You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@ozone.apache.org by ad...@apache.org on 2022/05/10 14:41:16 UTC
[ozone] branch master updated: HDDS-6678. Use secure random in production code (#3374)
This is an automated email from the ASF dual-hosted git repository.
adoroszlai pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/ozone.git
The following commit(s) were added to refs/heads/master by this push:
new 1419799bad HDDS-6678. Use secure random in production code (#3374)
1419799bad is described below
commit 1419799bad5cc0dc3e11b88c008ae921a6e3cf6a
Author: Doroszlai, Attila <64...@users.noreply.github.com>
AuthorDate: Tue May 10 16:41:10 2022 +0200
HDDS-6678. Use secure random in production code (#3374)
---
.../ozone/client/io/ECBlockReconstructedStripeInputStream.java | 1 +
.../java/org/apache/hadoop/hdds/freon/FakeClusterTopology.java | 1 +
.../java/org/apache/hadoop/hdds/scm/net/NetworkTopologyImpl.java | 1 +
.../ozone/container/common/report/ContainerReportPublisher.java | 1 +
.../ozone/container/common/report/PipelineReportPublisher.java | 1 +
.../ozone/container/ozoneimpl/ContainerDataScrubberMetrics.java | 1 +
.../x509/certificate/client/DefaultCertificateClient.java | 9 +++++++--
.../org/apache/hadoop/hdds/scm/SCMCommonPlacementPolicy.java | 5 +++--
.../apache/hadoop/hdds/scm/container/ContainerManagerImpl.java | 2 ++
.../pipeline/choose/algorithms/RandomPipelineChoosePolicy.java | 1 +
.../src/main/java/org/apache/ozone/test/GenericTestUtils.java | 1 +
.../main/java/org/apache/hadoop/ozone/s3/RequestIdentifier.java | 8 +++++++-
.../java/org/apache/hadoop/ozone/freon/BaseFreonGenerator.java | 1 +
.../org/apache/hadoop/ozone/freon/ChunkManagerDiskWrite.java | 1 +
.../java/org/apache/hadoop/ozone/freon/ContentGenerator.java | 1 +
.../java/org/apache/hadoop/ozone/freon/DatanodeBlockPutter.java | 1 +
.../org/apache/hadoop/ozone/freon/DatanodeChunkGenerator.java | 1 +
.../hadoop/ozone/freon/FollowerAppendLogEntryGenerator.java | 1 +
.../org/apache/hadoop/ozone/freon/HadoopDirTreeGenerator.java | 1 +
.../org/apache/hadoop/ozone/freon/HadoopNestedDirGenerator.java | 1 +
.../apache/hadoop/ozone/freon/LeaderAppendLogEntryGenerator.java | 1 +
.../org/apache/hadoop/ozone/freon/OmBucketReadWriteFileOps.java | 2 +-
.../java/org/apache/hadoop/ozone/freon/RandomKeyGenerator.java | 1 +
.../main/java/org/apache/hadoop/ozone/freon/S3KeyGenerator.java | 1 +
.../org/apache/hadoop/ozone/freon/SCMThroughputBenchmark.java | 1 +
.../hadoop/ozone/freon/containergenerator/GeneratorDatanode.java | 1 +
26 files changed, 41 insertions(+), 6 deletions(-)
diff --git a/hadoop-hdds/client/src/main/java/org/apache/hadoop/ozone/client/io/ECBlockReconstructedStripeInputStream.java b/hadoop-hdds/client/src/main/java/org/apache/hadoop/ozone/client/io/ECBlockReconstructedStripeInputStream.java
index dc7daf8fa3..197eba7922 100644
--- a/hadoop-hdds/client/src/main/java/org/apache/hadoop/ozone/client/io/ECBlockReconstructedStripeInputStream.java
+++ b/hadoop-hdds/client/src/main/java/org/apache/hadoop/ozone/client/io/ECBlockReconstructedStripeInputStream.java
@@ -415,6 +415,7 @@ public class ECBlockReconstructedStripeInputStream extends ECBlockInputStream {
* @param numRequired The number of parity chunks needed for reconstruction
* @return A list of indexes indicating which parity locations to read.
*/
+ @SuppressWarnings("java:S2245") // no need for secure random
private List<Integer> selectParityIndexes(
DatanodeDetails[] locations, int numRequired) {
List<Integer> indexes = new ArrayList<>();
diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/freon/FakeClusterTopology.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/freon/FakeClusterTopology.java
index 347323a5f9..ddecf1f060 100644
--- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/freon/FakeClusterTopology.java
+++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/freon/FakeClusterTopology.java
@@ -35,6 +35,7 @@ import org.slf4j.LoggerFactory;
/**
* Class to store pre-generated topology information for load-tests.
