Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: Java Security Ultimate Security Repo Scanner 2023 #268

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

refactor: Java Security Ultimate Security Repo Scanner 2023 #268

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion org.eclipse.draw2d.examples/sandbox/bidi/BenchmarkLevelRuns.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
*******************************************************************************/
package bidi;

import java.security.SecureRandom;
import java.text.Bidi;
import java.util.Random;

Expand All @@ -30,7 +31,7 @@ public static void main(String[] args) {
"\u0629\u0633\u0645\u0643\u0643\u0649" }; //$NON-NLS-1$

StringBuffer buffer = new StringBuffer();
Random rand = new Random();
Random rand = new SecureRandom();
for (int i = 0; i < 1000; i++) {
buffer.append(words[rand.nextInt(words.length)] + " "); //$NON-NLS-1$
}
Expand Down
3 changes: 2 additions & 1 deletion org.eclipse.draw2d.examples/src/org/eclipse/draw2d/examples/cg/ObstructionExample.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,7 @@

package org.eclipse.draw2d.examples.cg;

import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
Expand Down Expand Up @@ -213,7 +214,7 @@ public void mouseReleased(MouseEvent event) {
}

private final void createInitialObstacles() {
Random r = new Random(0);
Random r = new SecureRandom();
int rowSize = (int) Math.sqrt(INITAL_OBSTACLE_COUNT);
for (int i = 0; i < INITAL_OBSTACLE_COUNT; i++) {
DragFigure f = new DragFigure();
Expand Down
3 changes: 2 additions & 1 deletion org.eclipse.draw2d.examples/src/org/eclipse/draw2d/examples/graph/GraphTests.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
*******************************************************************************/
package org.eclipse.draw2d.examples.graph;

import java.security.SecureRandom;
import java.util.Random;

import org.eclipse.draw2d.graph.DirectedGraph;
Expand Down Expand Up @@ -76,7 +77,7 @@ public static DirectedGraph offsetTest(int direction) {
return graph;
}

static Random rand = new Random(90);
static Random rand = new SecureRandom();

/**
* @param nodes
Expand Down
3 changes: 2 additions & 1 deletion org.eclipse.draw2d/src/org/eclipse/draw2d/graph/RankSorter.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
*******************************************************************************/
package org.eclipse.draw2d.graph;

import java.security.SecureRandom;
import java.util.Collections;
import java.util.Comparator;
import java.util.Random;
Expand All @@ -22,7 +23,7 @@
*/
class RankSorter {

Random flipflop = new Random(3);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SecureRandom can be significantly slower than the plain old Random. Do we really need a cryptographically strong generator here?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By the looks of it, this change is redundant because randomization here is not used for any security purposes and possibly slows the overall performance of the sorter.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Optimization cases which can risk in outages are also made in scope of understanding the data through the lenses of great mixture of AI and software engineering. That's the though worth taking to considerations, as sometimes he can be kinda silly and send either very serious stuff or very chill like that ;)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think only zip folder change can be viable here, could you update the pr to not include SecureRandom changes?

Random flipflop = new SecureRandom();
Node node;
double rankSize, prevRankSize, nextRankSize;
int currentRow;
Expand Down
3 changes: 3 additions & 0 deletions ...ui.pde/src/org/eclipse/gef/examples/ui/pde/internal/wizards/ProjectUnzipperNewWizard.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -323,6 +323,9 @@ private void unzip(ZipFile zipFile, File projectFolderFile, IProgressMonitor mon
while (e.hasMoreElements()) {
ZipEntry zipEntry = (ZipEntry) e.nextElement();
File file = new File(projectFolderFile, zipEntry.getName());
if (!file.toPath().normalize().startsWith(projectFolderFile.toPath().normalize())) {
throw new IOException("Bad zip entry");
}

if (false == zipEntry.isDirectory()) {

Expand Down