From 9a3ff113300c1b324b750a5194a82e26ccf40a95 Mon Sep 17 00:00:00 2001 From: Wang Yan Date: Tue, 16 Nov 2021 17:35:06 +0800 Subject: [PATCH] fix go check issues G404: Replace math rand with crypto rand Signed-off-by: Wang Yan --- contrib/token-server/main.go | 12 ++++++++++-- registry/handlers/app.go | 16 +++++++++++----- 2 files changed, 21 insertions(+), 7 deletions(-) diff --git a/contrib/token-server/main.go b/contrib/token-server/main.go index 8f9029eae..ef699c7f2 100644 --- a/contrib/token-server/main.go +++ b/contrib/token-server/main.go @@ -2,9 +2,10 @@ package main import ( "context" + "crypto/rand" "encoding/json" "flag" - "math/rand" + "math/big" "net/http" "strconv" "strings" @@ -141,8 +142,15 @@ const refreshTokenLength = 15 func newRefreshToken() string { s := make([]rune, refreshTokenLength) + max := int64(len(refreshCharacters)) for i := range s { - s[i] = refreshCharacters[rand.Intn(len(refreshCharacters))] + randInt, err := rand.Int(rand.Reader, big.NewInt(max)) + // let '0' serves the failure case + if err != nil { + logrus.Infof("Error on making refersh token: %v", err) + randInt = big.NewInt(0) + } + s[i] = refreshCharacters[randInt.Int64()] } return string(s) } diff --git a/registry/handlers/app.go b/registry/handlers/app.go index b9fbf3da9..8a30bd4de 100644 --- a/registry/handlers/app.go +++ b/registry/handlers/app.go @@ -2,10 +2,11 @@ package handlers import ( "context" - cryptorand "crypto/rand" + "crypto/rand" "expvar" "fmt" - "math/rand" + "math" + "math/big" "net" "net/http" "net/url" @@ -610,7 +611,7 @@ func (app *App) configureLogHook(configuration *configuration.Configuration) { func (app *App) configureSecret(configuration *configuration.Configuration) { if configuration.HTTP.Secret == "" { var secretBytes [randomSecretSize]byte - if _, err := cryptorand.Read(secretBytes[:]); err != nil { + if _, err := rand.Read(secretBytes[:]); err != nil { panic(fmt.Sprintf("could not generate random bytes for HTTP secret: %v", err)) } configuration.HTTP.Secret = string(secretBytes[:]) @@ -1060,8 +1061,13 @@ func startUploadPurger(ctx context.Context, storageDriver storagedriver.StorageD } go func() { - rand.Seed(time.Now().Unix()) - jitter := time.Duration(rand.Int()%60) * time.Minute + randInt, err := rand.Int(rand.Reader, new(big.Int).SetInt64(math.MaxInt64)) + if err != nil { + log.Infof("Failed to generate random jitter: %v", err) + // sleep 30min for failure case + randInt = big.NewInt(30) + } + jitter := time.Duration(randInt.Int64()%60) * time.Minute log.Infof("Starting upload purge in %s", jitter) time.Sleep(jitter)