: Chen Li <[email protected]>
Co-authored-by: Lacia7u7 <[email protected]>
---
.../src/main/scala/org/apache/texera/config/AuthConfig.scala | 7 +++----
1 file changed, 3 insertions(+), 4 deletions(-)
diff --git
a/common/config/src/main/scala/org/apache/texera/config/AuthConfig.scala
b/common/config/src/main/scala/org/apache/texera/config/AuthConfig.scala
index e62863470c..748db036c9 100644
--- a/common/config/src/main/scala/org/apache/texera/config/AuthConfig.scala
+++ b/common/config/src/main/scala/org/apache/texera/config/AuthConfig.scala
@@ -19,8 +19,7 @@
package org.apache.texera.config
import com.typesafe.config.{Config, ConfigFactory}
-
-import java.util.Random
+import java.security.SecureRandom
object AuthConfig {
// Load configuration
@@ -47,10 +46,10 @@ object AuthConfig {
private def getRandomHexString: String = {
val bytes = 32
- val r = new Random()
+ val r = new SecureRandom()
val sb = new StringBuffer
while (sb.length < bytes)
- sb.append(Integer.toHexString(r.nextInt()))
+ sb.append(f"${r.nextInt()}%08x")
sb.toString.substring(0, bytes)
}
}