*/
+@SuppressWarnings("java:S2245") // no need for secure random
public class FakeClusterTopology {
private static final Logger LOGGER =
diff --git a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/net/NetworkTopologyImpl.java b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/net/NetworkTopologyImpl.java
index cdead1b091..f13a50b9a3 100644
--- a/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/net/NetworkTopologyImpl.java
+++ b/hadoop-hdds/common/src/main/java/org/apache/hadoop/hdds/scm/net/NetworkTopologyImpl.java
@@ -511,6 +511,7 @@ public class NetworkTopologyImpl implements NetworkTopology {
}
}
+ @SuppressWarnings("java:S2245") // no need for secure random
private Node chooseNodeInternal(String scope, int leafIndex,
List<String> excludedScopes, Collection<? extends Node> excludedNodes,
Node affinityNode, int ancestorGen) {
diff --git a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/common/report/ContainerReportPublisher.java b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/common/report/ContainerReportPublisher.java
index 99f4a4c767..7cffc7db01 100644
--- a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/common/report/ContainerReportPublisher.java
+++ b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/common/report/ContainerReportPublisher.java
@@ -74,6 +74,7 @@ public class ContainerReportPublisher extends
return containerReportInterval + getRandomReportDelay();
}
+ @SuppressWarnings("java:S2245") // no need for secure random
private long getRandomReportDelay() {
return RandomUtils.nextLong(0, containerReportInterval);
}
diff --git a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/common/report/PipelineReportPublisher.java b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/common/report/PipelineReportPublisher.java
index a001131cbe..ce2d6a47f5 100644
--- a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/common/report/PipelineReportPublisher.java
+++ b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/common/report/PipelineReportPublisher.java
@@ -62,6 +62,7 @@ public class PipelineReportPublisher extends
return pipelineReportInterval + getRandomReportDelay();
}
+ @SuppressWarnings("java:S2245") // no need for secure random
private long getRandomReportDelay() {
return RandomUtils.nextLong(0, pipelineReportInterval);
}
diff --git a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ozoneimpl/ContainerDataScrubberMetrics.java b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ozoneimpl/ContainerDataScrubberMetrics.java
index c924485531..bc62d7f924 100644
--- a/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ozoneimpl/ContainerDataScrubberMetrics.java
+++ b/hadoop-hdds/container-service/src/main/java/org/apache/hadoop/ozone/container/ozoneimpl/ContainerDataScrubberMetrics.java
@@ -108,6 +108,7 @@ public final class ContainerDataScrubberMetrics {
this.ms = ms;
}
+ @SuppressWarnings("java:S2245") // no need for secure random
public static ContainerDataScrubberMetrics create(final String volumeName) {
MetricsSystem ms = DefaultMetricsSystem.instance();
String name = "ContainerDataScrubberMetrics-" + (volumeName.isEmpty()
diff --git a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java
index d681806c12..e84826d481 100644
--- a/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java
+++ b/hadoop-hdds/framework/src/main/java/org/apache/hadoop/hdds/security/x509/certificate/client/DefaultCertificateClient.java
@@ -32,6 +32,7 @@ import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
+import java.security.SecureRandom;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertStore;
@@ -41,6 +42,7 @@ import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Objects;
+import java.util.Random;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.locks.Lock;
import java.util.concurrent.locks.ReentrantLock;
@@ -83,6 +85,8 @@ import org.slf4j.Logger;
*/
public abstract class DefaultCertificateClient implements CertificateClient {
+ private static final Random RANDOM = new SecureRandom();
+
private static final String CERT_FILE_NAME_FORMAT = "%s.crt";
private static final String CA_CERT_PREFIX = "CA-";
private static final int CA_CERT_PREFIX_LEN = 3;
@@ -822,8 +826,9 @@ public abstract class DefaultCertificateClient implements CertificateClient {
* */
protected boolean validateKeyPair(PublicKey pubKey)
