You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@roller.apache.org by ad...@apache.org on 2021/01/05 11:42:53 UTC

[roller] branch master updated: Fixed: sonarqube issue - 'Random' objects should be reused Creating a new Random object each time a random value is needed is inefficient and may produce numbers which are not random depending on the JDK. For better efficiency and randomness, create a single Random, then store, and reuse it.

This is an automated email from the ASF dual-hosted git repository.

adityasharma pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/roller.git


The following commit(s) were added to refs/heads/master by this push:
     new 2d4fc5a  Fixed: sonarqube issue - 'Random' objects should be reused Creating a new Random object each time a random value is needed is inefficient and may produce numbers which are not random depending on the JDK. For better efficiency and randomness, create a single Random, then store, and reuse it.
2d4fc5a is described below

commit 2d4fc5a6f1b6d585629ca8e78307d82bbda18412
Author: Aditya Sharma <ad...@apache.org>
AuthorDate: Tue Jan 5 17:12:19 2021 +0530

    Fixed: sonarqube issue - 'Random' objects should be reused
    Creating a new Random object each time a random value is needed is inefficient and may produce numbers which are not random depending on the JDK. For better efficiency and randomness, create a single Random, then store, and reuse it.
    
    The Random() constructor tries to set the seed with a distinct value every time. However there is no guarantee that the seed will be random or even uniformly distributed. Some JDK will use the current time as seed, which makes the generated numbers not random at all.
    
    This rule finds cases where a new Random is created each time a method is invoked and assigned to a local random variable.
---
 .../plugins/comments/MathCommentAuthenticator.java | 36 +++++++++++-----------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git a/app/src/main/java/org/apache/roller/weblogger/ui/rendering/plugins/comments/MathCommentAuthenticator.java b/app/src/main/java/org/apache/roller/weblogger/ui/rendering/plugins/comments/MathCommentAuthenticator.java
index 8f37859..933363f 100644
--- a/app/src/main/java/org/apache/roller/weblogger/ui/rendering/plugins/comments/MathCommentAuthenticator.java
+++ b/app/src/main/java/org/apache/roller/weblogger/ui/rendering/plugins/comments/MathCommentAuthenticator.java
@@ -20,6 +20,7 @@ package org.apache.roller.weblogger.ui.rendering.plugins.comments;
 
 import java.util.Locale;
 import java.util.Random;
+import java.security.SecureRandom;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 import org.apache.commons.logging.Log;
@@ -31,20 +32,19 @@ import org.apache.roller.weblogger.util.I18nMessages;
  * Asks the commenter to answer a simple math question.
  */
 public class MathCommentAuthenticator implements CommentAuthenticator {
-    
+    private Random ran = new SecureRandom();
     private static Log mLogger = LogFactory.getLog(MathCommentAuthenticator.class);
-    
-    
+
+
     public String getHtml(HttpServletRequest request) {
-        
+
         int answer = 0;
-        
+
         HttpSession session = request.getSession(true);
         if (session.getAttribute("mathAnswer") == null) {
             // starting a new test
-            Random ran = new Random();
-            int value1 = ran.nextInt(10);
-            int value2 = ran.nextInt(100);
+            int value1 = this.ran.nextInt(10);
+            int value2 = this.ran.nextInt(100);
             int sum = value1 + value2;
             session.setAttribute("mathValue1", value1);
             session.setAttribute("mathValue2", value2);
@@ -64,7 +64,7 @@ public class MathCommentAuthenticator implements CommentAuthenticator {
         Locale locale = CommentAuthenticatorUtils.getLocale(request);
         I18nMessages messages = I18nMessages.getMessages(locale);
         StringBuilder sb = new StringBuilder();
-        
+
         sb.append("<p>");
         sb.append(messages.getString("comments.mathAuthenticatorQuestion"));
         sb.append("</p><p>");
@@ -75,23 +75,23 @@ public class MathCommentAuthenticator implements CommentAuthenticator {
         sb.append("<input name=\"answer\" value=\"");
         sb.append(answer);
         sb.append("\" /></p>");
-        
+
         return sb.toString();
     }
-    
-    
+
+
     public boolean authenticate(HttpServletRequest request) {
-        
+
         boolean authentic = false;
-        
+
         HttpSession session = request.getSession(false);
         String answerString = request.getParameter("answer");
-        
+
         if (answerString != null && session != null) {
             try {
                 int answer = Integer.parseInt(answerString);
                 Integer sum = (Integer) session.getAttribute("mathAnswer");
-                
+
                 if (sum != null && answer == sum) {
                     authentic = true;
                     session.removeAttribute("mathAnswer");
@@ -105,9 +105,9 @@ public class MathCommentAuthenticator implements CommentAuthenticator {
                 mLogger.error(e);
             }
         }
-        
+
         return authentic;
     }
-    
+
 }