Merge pull request #6967 from NotedSalmon/FISH-9771-spot-bugs-random-…

…only-used-once FISH-9771 FISH-9688 spot bugs random only used once
payara · Sep 30, 2024 · 03ceccb · 03ceccb
2 parents 189bd21 + 132eb87
commit 03ceccb
Show file tree

Hide file tree

Showing 4 changed files with 67 additions and 10 deletions.
diff --git a/nucleus/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/Cluster.java b/nucleus/admin/config-api/src/main/java/com/sun/enterprise/config/serverbeans/Cluster.java
@@ -37,7 +37,7 @@
  * only if the new code is made subject to such option by the copyright
  * holder.
  */
-// Portions Copyright [2017-2021] [Payara Foundation and/or its affiliates]
+// Portions Copyright [2017-2024] [Payara Foundation and/or its affiliates]
 
 package com.sun.enterprise.config.serverbeans;
 
@@ -56,6 +56,7 @@
 import org.glassfish.api.admin.config.PropertiesDesc;
 import org.glassfish.api.admin.config.PropertyDesc;
 import org.glassfish.api.admin.config.ReferenceContainer;
+import org.glassfish.common.util.RandomUtils;
 import org.glassfish.config.support.CreationDecorator;
 import org.glassfish.config.support.DeletionDecorator;
 import org.glassfish.hk2.api.PerLookup;
@@ -74,7 +75,6 @@
 import jakarta.validation.constraints.Pattern;
 import java.beans.PropertyVetoException;
 import java.io.File;
-import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.logging.Level;
@@ -723,7 +723,7 @@ public void decorate(AdminCommandContext context, final Cluster instance) throws
 
                         // generate a random port since user did not provide one.
                         // better fix in future would be to walk existing clusters and pick an unused port.
-                        TCPPORT = Integer.toString(new SecureRandom().nextInt(9200 - 9090) + 9090);
+                        TCPPORT = Integer.toString(RandomUtils.nextInt(9200 - 9090) + 9090);
 
                         // hardcode all instances to use same default port.
                         // generate mode does not support multiple instances on one machine.
@@ -744,7 +744,7 @@ public void decorate(AdminCommandContext context, final Cluster instance) throws
                             gmsListenerPortSysProp.setName(propName);
                             if (TCPPORT == null || TCPPORT.trim().charAt(0) == '$') {
                                 String generateGmsListenerPort = Integer.toString(
-                                        new SecureRandom().nextInt(9200 - 9090) + 9090);
+                                        RandomUtils.nextInt(9200 - 9090) + 9090);
                                 gmsListenerPortSysProp.setValue(generateGmsListenerPort);
                             } else {
                                 gmsListenerPortSysProp.setValue(TCPPORT);

diff --git a/...uster/cli/src/main/java/com/sun/enterprise/admin/cli/cluster/ImportSyncBundleCommand.java b/...uster/cli/src/main/java/com/sun/enterprise/admin/cli/cluster/ImportSyncBundleCommand.java
@@ -37,7 +37,7 @@
  * only if the new code is made subject to such option by the copyright
  * holder.
  */
-// Portions Copyright [2017-2019] [Payara Foundation and/or its affiliates]
+// Portions Copyright [2017-2024] [Payara Foundation and/or its affiliates]
 
 package com.sun.enterprise.admin.cli.cluster;
 
@@ -55,14 +55,13 @@
 import javax.xml.stream.XMLStreamException;
 import javax.xml.stream.XMLStreamReader;
 
-
+import org.glassfish.common.util.RandomUtils;
 import org.jvnet.hk2.annotations.Service;
 import org.glassfish.api.Param;
 import org.glassfish.api.admin.*;
 import static com.sun.enterprise.admin.cli.CLIConstants.*;
 import com.sun.enterprise.util.io.FileUtils;
 import java.io.FileInputStream;
-import java.security.SecureRandom;
 import org.glassfish.admin.payload.PayloadImpl;
 import org.glassfish.admin.payload.PayloadFilesManager.Perm;
 import org.glassfish.hk2.api.PerLookup;
@@ -334,8 +333,7 @@ private void writeDasProperties() throws IOException {
     private void backupInstanceDir() {
         File f = getServerDirs().getServerDir();
         if (f != null && f.isDirectory()) {
-            SecureRandom r = new SecureRandom();
-            setBackupDir(r.nextInt());
+            setBackupDir(RandomUtils.nextInt());
             File backup = getBackupDir();
             if (!f.renameTo(backup)) {
                 logger.warning(Strings.get("import.sync.bundle.backupInstanceDirFailed", f.getAbsolutePath(), backup.getAbsolutePath()));

diff --git a/...common/common-util/src/main/java/com/sun/enterprise/universal/security/SecurityUtils.java b/...common/common-util/src/main/java/com/sun/enterprise/universal/security/SecurityUtils.java
@@ -48,9 +48,9 @@
  * @author Byron Nevins
  */
 public final class SecurityUtils {
+    private static SecureRandom random = new SecureRandom();
 
     public static String getSecureRandomHexString(int numBytes) {
-        SecureRandom random = new SecureRandom();
         byte[] bb = new byte[numBytes];
         random.nextBytes(bb);
         return toHexString(bb);

diff --git a/nucleus/common/common-util/src/main/java/org/glassfish/common/util/RandomUtils.java b/nucleus/common/common-util/src/main/java/org/glassfish/common/util/RandomUtils.java
@@ -0,0 +1,59 @@
+/*
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
+ *
+ * Copyright (c) 2024 Payara Foundation and/or its affiliates. All rights reserved.
+ *
+ * The contents of this file are subject to the terms of either the GNU
+ * General Public License Version 2 only ("GPL") or the Common Development
+ * and Distribution License("CDDL") (collectively, the "License").  You
+ * may not use this file except in compliance with the License.  You can
+ * obtain a copy of the License at
+ * https://github.com/payara/Payara/blob/main/LICENSE.txt
+ * See the License for the specific
+ * language governing permissions and limitations under the License.
+ *
+ * When distributing the software, include this License Header Notice in each
+ * file and include the License file at glassfish/legal/LICENSE.txt.
+ *
+ * GPL Classpath Exception:
+ * The Payara Foundation designates this particular file as subject to the "Classpath"
+ * exception as provided by the Payara Foundation in the GPL Version 2 section of the License
+ * file that accompanied this code.
+ *
+ * Modifications:
+ * If applicable, add the following below the License Header, with the fields
+ * enclosed by brackets [] replaced by your own identifying information:
+ * "Portions Copyright [year] [name of copyright owner]"
+ *
+ * Contributor(s):
+ * If you wish your version of this file to be governed by only the CDDL or
+ * only the GPL Version 2, indicate your decision by adding "[Contributor]
+ * elects to include this software in this distribution under the [CDDL or GPL
+ * Version 2] license."  If you don't indicate a single choice of license, a
+ * recipient has the option to distribute your version of this file under
+ * either the CDDL, the GPL Version 2 or to extend the choice of license to
+ * its licensees as provided above.  However, if you add GPL Version 2 code
+ * and therefore, elected the GPL Version 2 license, then the option applies
+ * only if the new code is made subject to such option by the copyright
+ * holder.
+ */
+package org.glassfish.common.util;
+
+import java.security.SecureRandom;
+
+/**
+ * Centralize usage of random number generator.
+ *
+ * @author: Petr Aubrecht
+ */
+public class RandomUtils {
+    private static final SecureRandom random = new SecureRandom();
+
+    public static int nextInt() {
+        return random.nextInt();
+    }
+
+    public static int nextInt(int bound) {
+        return random.nextInt(bound);
+    }
+}