throws CertificateException {
- byte[] challenge = RandomStringUtils.random(1000).getBytes(
- StandardCharsets.UTF_8);
+ byte[] challenge =
+ RandomStringUtils.random(1000, 0, 0, false, false, null, RANDOM)
+ .getBytes(StandardCharsets.UTF_8);
byte[] sign = signDataStream(new ByteArrayInputStream(challenge));
return verifySignature(challenge, sign, pubKey);
}
diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/SCMCommonPlacementPolicy.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/SCMCommonPlacementPolicy.java
index bcdb737b80..cd1e65da8d 100644
--- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/SCMCommonPlacementPolicy.java
+++ b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/SCMCommonPlacementPolicy.java
@@ -49,7 +49,9 @@ public abstract class SCMCommonPlacementPolicy implements PlacementPolicy {
static final Logger LOG =
LoggerFactory.getLogger(SCMCommonPlacementPolicy.class);
private final NodeManager nodeManager;
- private final Random rand;
+
+ @SuppressWarnings("java:S2245") // no need for secure random
+ private final Random rand = new Random();
private final ConfigurationSource conf;
private final boolean shouldRemovePeers;
@@ -73,7 +75,6 @@ public abstract class SCMCommonPlacementPolicy implements PlacementPolicy {
public SCMCommonPlacementPolicy(NodeManager nodeManager,
ConfigurationSource conf) {
this.nodeManager = nodeManager;
- this.rand = new Random();
this.conf = conf;
this.shouldRemovePeers = ScmUtils.shouldRemovePeers(conf);
}
diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/container/ContainerManagerImpl.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/container/ContainerManagerImpl.java
index e4076d9c4f..f3f1a8a520 100644
--- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/container/ContainerManagerImpl.java
+++ b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/container/ContainerManagerImpl.java
@@ -94,6 +94,8 @@ public class ContainerManagerImpl implements ContainerManager {
private final SCMContainerManagerMetrics scmContainerManagerMetrics;
private final int numContainerPerVolume;
+
+ @SuppressWarnings("java:S2245") // no need for secure random
private final Random random = new Random();
/**
diff --git a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/pipeline/choose/algorithms/RandomPipelineChoosePolicy.java b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/pipeline/choose/algorithms/RandomPipelineChoosePolicy.java
index 080ea969f1..457e391abb 100644
--- a/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/pipeline/choose/algorithms/RandomPipelineChoosePolicy.java
+++ b/hadoop-hdds/server-scm/src/main/java/org/apache/hadoop/hdds/scm/pipeline/choose/algorithms/RandomPipelineChoosePolicy.java
@@ -31,6 +31,7 @@ import java.util.List;
public class RandomPipelineChoosePolicy implements PipelineChoosePolicy {
@Override
+ @SuppressWarnings("java:S2245") // no need for secure random
public Pipeline choosePipeline(List<Pipeline> pipelineList,
PipelineRequestInformation pri) {
return pipelineList.get((int) (Math.random() * pipelineList.size()));
diff --git a/hadoop-hdds/test-utils/src/main/java/org/apache/ozone/test/GenericTestUtils.java b/hadoop-hdds/test-utils/src/main/java/org/apache/ozone/test/GenericTestUtils.java
index eb76c5e70a..975f2c5f19 100644
--- a/hadoop-hdds/test-utils/src/main/java/org/apache/ozone/test/GenericTestUtils.java
+++ b/hadoop-hdds/test-utils/src/main/java/org/apache/ozone/test/GenericTestUtils.java
@@ -137,6 +137,7 @@ public abstract class GenericTestUtils {
*
* @return a string to use in paths
*/
+ @SuppressWarnings("java:S2245") // no need for secure random
public static String getRandomizedTempPath() {
return getTempPath(RandomStringUtils.randomAlphanumeric(10));
}
diff --git a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/RequestIdentifier.java b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/RequestIdentifier.java
index 379393cfc7..c9c299094a 100644
--- a/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/RequestIdentifier.java
+++ b/hadoop-ozone/s3gateway/src/main/java/org/apache/hadoop/ozone/s3/RequestIdentifier.java
@@ -23,18 +23,24 @@ import org.apache.hadoop.ozone.web.utils.OzoneUtils;
import org.apache.commons.lang3.RandomStringUtils;
+import java.security.SecureRandom;
+import java.util.Random;
+
/**
* Request specific identifiers.
