hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 17:23:36 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
ginsbach/OverlayLocalJava
codeql/ruby/ql/test/query-tests/experimental/InsecureRandomness/InsecureRandomness.rb
Maiky 35d390ad06 Add Insecure Randomness Query (CWE-338)
2023-10-21 17:23:41 +02:00

19 lines
625 B
Ruby
Raw Permalink Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

require 'securerandom'
def generate_password_1(length)
chars = ('a'..'z').to_a + ('A'..'Z').to_a + ('0'..'9').to_a + ['!', '@', '#', '$', '%']
# BAD: rand is not cryptographically secure
password = (1..length).collect { chars[rand(chars.size)] }.join
end
def generate_password_2(length)
chars = ('a'..'z').to_a + ('A'..'Z').to_a + ('0'..'9').to_a + ['!', '@', '#', '$', '%']
# GOOD: SecureRandom is cryptographically secure
password = SecureRandom.random_bytes(length).each_byte.map do |byte|
chars[byte % chars.length]
end.join
end
password = generate_password_1(10)
password = generate_password_2(10)
Reference in New Issue View Git Blame Copy Permalink