This is an automated email from the ASF dual-hosted git repository.
abeizn pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/incubator-devlake.git
The following commit(s) were added to refs/heads/main by this push:
new 8ecf6078c refactor: use crypto/rand (#5131)
8ecf6078c is described below
commit 8ecf6078cbb778555f204560ade0e81805e8504b
Author: Liang Zhang <[email protected]>
AuthorDate: Tue May 9 16:14:09 2023 +0800
refactor: use crypto/rand (#5131)
---
backend/core/plugin/plugin_utils.go | 2 +-
backend/core/plugin/plugin_utils_test.go | 4 +-
backend/core/utils/strings.go | 27 ++++++----
.../plugin_utils_test.go => utils/strings_test.go} | 62 ++++++++++------------
backend/plugins/ae/models/connection.go | 5 +-
backend/server/main.go | 9 +++-
backend/server/services/notification.go | 5 +-
backend/test/helper/client.go | 8 ++-
8 files changed, 69 insertions(+), 53 deletions(-)
diff --git a/backend/core/plugin/plugin_utils.go
b/backend/core/plugin/plugin_utils.go
index 275b8681c..02f08df4d 100644
--- a/backend/core/plugin/plugin_utils.go
+++ b/backend/core/plugin/plugin_utils.go
@@ -140,6 +140,6 @@ func AesDecrypt(crypted, key []byte) ([]byte, errors.Error)
{
}
// RandomEncKey will return a random string of length 128
-func RandomEncKey() string {
+func RandomEncKey() (string, errors.Error) {
return utils.RandLetterBytes(128)
}
diff --git a/backend/core/plugin/plugin_utils_test.go
b/backend/core/plugin/plugin_utils_test.go
index 13ec027a9..dc2c86ec9 100644
--- a/backend/core/plugin/plugin_utils_test.go
+++ b/backend/core/plugin/plugin_utils_test.go
@@ -30,7 +30,7 @@ func TestEncodeAndDecode(t *testing.T) {
var TestEncode string
var TestDecode string
- encKey := RandomEncKey()
+ encKey, _ := RandomEncKey()
// encryption test
TestEncode, err = Encrypt(encKey, TestStr)
assert.Empty(t, err)
@@ -44,7 +44,7 @@ func TestEncodeAndDecode(t *testing.T) {
}
func TestEncode(t *testing.T) {
- encKey := RandomEncKey()
+ encKey, _ := RandomEncKey()
type args struct {
Input string
}
diff --git a/backend/core/utils/strings.go b/backend/core/utils/strings.go
index 71cb6e53c..ec0805ffa 100644
--- a/backend/core/utils/strings.go
+++ b/backend/core/utils/strings.go
@@ -18,8 +18,9 @@ limitations under the License.
package utils
import (
- "math/rand"
- "time"
+ "crypto/rand"
+ "github.com/apache/incubator-devlake/core/errors"
+ "math/big"
)
const letterBytes =
"abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789"
@@ -47,12 +48,20 @@ func StringsContains(slice []string, target string) bool {
return false
}
-// RandLetterBytes returns a string with given length n
-func RandLetterBytes(n int) string {
- r := rand.New(rand.NewSource(time.Now().Unix()))
- b := make([]byte, n)
- for i := range b {
- b[i] = letterBytes[r.Intn(len(letterBytes))]
+// RandLetterBytes returns a cryptographically secure random string with given
length n
+func RandLetterBytes(n int) (string, errors.Error) {
+ if n < 0 {
+ return "", errors.Default.New("n must be greater than 0")
}
- return string(b)
+ ret := make([]byte, n)
+ bi := big.NewInt(int64(len(letterBytes)))
+ for i := 0; i < n; i++ {
+ num, err := rand.Int(rand.Reader, bi)
+ if err != nil {
+ return "", errors.Convert(err)
+ }
+ ret[i] = letterBytes[num.Int64()]
+ }
+
+ return string(ret), nil
}
diff --git a/backend/core/plugin/plugin_utils_test.go
b/backend/core/utils/strings_test.go
similarity index 54%
copy from backend/core/plugin/plugin_utils_test.go
copy to backend/core/utils/strings_test.go
index 13ec027a9..f6764a43a 100644
--- a/backend/core/plugin/plugin_utils_test.go
+++ b/backend/core/utils/strings_test.go
@@ -15,58 +15,50 @@ See the License for the specific language governing
permissions and
limitations under the License.
