Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

FISH-9771 FISH-9688 spot bugs random only used once #6967

Merged

Conversation

NotedSalmon
Copy link
Contributor

@NotedSalmon NotedSalmon commented Sep 23, 2024

Used SecurityUtils to generate a random and use it within the respective classes. Spot bugs issue. (check description)

Description

Spotbugs warning:

Random object created and used only once in com.sun.enterprise.admin.cli.cluster.ImportSyncBundleCommand.backupInstanceDir()

This code creates a java.util.Random object, uses it to generate one random number, and then discards the Random object. This produces mediocre quality random numbers and is inefficient. If possible, rewrite the code so that the Random object is created once and saved, and each time a new random number is required invoke a method on the existing Random object to obtain it.

If it is important that the generated Random numbers not be guessable, you must not create a new Random for each random number; the values are too easily guessable. You should strongly consider using a java.security.SecureRandom instead (and avoid allocating a new SecureRandom for each random number needed).random objects.

Important Info

Blockers

Testing

New tests

Testing Performed

built payara and ran spotbugs against the changes made.

Testing Environment

Documentation

Notes for Reviewers

Copy link
Contributor

@aubi aubi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@NotedSalmon NotedSalmon changed the title FISH-9771 spot bugs random only used once FISH-9771 FISH-9688 spot bugs random only used once Sep 25, 2024
By moving the SecureRandom to outside the previous method, I am able to use the random created in the other classes such as cluster and the command.
Copy link
Contributor

@aubi aubi left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

@NotedSalmon NotedSalmon force-pushed the FISH-9771-spot-bugs-random-only-used-once branch 2 times, most recently from b374934 to 2e9aae7 Compare September 26, 2024 16:17
@NotedSalmon NotedSalmon force-pushed the FISH-9771-spot-bugs-random-only-used-once branch from 2e9aae7 to 7300fe7 Compare September 26, 2024 16:21
@jGauravGupta jGauravGupta merged commit 03ceccb into payara:main Sep 30, 2024
1 check passed
Pandrex247 pushed a commit to Pandrex247/Payara that referenced this pull request Oct 10, 2024
…andom-only-used-once

FISH-9771 FISH-9688 spot bugs random only used once
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants