changing Math.random to SecureRandom

Janix520 · Dec 11, 2016 · a1fc7e7 · a1fc7e7
1 parent 4365c8f
commit a1fc7e7
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/src/main/java/com/gitblit/models/UserModel.java b/src/main/java/com/gitblit/models/UserModel.java
@@ -17,6 +17,7 @@
 
 import java.io.Serializable;
 import java.security.Principal;
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
@@ -662,6 +663,9 @@ public boolean isMyPersonalRepository(String repository) {
 	}
 
 	public String createCookie() {
-		return StringUtils.getSHA1(String.valueOf(Math.random()));
+		SecureRandom random = new SecureRandom();
+		byte[] values = new byte[20];
+		random.nextBytes(values);
+		return StringUtils.getSHA1(String.valueOf(values));
 	}
 }