You are viewing a plain text version of this content. The canonical link for it is here.
Posted to notifications@shardingsphere.apache.org by ji...@apache.org on 2023/05/08 16:51:38 UTC

[shardingsphere] branch master updated: Use SecureRandom instead of ThreadLocalRandom (#25526)

This is an automated email from the ASF dual-hosted git repository.

jianglongtao pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/shardingsphere.git


The following commit(s) were added to refs/heads/master by this push:
     new 81eb3fe1512 Use SecureRandom instead of ThreadLocalRandom (#25526)
81eb3fe1512 is described below

commit 81eb3fe151211b0005ac1a9419aefbb3a2993b7d
Author: Liang Zhang <zh...@apache.org>
AuthorDate: Tue May 9 00:51:21 2023 +0800

    Use SecureRandom instead of ThreadLocalRandom (#25526)
---
 .../db/protocol/mysql/packet/handshake/MySQLRandomGenerator.java   | 6 +++---
 .../packet/authentication/OpenGaussAuthenticationHexData.java      | 5 +++--
 .../postgresql/packet/handshake/PostgreSQLRandomGenerator.java     | 7 +++++--
 3 files changed, 11 insertions(+), 7 deletions(-)

diff --git a/db-protocol/mysql/src/main/java/org/apache/shardingsphere/db/protocol/mysql/packet/handshake/MySQLRandomGenerator.java b/db-protocol/mysql/src/main/java/org/apache/shardingsphere/db/protocol/mysql/packet/handshake/MySQLRandomGenerator.java
index 929a87a1874..6db5a6ab867 100644
--- a/db-protocol/mysql/src/main/java/org/apache/shardingsphere/db/protocol/mysql/packet/handshake/MySQLRandomGenerator.java
+++ b/db-protocol/mysql/src/main/java/org/apache/shardingsphere/db/protocol/mysql/packet/handshake/MySQLRandomGenerator.java
@@ -21,8 +21,8 @@ import lombok.AccessLevel;
 import lombok.Getter;
 import lombok.NoArgsConstructor;
 
+import java.security.SecureRandom;
 import java.util.Random;
-import java.util.concurrent.ThreadLocalRandom;
 
 /**
  * Random generator for MySQL.
@@ -38,12 +38,12 @@ public final class MySQLRandomGenerator {
             'A', 'B', 'C', 'D', 'E', 'F', 'G', 'H', 'I', 'J', 'K', 'L', 'M', 'N', 'O', 'P', 'Q', 'R', 'S', 'T', 'U', 'V', 'W', 'X', 'Y', 'Z',
             '0', '1', '2', '3', '4', '5', '6', '7', '8', '9'};
     
-    private final Random random = ThreadLocalRandom.current();
+    private final Random random = new SecureRandom();
     
     /**
      * Generate random bytes.
      *
-     * @param length length for generated bytes.
+     * @param length length for generated bytes
      * @return generated bytes
      */
     public byte[] generateRandomBytes(final int length) {
diff --git a/db-protocol/opengauss/src/main/java/org/apache/shardingsphere/db/protocol/opengauss/packet/authentication/OpenGaussAuthenticationHexData.java b/db-protocol/opengauss/src/main/java/org/apache/shardingsphere/db/protocol/opengauss/packet/authentication/OpenGaussAuthenticationHexData.java
index 0f2fa7bf28c..7eacf5a3552 100644
--- a/db-protocol/opengauss/src/main/java/org/apache/shardingsphere/db/protocol/opengauss/packet/authentication/OpenGaussAuthenticationHexData.java
+++ b/db-protocol/opengauss/src/main/java/org/apache/shardingsphere/db/protocol/opengauss/packet/authentication/OpenGaussAuthenticationHexData.java
@@ -19,7 +19,8 @@ package org.apache.shardingsphere.db.protocol.opengauss.packet.authentication;
 
 import lombok.Getter;
 
-import java.util.concurrent.ThreadLocalRandom;
+import java.security.SecureRandom;
+import java.util.Random;
 
 /**
  * Authentication hex data for openGauss.
@@ -37,7 +38,7 @@ public final class OpenGaussAuthenticationHexData {
     }
     
     private String generate(final int length) {
-        ThreadLocalRandom random = ThreadLocalRandom.current();
+        Random random = new SecureRandom();
         StringBuilder result = new StringBuilder(length);
         for (int i = 0; i < result.capacity(); i++) {
             result.append(Integer.toString(random.nextInt(0x10), 0x10));
diff --git a/db-protocol/postgresql/src/main/java/org/apache/shardingsphere/db/protocol/postgresql/packet/handshake/PostgreSQLRandomGenerator.java b/db-protocol/postgresql/src/main/java/org/apache/shardingsphere/db/protocol/postgresql/packet/handshake/PostgreSQLRandomGenerator.java
index f17759b6e14..507746361c8 100644
--- a/db-protocol/postgresql/src/main/java/org/apache/shardingsphere/db/protocol/postgresql/packet/handshake/PostgreSQLRandomGenerator.java
+++ b/db-protocol/postgresql/src/main/java/org/apache/shardingsphere/db/protocol/postgresql/packet/handshake/PostgreSQLRandomGenerator.java
@@ -20,7 +20,8 @@ package org.apache.shardingsphere.db.protocol.postgresql.packet.handshake;
 import lombok.AccessLevel;
 import lombok.NoArgsConstructor;
 
-import java.util.concurrent.ThreadLocalRandom;
+import java.security.SecureRandom;
+import java.util.Random;
 
 /**
  * Random generator for PostgreSQL.
@@ -30,6 +31,8 @@ public final class PostgreSQLRandomGenerator {
     
     private static final PostgreSQLRandomGenerator INSTANCE = new PostgreSQLRandomGenerator();
     
+    private final Random random = new SecureRandom();
+    
     /**
      * Get instance.
      *
@@ -47,7 +50,7 @@ public final class PostgreSQLRandomGenerator {
      */
     public byte[] generateRandomBytes(final int length) {
         byte[] result = new byte[length];
-        ThreadLocalRandom.current().nextBytes(result);
+        random.nextBytes(result);
         return result;
     }
 }