*/
@RequestScoped
public class RequestIdentifier {
+ private static final Random RANDOM = new SecureRandom();
+
private final String requestId;
private final String amzId;
public RequestIdentifier() {
- amzId = RandomStringUtils.randomAlphanumeric(8, 16);
+ int count = 8 + RANDOM.nextInt(8);
+ amzId = RandomStringUtils.random(count, 0, 0, true, true, null, RANDOM);
requestId = OzoneUtils.getRequestID();
}
diff --git a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/BaseFreonGenerator.java b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/BaseFreonGenerator.java
index e98322933f..710efa3bcf 100644
--- a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/BaseFreonGenerator.java
+++ b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/BaseFreonGenerator.java
@@ -66,6 +66,7 @@ import picocli.CommandLine.ParentCommand;
/**
* Base class for simplified performance tests.
*/
+@SuppressWarnings("java:S2245") // no need for secure random
public class BaseFreonGenerator {
private static final Logger LOG =
diff --git a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/ChunkManagerDiskWrite.java b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/ChunkManagerDiskWrite.java
index 3efc08c479..20b03dd39c 100644
--- a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/ChunkManagerDiskWrite.java
+++ b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/ChunkManagerDiskWrite.java
@@ -60,6 +60,7 @@ import static org.apache.commons.lang3.RandomStringUtils.randomAscii;
versionProvider = HddsVersionProvider.class,
mixinStandardHelpOptions = true,
showDefaultValues = true)
+@SuppressWarnings("java:S2245") // no need for secure random
public class ChunkManagerDiskWrite extends BaseFreonGenerator implements
Callable<Void> {
diff --git a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/ContentGenerator.java b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/ContentGenerator.java
index 542634c488..92f7ae4b2e 100644
--- a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/ContentGenerator.java
+++ b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/ContentGenerator.java
@@ -26,6 +26,7 @@ import org.apache.commons.lang3.RandomStringUtils;
/**
* Utility class to write random keys from a limited buffer.
*/
+@SuppressWarnings("java:S2245") // no need for secure random
public class ContentGenerator {
/**
diff --git a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/DatanodeBlockPutter.java b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/DatanodeBlockPutter.java
index 620fd859fc..f6a5c59650 100644
--- a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/DatanodeBlockPutter.java
+++ b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/DatanodeBlockPutter.java
@@ -54,6 +54,7 @@ import picocli.CommandLine.Option;
versionProvider = HddsVersionProvider.class,
mixinStandardHelpOptions = true,
showDefaultValues = true)
+@SuppressWarnings("java:S2245") // no need for secure random
public class DatanodeBlockPutter extends BaseFreonGenerator implements
Callable<Void> {
diff --git a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/DatanodeChunkGenerator.java b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/DatanodeChunkGenerator.java
index 9e73bfb637..6362f32d04 100644
--- a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/DatanodeChunkGenerator.java
+++ b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/DatanodeChunkGenerator.java
@@ -61,6 +61,7 @@ import picocli.CommandLine.Option;
versionProvider = HddsVersionProvider.class,
mixinStandardHelpOptions = true,
showDefaultValues = true)
+@SuppressWarnings("java:S2245") // no need for secure random
public class DatanodeChunkGenerator extends BaseFreonGenerator implements
Callable<Void> {
diff --git a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/FollowerAppendLogEntryGenerator.java b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/FollowerAppendLogEntryGenerator.java
index 07d0db800f..f1f43f5c53 100644
--- a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/FollowerAppendLogEntryGenerator.java
+++ b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/FollowerAppendLogEntryGenerator.java
@@ -88,6 +88,7 @@ import picocli.CommandLine.Option;
versionProvider = HddsVersionProvider.class,
mixinStandardHelpOptions = true,
showDefaultValues = true)
+@SuppressWarnings("java:S2245") // no need for secure random
public class FollowerAppendLogEntryGenerator extends BaseAppendLogGenerator
implements Callable<Void>, StreamObserver<AppendEntriesReplyProto> {
diff --git a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/HadoopDirTreeGenerator.java b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/HadoopDirTreeGenerator.java
index 0ed2a6eda2..bc3353e22a 100644
--- a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/HadoopDirTreeGenerator.java
+++ b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/HadoopDirTreeGenerator.java
@@ -43,6 +43,7 @@ import java.util.concurrent.atomic.AtomicLong;
versionProvider = HddsVersionProvider.class,
mixinStandardHelpOptions = true,
showDefaultValues = true)
+@SuppressWarnings("java:S2245") // no need for secure random
public class HadoopDirTreeGenerator extends BaseFreonGenerator
implements Callable<Void> {