*/
-package plugin
+package utils
import (
"testing"
+ "github.com/apache/incubator-devlake/core/errors"
"github.com/stretchr/testify/assert"
)
-func TestEncodeAndDecode(t *testing.T) {
- TestStr := "The string for testing"
- var err error
-
- var TestEncode string
- var TestDecode string
-
- encKey := RandomEncKey()
- // encryption test
- TestEncode, err = Encrypt(encKey, TestStr)
- assert.Empty(t, err)
-
- // decrypt test
- TestDecode, err = Decrypt(encKey, TestEncode)
- assert.Empty(t, err)
-
- // Verify decryption result
- assert.Equal(t, string(TestDecode), TestStr)
-}
-
-func TestEncode(t *testing.T) {
- encKey := RandomEncKey()
+func TestRandLetterBytes(t *testing.T) {
type args struct {
- Input string
+ n int
}
tests := []struct {
- name string
- args args
- wantErr bool
+ name string
+ args args
+ want1 errors.Error
}{
{
- "",
-
args{"bGlhbmcuemhhbmdAbWVyaWNvLmRldjprYUU2eWpNY1VYV2FCNUhIS3BGRkQ1RTg="},
- false,
+ "test1",
+ args{0},
+ nil,
+ },
+ {
+ "test1",
+ args{-1},
+ errors.Default.New("n must be greater than 0"),
+ },
+ {
+ "test2",
+ args{10},
+ nil,
+ },
+ {
+ "test3",
+ args{128},
+ nil,
},
}
for _, tt := range tests {
t.Run(tt.name, func(t *testing.T) {
- got, err := Encrypt(encKey, tt.args.Input)
- if (err != nil) != tt.wantErr {
- t.Errorf("Encode() error = %v, wantErr %v",
err, tt.wantErr)
- return
- }
+ got, got1 := RandLetterBytes(tt.args.n)
t.Log(got)
+ assert.Equalf(t, tt.want1, got1, "RandLetterBytes(%v)",
tt.args.n)
})
}
}
diff --git a/backend/plugins/ae/models/connection.go
b/backend/plugins/ae/models/connection.go
index f9ee3ea93..7196d4fee 100644
--- a/backend/plugins/ae/models/connection.go
+++ b/backend/plugins/ae/models/connection.go
@@ -36,7 +36,10 @@ type AeAppKey helper.AppKey
// SetupAuthentication sets up the HTTP Request Authentication
func (aak *AeAppKey) SetupAuthentication(req *http.Request) errors.Error {
- nonceStr := utils.RandLetterBytes(8)
+ nonceStr, err := utils.RandLetterBytes(8)
+ if err != nil {
+ return err
+ }
timestamp := fmt.Sprintf("%v", time.Now().Unix())
sign := signRequest(req.URL.Query(), aak.AppId, aak.SecretKey,
nonceStr, timestamp)
req.Header.Set("x-ae-app-id", aak.AppId)
diff --git a/backend/server/main.go b/backend/server/main.go
index 6a9148b36..89b810ac1 100644
--- a/backend/server/main.go
+++ b/backend/server/main.go
@@ -19,6 +19,7 @@ package main
import (
"github.com/apache/incubator-devlake/core/config"
+ "github.com/apache/incubator-devlake/core/errors"
"github.com/apache/incubator-devlake/core/plugin"
_ "github.com/apache/incubator-devlake/core/version"
"github.com/apache/incubator-devlake/server/api"
@@ -28,10 +29,14 @@ func main() {
v := config.GetConfig()
encKey := v.GetString(plugin.EncodeKeyEnvStr)
if encKey == "" {
+ var err errors.Error
// Randomly generate a bunch of encryption keys and set them to
config
- encKey = plugin.RandomEncKey()
+ encKey, err = plugin.RandomEncKey()
+ if err != nil {
+ panic(err)
+ }
v.Set(plugin.EncodeKeyEnvStr, encKey)
- err := config.WriteConfig(v)
+ err = config.WriteConfig(v)
if err != nil {
panic(err)
}
diff --git a/backend/server/services/notification.go
b/backend/server/services/notification.go
index 186ac0124..854a78e53 100644
--- a/backend/server/services/notification.go
+++ b/backend/server/services/notification.go
@@ -71,7 +71,10 @@ func (n *NotificationService)
sendNotification(notificationType models.Notificat
notification.Data = string(dataJson)
notification.Type = notificationType
notification.Endpoint = n.EndPoint
- nonce := utils.RandLetterBytes(16)
+ nonce, err1 := utils.RandLetterBytes(16)
+ if err1 != nil {
+ return err1
+ }
notification.Nonce = nonce
err = db.Create(¬ification)
diff --git a/backend/test/helper/client.go b/backend/test/helper/client.go
index 7f7926d4a..1cb7ffce1 100644
--- a/backend/test/helper/client.go
+++ b/backend/test/helper/client.go
@@ -217,10 +217,14 @@ func (d *DevlakeClient) configureEncryption() {
v := config.GetConfig()
encKey := v.GetString(plugin.EncodeKeyEnvStr)
if encKey == "" {
+ var err errors.Error
// Randomly generate a bunch of encryption keys and set them to
config
- encKey = plugin.RandomEncKey()
+ encKey, err = plugin.RandomEncKey()
+ if err != nil {
+ panic(err)
+ }
v.Set(plugin.EncodeKeyEnvStr, encKey)
- err := config.WriteConfig(v)
+ err = config.WriteConfig(v)
if err != nil {
panic(err)
}
