You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@zeppelin.apache.org by pr...@apache.org on 2017/10/08 04:28:32 UTC

zeppelin git commit: [ZEPPELIN-2970] Enhance Authentication decrypting key generation

Repository: zeppelin
Updated Branches:
  refs/heads/master 0efb5a678 -> e998f5e06


[ZEPPELIN-2970] Enhance Authentication decrypting key generation

### What is this PR for?
Overview : The random number generator implemented by nextInt() cannot withstand a cryptographic attack.
In the file IdHashes.java similar issues were on line numbers 74
Comments : Use of SecureRandom is recommended

### What type of PR is it?
[Refactoring]

### What is the Jira issue?
* [https://issues.apache.org/jira/browse/ZEPPELIN-2970](https://issues.apache.org/jira/browse/ZEPPELIN-2970)

### How should this be tested?
CI should be green

Author: Prabhjyot Singh <pr...@gmail.com>

Closes #2606 from prabhjyotsingh/ZEPPELIN-2970 and squashes the following commits:

e1a9d3a5f [Prabhjyot Singh] Change all "java.util.Random" to "java.security.SecureRandom"
f3f22e803 [Prabhjyot Singh] use SecureRandom instead of Random


Project: http://git-wip-us.apache.org/repos/asf/zeppelin/repo
Commit: http://git-wip-us.apache.org/repos/asf/zeppelin/commit/e998f5e0
Tree: http://git-wip-us.apache.org/repos/asf/zeppelin/tree/e998f5e0
Diff: http://git-wip-us.apache.org/repos/asf/zeppelin/diff/e998f5e0

Branch: refs/heads/master
Commit: e998f5e067daf71a0bbadcabc012d8e644c2b3e1
Parents: 0efb5a6
Author: Prabhjyot Singh <pr...@gmail.com>
Authored: Fri Oct 6 15:02:31 2017 +0530
Committer: Prabhjyot Singh <pr...@gmail.com>
Committed: Sun Oct 8 09:58:24 2017 +0530

----------------------------------------------------------------------
 .../src/main/java/org/apache/zeppelin/python/IPythonClient.java | 4 ++--
 .../java/org/apache/zeppelin/interpreter/InterpreterGroup.java  | 4 ++--
 .../src/main/java/org/apache/zeppelin/util/IdHashes.java        | 4 ++--
 .../src/main/java/org/apache/zeppelin/notebook/Paragraph.java   | 5 ++---
 .../java/org/apache/zeppelin/notebook/utility/IdHashes.java     | 4 ++--
 5 files changed, 10 insertions(+), 11 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/zeppelin/blob/e998f5e0/python/src/main/java/org/apache/zeppelin/python/IPythonClient.java
----------------------------------------------------------------------
diff --git a/python/src/main/java/org/apache/zeppelin/python/IPythonClient.java b/python/src/main/java/org/apache/zeppelin/python/IPythonClient.java
index 40b9afd..05fe4ba 100644
--- a/python/src/main/java/org/apache/zeppelin/python/IPythonClient.java
+++ b/python/src/main/java/org/apache/zeppelin/python/IPythonClient.java
@@ -40,7 +40,7 @@ import java.io.IOException;
 import java.util.ArrayList;
 import java.util.Iterator;
 import java.util.List;
-import java.util.Random;
+import java.security.SecureRandom;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicBoolean;
 
@@ -55,7 +55,7 @@ public class IPythonClient {
   private final IPythonGrpc.IPythonBlockingStub blockingStub;
   private final IPythonGrpc.IPythonStub asyncStub;
 
-  private Random random = new Random();
+  private SecureRandom random = new SecureRandom();
 
   /**
    * Construct client for accessing RouteGuide server at {@code host:port}.

http://git-wip-us.apache.org/repos/asf/zeppelin/blob/e998f5e0/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/InterpreterGroup.java
----------------------------------------------------------------------
diff --git a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/InterpreterGroup.java b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/InterpreterGroup.java
index 5428cdb..6acd601 100644
--- a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/InterpreterGroup.java
+++ b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/interpreter/InterpreterGroup.java
@@ -26,7 +26,7 @@ import java.util.ArrayList;
 import java.util.Collection;
 import java.util.List;
 import java.util.Map;
-import java.util.Random;
+import java.security.SecureRandom;
 import java.util.concurrent.ConcurrentHashMap;
 
 /**
@@ -70,7 +70,7 @@ public class InterpreterGroup {
   }
 
   private static String generateId() {
-    return "InterpreterGroup_" + System.currentTimeMillis() + "_" + new Random().nextInt();
+    return "InterpreterGroup_" + System.currentTimeMillis() + "_" + new SecureRandom().nextInt();
   }
 
   public String getId() {

http://git-wip-us.apache.org/repos/asf/zeppelin/blob/e998f5e0/zeppelin-interpreter/src/main/java/org/apache/zeppelin/util/IdHashes.java
----------------------------------------------------------------------
diff --git a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/util/IdHashes.java b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/util/IdHashes.java
index 14c03a1..052aaef 100644
--- a/zeppelin-interpreter/src/main/java/org/apache/zeppelin/util/IdHashes.java
+++ b/zeppelin-interpreter/src/main/java/org/apache/zeppelin/util/IdHashes.java
@@ -20,7 +20,7 @@ package org.apache.zeppelin.util;
 import java.math.BigInteger;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Random;
+import java.security.SecureRandom;
 
 /**
  * Generate Tiny ID.
@@ -71,6 +71,6 @@ public class IdHashes {
   }
 
   public static String generateId() {
-    return encode(System.currentTimeMillis() + new Random().nextInt());
+    return encode(System.currentTimeMillis() + new SecureRandom().nextInt());
   }
 }

http://git-wip-us.apache.org/repos/asf/zeppelin/blob/e998f5e0/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Paragraph.java
----------------------------------------------------------------------
diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Paragraph.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Paragraph.java
index 161dc30..68ce794 100644
--- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Paragraph.java
+++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/Paragraph.java
@@ -26,7 +26,7 @@ import java.util.LinkedHashMap;
 import java.util.LinkedList;
 import java.util.List;
 import java.util.Map;
-import java.util.Random;
+import java.security.SecureRandom;
 import java.util.Set;
 
 import org.apache.commons.lang.StringUtils;
@@ -139,8 +139,7 @@ public class Paragraph extends Job implements Cloneable, JsonSerializable {
   }
 
   private static String generateId() {
-    return "paragraph_" + System.currentTimeMillis() + "_" + new Random(System.currentTimeMillis())
-        .nextInt();
+    return "paragraph_" + System.currentTimeMillis() + "_" + new SecureRandom().nextInt();
   }
 
   public Map<String, Paragraph> getUserParagraphMap() {

http://git-wip-us.apache.org/repos/asf/zeppelin/blob/e998f5e0/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/utility/IdHashes.java
----------------------------------------------------------------------
diff --git a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/utility/IdHashes.java b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/utility/IdHashes.java
index 98aaac8..7b0d804 100644
--- a/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/utility/IdHashes.java
+++ b/zeppelin-zengine/src/main/java/org/apache/zeppelin/notebook/utility/IdHashes.java
@@ -18,9 +18,9 @@
 package org.apache.zeppelin.notebook.utility;
 
 import java.math.BigInteger;
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.List;
-import java.util.Random;
 
 /**
  * Generate Tiny ID.
@@ -71,6 +71,6 @@ public class IdHashes {
   }
 
   public static String generateId() {
-    return encode(System.currentTimeMillis() + new Random().nextInt());
+    return encode(System.currentTimeMillis() + new SecureRandom().nextInt());
   }
 }