ee3a611ce2
## Review A dedicated reviewer checked the rule description successfully for: - [x] logical errors and incorrect information - [x] information gaps and missing content - [x] text style and tone - [x] PR summary and labels follow [the guidelines](https://github.com/SonarSource/rspec/#to-modify-an-existing-rule)
37 lines
900 B
Plaintext
37 lines
900 B
Plaintext
== How to fix it in Java SE
|
|
|
|
=== Code examples
|
|
The following code uses a cryptographically strong random number generator to generate data that is not cryptographically strong.
|
|
|
|
==== Noncompliant code example
|
|
|
|
[source,java,diff-id=1,diff-type=noncompliant]
|
|
----
|
|
SecureRandom sr = new SecureRandom();
|
|
sr.setSeed(123456L); // Noncompliant
|
|
int v = sr.next(32);
|
|
----
|
|
|
|
[source,java,diff-id=2,diff-type=noncompliant]
|
|
----
|
|
SecureRandom sr = new SecureRandom("abcdefghijklmnop".getBytes("us-ascii")); // Noncompliant
|
|
int v = sr.next(32);
|
|
----
|
|
|
|
==== Compliant solution
|
|
|
|
[source,java,diff-id=1,diff-type=compliant]
|
|
----
|
|
SecureRandom sr = new SecureRandom();
|
|
int v = sr.next(32);
|
|
----
|
|
|
|
This solution is available for JDK 1.8 and higher.
|
|
[source,java,diff-id=2,diff-type=compliant]
|
|
----
|
|
SecureRandom sr = SecureRandom.getInstanceStrong();
|
|
int v = sr.next(32);
|
|
----
|
|
|
|
include::../../common/how-does-it-work.adoc[]
|