随机数Random和SecureRandom
"Random" objects should be reused
- Bug
- Critical
- Main sources
- owasp-a6
- Available SinceNov 16, 2021
- SonarAnalyzer (Java)
- Constant/issue: 5min
Creating a new Random
object each time a random value is needed is inefficient and may produce numbers which are not random depending on the JDK. For better efficiency and randomness, create a single Random
, then store, and reuse it.
The Random()
constructor tries to set the seed with a distinct value every time. However there is no guarantee that the seed will be random or even uniformly distributed. Some JDK will use the current time as seed, which makes the generated numbers not random at all.
This rule finds cases where a new Random
is created each time a method is invoked and assigned to a local random variable.
Noncompliant Code Example
public void doSomethingCommon() {
Random rand = new Random(); // Noncompliant; new instance created with each invocation
int rValue = rand.nextInt();
//...
Compliant Solution
private Random rand = SecureRandom.getInstanceStrong(); // SecureRandom is preferred to Random public void doSomethingCommon() {
int rValue = this.rand.nextInt();
//...
Exceptions
A class which uses a Random
in its constructor or in a static main
function and nowhere else will be ignored by this rule.
要修改的代码:
Random ran = new Random();
int num = ran.nextInt(99999);
修改为:
private Random rand; // SecureRandom is preferred to Random {
try {
rand = SecureRandom.getInstanceStrong();
} catch (NoSuchAlgorithmException e) {
e.printStackTrace();
}
}
int num = this.rand.nextInt(99999);
以上是sonarqube的修改建议,但是发布后遇到了阻塞问题,参考文章如下
于是,我改成了
private static final Random rand = new Random();
不再阻塞
最新文章
- PostgresSQL的安装与基本命令使用
- 转载 sql 存储过程与函数区别
- topcoder SRM 592 DIV2 LittleElephantAndBooks
- ansible quick start
- 树莓派学习:源码方式安装opencv
- Js判断CSS文件加载完毕的实例教程
- Delphi-idHttp-JSON用法
- PHP向MySql中插入数据
- python 面向对象简单理解
- C/C++基础(二)
- jquery 学习第一课之start
- 10:Hello, World!的大小
- 正确的lnamp支持SSI的方法!即支持SHTML和include调用!
- jQuery中的事件监听方式及异同点
- 【iOS】字号问题
- PS调出清新淡雅外景女生背影照
- 通过Obfuscated ssh避免时不时ssh连接不畅的问题【转】
- Mysq中的流程控制语句的用法
- python3 自学第一天,python 介绍
- 搭建FTP服务器 window7