🐧🐛🔏 Issue #2209: Use of an insecure Random Number Generator

phonegap · Feb 20, 2018 · e3a6417 · e3a6417
1 parent 58e8759
commit e3a6417
Showing 1 changed file with 8 additions and 6 deletions.
diff --git a/src/android/com/adobe/phonegap/push/FCMService.java b/src/android/com/adobe/phonegap/push/FCMService.java
@@ -46,7 +46,7 @@
 import java.util.Iterator;
 import java.util.List;
 import java.util.Map;
-import java.util.Random;
+import java.security.SecureRandom;
 
 @SuppressLint("NewApi")
 public class FCMService extends FirebaseMessagingService implements PushConstants {
@@ -252,8 +252,7 @@ private Bundle normalizeExtras(Context context, Bundle extras, String messageKey
 
                 newExtras.putString(jsonKey, value);
               }
-            }
-            else if (data.has(LOC_KEY) || data.has(LOC_DATA)) {
+            } else if (data.has(LOC_KEY) || data.has(LOC_DATA)) {
               String newKey = normalizeKey(key, messageKey, titleKey);
               Log.d(LOG_TAG, "replace key " + key + " with " + newKey);
               replaceKey(context, key, newKey, extras, newExtras);
@@ -369,7 +368,8 @@ public void createNotification(Context context, Bundle extras) {
     notificationIntent.putExtra(PUSH_BUNDLE, extras);
     notificationIntent.putExtra(NOT_ID, notId);
 
-    int requestCode = new Random().nextInt();
+    SecureRandom random = new SecureRandom();
+    int requestCode = random.nextInt();
     PendingIntent contentIntent = PendingIntent.getActivity(this, requestCode, notificationIntent,
         PendingIntent.FLAG_UPDATE_CURRENT);
 
@@ -379,7 +379,7 @@ public void createNotification(Context context, Bundle extras) {
     dismissedNotificationIntent.putExtra(DISMISSED, true);
     dismissedNotificationIntent.setAction(PUSH_DISMISSED);
 
-    requestCode = new Random().nextInt();
+    requestCode = random.nextInt();
     PendingIntent deleteIntent = PendingIntent.getBroadcast(this, requestCode, dismissedNotificationIntent,
         PendingIntent.FLAG_CANCEL_CURRENT);
 
@@ -527,7 +527,7 @@ private void createActions(Bundle extras, NotificationCompat.Builder mBuilder, R
         for (int i = 0; i < actionsArray.length(); i++) {
           int min = 1;
           int max = 2000000000;
-          Random random = new Random();
+          SecureRandom random = new SecureRandom();
           int uniquePendingIntentRequestCode = random.nextInt((max - min) + 1) + min;
           Log.d(LOG_TAG, "adding action");
           JSONObject action = actionsArray.getJSONObject(i);
@@ -934,6 +934,8 @@ private boolean isAvailableSender(String from) {
         Context.MODE_PRIVATE);
     String savedSenderID = sharedPref.getString(SENDER_ID, "");
 
+    Log.d(LOG_TAG, "sender id = " + savedSenderID);
+
     return from.equals(savedSenderID) || from.startsWith("/topics/");
   }
 }