Skip to content
This repository has been archived by the owner on Mar 8, 2023. It is now read-only.

Commit

Permalink
fix: rand int security
Browse files Browse the repository at this point in the history
  • Loading branch information
@sysatom
sysatom committed Mar 17, 2021
1 parent b6dd7a0 commit a98ab4c
Showing 1 changed file with 9 additions and 5 deletions.
14 changes: 9 additions & 5 deletions internal/pkg/utils/strings.go
View file
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
package utils

import (
cRand "crypto/rand"
"crypto/rand"
"fmt"
"io"
"math/rand"
"math/big"
"net"
"regexp"
"strings"
Expand Down Expand Up @@ -69,16 +69,20 @@ func GeneratePassword(length int, containChars string) string {
charsStrLength := len(charsStrSlice)
var password strings.Builder
for i := 0; i < length; i++ {
randNumber := rand.Intn(charsStrLength)
password.WriteByte(charsStrSlice[randNumber])
randNumber, err := rand.Int(rand.Reader, big.NewInt(int64(charsStrLength)))
if err != nil {
return ""
}

password.WriteByte(charsStrSlice[randNumber.Int64()])
}
return password.String()
}

// GenerateUUID generates a random ID for a message
func GenerateUUID() (string, error) {
uuid := make([]byte, 16)
n, err := io.ReadFull(cRand.Reader, uuid)
n, err := io.ReadFull(rand.Reader, uuid)
if n != len(uuid) || err != nil {
return "", err
}
Expand Down

0 comments on commit a98ab4c

Please sign in to comment.