You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by pr...@apache.org on 2017/10/08 04:28:32 UTC
zeppelin git commit: [ZEPPELIN-2970] Enhance Authentication
decrypting key generation
Repository: zeppelin
Updated Branches:
refs/heads/master 0efb5a678 -> e998f5e06
[ZEPPELIN-2970] Enhance Authentication decrypting key generation
### What is this PR for?
Overview : The random number generator implemented by nextInt() cannot withstand a cryptographic attack.
In the file IdHashes.java similar issues were on line numbers 74
Comments : Use of SecureRandom is recommended
### What type of PR is it?
[Refactoring]
### What is the Jira issue?
* [https://issues.apache.org/jira/browse/ZEPPELIN-2970](https://issues.apache.org/jira/browse/ZEPPELIN-2970)
### How should this be tested?
CI should be green
Author: Prabhjyot Singh <pr...@gmail.com>
Closes #2606 from prabhjyotsingh/ZEPPELIN-2970 and squashes the following commits:
e1a9d3a5f [Prabhjyot Singh] Change all "java.util.Random" to "java.security.SecureRandom"
f3f22e803 [Prabhjyot Singh] use SecureRandom instead of Random
Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo
Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/e998f5e0
Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/e998f5e0
Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/e998f5e0
Branch: refs/heads/master
Commit: e998f5e067daf71a0bbadcabc012d8e644c2b3e1
Parents: 0efb5a6
Author: Prabhjyot Singh <pr...@gmail.com>
Authored: Fri Oct 6 15:02:31 2017 +0530
Committer: Prabhjyot Singh <pr...@gmail.com>
Committed: Sun Oct 8 09:58:24 2017 +0530
----------------------------------------------------------------------
.../src/main/java/org/apache/zeppelin/python/IPythonClient.java | 4 ++--
.../java/org/apache/zeppelin/interpreter/InterpreterGroup.java | 4 ++--
.../src/main/java/org/apache/zeppelin/util/IdHashes.java | 4 ++--
.../src/main/java/org/apache/zeppelin/notebook/Paragraph.java | 5 ++---
.../java/org/apache/zeppelin/notebook/utility/IdHashes.java | 4 ++--
5 files changed, 10 insertions(+), 11 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/e998f5e0/python/src/main/java/org/apache/zeppelin/python/IPythonClient.java
----------------------------------------------------------------------
diff --git a/python/src/main/java/org/apache/zeppelin/python/IPythonClient.java b/python/src/main/java/org/apache/zeppelin/python/IPythonClient.java
index 40b9afd..05fe4ba 100644
--- a/python/src/main/java/org/apache/zeppelin/python/IPythonClient.java
+++ b/python/src/main/java/org/apache/zeppelin/python/IPythonClient.java
@@ -40,7 +40,7 @@ import java.io.IOException;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
-import java.util.Random;
+import java.security.SecureRandom;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicBoolean;
@@ -55,7 +55,7 @@ public class IPythonClient {
private final IPythonGrpc.IPythonBlockingStub blockingStub;
private final IPythonGrpc.IPythonStub asyncStub;
- private Random random = new Random();
+ private SecureRandom random = new SecureRandom();
/**
* Construct client for accessing RouteGuide server at {@code host:port}.
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/e998f5e0/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/InterpreterGroup.java
----------------------------------------------------------------------
diff --git a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/InterpreterGroup.java b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/InterpreterGroup.java
index 5428cdb..6acd601 100644
--- a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/InterpreterGroup.java
+++ b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/InterpreterGroup.java
@@ -26,7 +26,7 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
-import java.util.Random;
+import java.security.SecureRandom;
import java.util.concurrent.ConcurrentHashMap;
/**
@@ -70,7 +70,7 @@ public class InterpreterGroup {
}
private static String generateId() {
- return "InterpreterGroup_" + System.currentTimeMillis() + "_" + new Random().nextInt();
+ return "InterpreterGroup_" + System.currentTimeMillis() + "_" + new SecureRandom().nextInt();
}
public String getId() {
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/e998f5e0/zeppelin-interpreter/src/main/java/org/apache/zeppelin/util/IdHashes.java
----------------------------------------------------------------------
diff --git a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/util/IdHashes.java b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/util/IdHashes.java
index 14c03a1..052aaef 100644
--- a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/util/IdHashes.java
+++ b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/util/IdHashes.java
@@ -20,7 +20,7 @@ package org.apache.zeppelin.util;
import java.math.BigInteger;
import java.util.ArrayList;
import java.util.List;
-import java.util.Random;
+import java.security.SecureRandom;
/**
* Generate Tiny ID.
@@ -71,6 +71,6 @@ public class IdHashes {
}
public static String generateId() {
- return encode(System.currentTimeMillis() + new Random().nextInt());
+ return encode(System.currentTimeMillis() + new SecureRandom().nextInt());
}
}
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/e998f5e0/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Paragraph.java
----------------------------------------------------------------------
diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Paragraph.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Paragraph.java
index 161dc30..68ce794 100644
--- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Paragraph.java
+++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Paragraph.java
@@ -26,7 +26,7 @@ import java.util.LinkedHashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
-import java.util.Random;
+import java.security.SecureRandom;
import java.util.Set;
import org.apache.commons.lang.StringUtils;
@@ -139,8 +139,7 @@ public class Paragraph extends Job implements Cloneable, JsonSerializable {
}
private static String generateId() {
- return "paragraph_" + System.currentTimeMillis() + "_" + new Random(System.currentTimeMillis())
- .nextInt();
+ return "paragraph_" + System.currentTimeMillis() + "_" + new SecureRandom().nextInt();
}
public Map<String, Paragraph> getUserParagraphMap() {
http://git-wip-us.apache.org/repos/asf/zeppelin/blob/e998f5e0/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/utility/IdHashes.java
----------------------------------------------------------------------
diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/utility/IdHashes.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/utility/IdHashes.java
index 98aaac8..7b0d804 100644
--- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/utility/IdHashes.java
+++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/utility/IdHashes.java
@@ -18,9 +18,9 @@
package org.apache.zeppelin.notebook.utility;
import java.math.BigInteger;
+import java.security.SecureRandom;
import java.util.ArrayList;
import java.util.List;
-import java.util.Random;
/**
* Generate Tiny ID.
@@ -71,6 +71,6 @@ public class IdHashes {
}
public static String generateId() {
- return encode(System.currentTimeMillis() + new Random().nextInt());
+ return encode(System.currentTimeMillis() + new SecureRandom().nextInt());
}
}