Skip to content

Replace math/rand usage with crypto/rand #39

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Replace math/rand usage with crypto/rand #39

wants to merge 1 commit into from

Conversation

ChrisRx
Copy link

@ChrisRx ChrisRx commented Aug 28, 2020

This replaces the usage of math/rand with crypto/rand to support downstream usages of the random package that have security implications, such as the csrf middleware.

I don't see it used a lot of places, the only place outside of the csrf middleware appears to be the request_id middleware. If it makes more sense to ensure performance for non-crypographic usage of this package (which request_id middleware appears to be), I can create a second type and constructor for SecureRandom that uses the crypto/rand source, leaving the existing behavior for the Random type. Just let me know what you prefer.

@ChrisRx
Replace math/rand usage with crypto/rand
57f6fdb 
This replaces the usage of math/rand with crypto/rand to support
downstream usages of the random package that have security implications,
such as the csrf middleware.
@ChrisRx ChrisRx closed this Aug 28, 2020
@ChrisRx ChrisRx reopened this Aug 28, 2020
@codecov-commenter
Copy link

codecov-commenter commented Aug 28, 2020
edited
Loading

Codecov Report

❌ Patch coverage is 75.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 59.11%. Comparing base (4919956) to head (57f6fdb).
⚠️ Report is 11 commits behind head on master.

Files with missing lines Patch % Lines
random/random.go 75.00% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master      #39      +/-   ##
==========================================
- Coverage   59.26%   59.11%   -0.15%     
==========================================
  Files           6        6              
  Lines         518      521       +3     
==========================================
+ Hits          307      308       +1     
- Misses        208      209       +1     
- Partials        3        4       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@ChrisRx
Copy link
Author

ChrisRx commented Oct 17, 2020

I tried to make codecov happy locally, however, I think the difference it calculates in coverage is unavoidable. I think it is mistaken about the error being handled for the call to ReadByte(), because I believe the only safe thing to do should it return any error is for the program to crash. Is there anything that I need to do to help get this merged in?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@ChrisRx @codecov-commenter