[roller] branch master updated: Fixed: sonarqube issue - 'Random' objects should be reused Creating a new Random object each time a random value is needed is inefficient and may produce numbers which are not random depending on the JDK. For better efficiency and randomness, create a single Random, then store, and reuse it.

[adityasharma]

This is an automated email from the ASF dual-hosted git repository.

adityasharma pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/roller.git


The following commit(s) were added to refs/heads/master by this push:
     new 2d4fc5a  Fixed: sonarqube issue - 'Random' objects should be reused 
Creating a new Random object each time a random value is needed is inefficient 
and may produce numbers which are not random depending on the JDK. For better 
efficiency and randomness, create a single Random, then store, and reuse it.
2d4fc5a is described below

commit 2d4fc5a6f1b6d585629ca8e78307d82bbda18412
Author: Aditya Sharma <adityasha...@apache.org>
AuthorDate: Tue Jan 5 17:12:19 2021 +0530

    Fixed: sonarqube issue - 'Random' objects should be reused
    Creating a new Random object each time a random value is needed is 
inefficient and may produce numbers which are not random depending on the JDK. 
For better efficiency and randomness, create a single Random, then store, and 
reuse it.
    
    The Random() constructor tries to set the seed with a distinct value every 
time. However there is no guarantee that the seed will be random or even 
uniformly distributed. Some JDK will use the current time as seed, which makes 
the generated numbers not random at all.
    
    This rule finds cases where a new Random is created each time a method is 
invoked and assigned to a local random variable.
---
 .../plugins/comments/MathCommentAuthenticator.java | 36 +++++++++++-----------
 1 file changed, 18 insertions(+), 18 deletions(-)

diff --git 
a/app/src/main/java/org/apache/roller/weblogger/ui/rendering/plugins/comments/MathCommentAuthenticator.java
 
b/app/src/main/java/org/apache/roller/weblogger/ui/rendering/plugins/comments/MathCommentAuthenticator.java
index 8f37859..933363f 100644
--- 
a/app/src/main/java/org/apache/roller/weblogger/ui/rendering/plugins/comments/MathCommentAuthenticator.java
+++ 
b/app/src/main/java/org/apache/roller/weblogger/ui/rendering/plugins/comments/MathCommentAuthenticator.java
@@ -20,6 +20,7 @@ package 
org.apache.roller.weblogger.ui.rendering.plugins.comments;
 
 import java.util.Locale;
 import java.util.Random;
+import java.security.SecureRandom;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 import org.apache.commons.logging.Log;
@@ -31,20 +32,19 @@ import org.apache.roller.weblogger.util.I18nMessages;
  * Asks the commenter to answer a simple math question.
  */
 public class MathCommentAuthenticator implements CommentAuthenticator {
-    
+    private Random ran = new SecureRandom();
     private static Log mLogger = 
LogFactory.getLog(MathCommentAuthenticator.class);
-    
-    
+
+
     public String getHtml(HttpServletRequest request) {
-        
+
         int answer = 0;
-        
+
         HttpSession session = request.getSession(true);
         if (session.getAttribute("mathAnswer") == null) {
             // starting a new test
-            Random ran = new Random();
-            int value1 = ran.nextInt(10);
-            int value2 = ran.nextInt(100);
+            int value1 = this.ran.nextInt(10);
+            int value2 = this.ran.nextInt(100);
             int sum = value1 + value2;
             session.setAttribute("mathValue1", value1);
             session.setAttribute("mathValue2", value2);
@@ -64,7 +64,7 @@ public class MathCommentAuthenticator implements 
CommentAuthenticator {
         Locale locale = CommentAuthenticatorUtils.getLocale(request);
         I18nMessages messages = I18nMessages.getMessages(locale);
         StringBuilder sb = new StringBuilder();
-        
+
         sb.append("<p>");
         sb.append(messages.getString("comments.mathAuthenticatorQuestion"));
         sb.append("</p><p>");
@@ -75,23 +75,23 @@ public class MathCommentAuthenticator implements 
CommentAuthenticator {
         sb.append("<input name=\"answer\" value=\"");
         sb.append(answer);
         sb.append("\" /></p>");
-        
+
         return sb.toString();
     }
-    
-    
+
+
     public boolean authenticate(HttpServletRequest request) {
-        
+
         boolean authentic = false;
-        
+
         HttpSession session = request.getSession(false);
         String answerString = request.getParameter("answer");
-        
+
         if (answerString != null && session != null) {
             try {
                 int answer = Integer.parseInt(answerString);
                 Integer sum = (Integer) session.getAttribute("mathAnswer");
-                
+
                 if (sum != null && answer == sum) {
                     authentic = true;
                     session.removeAttribute("mathAnswer");
@@ -105,9 +105,9 @@ public class MathCommentAuthenticator implements 
CommentAuthenticator {
                 mLogger.error(e);
             }
         }
-        
+
         return authentic;
     }
-    
+
 }