diff --git a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/HadoopNestedDirGenerator.java b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/HadoopNestedDirGenerator.java
index e36c769640..8e631e5b6a 100644
--- a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/HadoopNestedDirGenerator.java
+++ b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/HadoopNestedDirGenerator.java
@@ -40,6 +40,7 @@ import picocli.CommandLine.Option;
versionProvider = HddsVersionProvider.class,
mixinStandardHelpOptions = true,
showDefaultValues = true)
+@SuppressWarnings("java:S2245") // no need for secure random
public class HadoopNestedDirGenerator extends BaseFreonGenerator
implements Callable<Void> {
diff --git a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/LeaderAppendLogEntryGenerator.java b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/LeaderAppendLogEntryGenerator.java
index 8943ca1fac..40f6702603 100644
--- a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/LeaderAppendLogEntryGenerator.java
+++ b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/LeaderAppendLogEntryGenerator.java
@@ -81,6 +81,7 @@ import picocli.CommandLine.Option;
versionProvider = HddsVersionProvider.class,
mixinStandardHelpOptions = true,
showDefaultValues = true)
+@SuppressWarnings("java:S2245") // no need for secure random
public class LeaderAppendLogEntryGenerator extends BaseAppendLogGenerator
implements
Callable<Void> {
diff --git a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/OmBucketReadWriteFileOps.java b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/OmBucketReadWriteFileOps.java
index 401e71b174..d8837f2ce3 100644
--- a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/OmBucketReadWriteFileOps.java
+++ b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/OmBucketReadWriteFileOps.java
@@ -52,7 +52,7 @@ import java.util.concurrent.ExecutorCompletionService;
versionProvider = HddsVersionProvider.class,
mixinStandardHelpOptions = true,
showDefaultValues = true)
-
+@SuppressWarnings("java:S2245") // no need for secure random
public class OmBucketReadWriteFileOps extends BaseFreonGenerator
implements Callable<Void> {
diff --git a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/RandomKeyGenerator.java b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/RandomKeyGenerator.java
index 75b17434e6..38a96075c6 100644
--- a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/RandomKeyGenerator.java
+++ b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/RandomKeyGenerator.java
@@ -86,6 +86,7 @@ import static org.apache.hadoop.ozone.conf.OzoneServiceConfig.DEFAULT_SHUTDOWN_H
versionProvider = HddsVersionProvider.class,
mixinStandardHelpOptions = true,
showDefaultValues = true)
+@SuppressWarnings("java:S2245") // no need for secure random
public final class RandomKeyGenerator implements Callable<Void> {
@ParentCommand
diff --git a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/S3KeyGenerator.java b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/S3KeyGenerator.java
index 292b9f13e2..708f4a14f8 100644
--- a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/S3KeyGenerator.java
+++ b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/S3KeyGenerator.java
@@ -54,6 +54,7 @@ import picocli.CommandLine.Option;
versionProvider = HddsVersionProvider.class,
mixinStandardHelpOptions = true,
showDefaultValues = true)
+@SuppressWarnings("java:S2245") // no need for secure random
public class S3KeyGenerator extends BaseFreonGenerator
implements Callable<Void> {
diff --git a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/SCMThroughputBenchmark.java b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/SCMThroughputBenchmark.java
index 8eef66775a..b3887783c4 100644
--- a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/SCMThroughputBenchmark.java
+++ b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/SCMThroughputBenchmark.java
@@ -107,6 +107,7 @@ import static org.apache.hadoop.hdds.utils.HddsServerUtil.getScmRpcRetryInterval
versionProvider = HddsVersionProvider.class,
mixinStandardHelpOptions = true,
showDefaultValues = true)
+@SuppressWarnings("java:S2245") // no need for secure random
public final class SCMThroughputBenchmark implements Callable<Void> {
public static final Logger LOG =
diff --git a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/containergenerator/GeneratorDatanode.java b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/containergenerator/GeneratorDatanode.java
index 02fa7e6373..b2fa7d49ce 100644
--- a/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/containergenerator/GeneratorDatanode.java
+++ b/hadoop-ozone/tools/src/main/java/org/apache/hadoop/ozone/freon/containergenerator/GeneratorDatanode.java
@@ -81,6 +81,7 @@ import picocli.CommandLine.Option;
versionProvider = HddsVersionProvider.class,
mixinStandardHelpOptions = true,
showDefaultValues = true)
+@SuppressWarnings("java:S2245") // no need for secure random
public class GeneratorDatanode extends BaseGenerator {
@Option(names = {"--datanodes"},
---------------------------------------------------------------------
To unsubscribe, e-mail: commits-unsubscribe@ozone.apache.org
For additional commands, e-mail: commits-help@ozone.apache.org