Introduced protections against predictable RNG abuse

nipundev · Sep 3, 2024 · 97d8c5d · 97d8c5d
1 parent 5a4b5fa
commit 97d8c5d
Show file tree

Hide file tree

Showing 5 changed files with 10 additions and 5 deletions.
diff --git a/...nternal/src/main/java/org/elasticsearch/gradle/internal/util/ports/ReservedPortRange.java b/...nternal/src/main/java/org/elasticsearch/gradle/internal/util/ports/ReservedPortRange.java
@@ -8,6 +8,7 @@
 
 package org.elasticsearch.gradle.internal.util.ports;
 
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
@@ -28,7 +29,7 @@ public class ReservedPortRange {
     public ReservedPortRange(int startPort, int endPort) {
         this.startPort = startPort;
         this.endPort = endPort;
-        current = startPort + new Random().nextInt(endPort - startPort);
+        current = startPort + new SecureRandom().nextInt(endPort - startPort);
     }
 
     public List<Integer> getAllocated() {

diff --git a/libs/tdigest/src/main/java/org/elasticsearch/tdigest/AVLTreeDigest.java b/libs/tdigest/src/main/java/org/elasticsearch/tdigest/AVLTreeDigest.java
@@ -21,6 +21,7 @@
 
 package org.elasticsearch.tdigest;
 
+import java.security.SecureRandom;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Iterator;
@@ -29,7 +30,7 @@
 import static org.elasticsearch.tdigest.IntAVLTree.NIL;
 
 public class AVLTreeDigest extends AbstractTDigest {
-    final Random gen = new Random();
+    final Random gen = new SecureRandom();
     private final double compression;
     private AVLGroupTree summary;
 

diff --git a/libs/tdigest/src/main/java/org/elasticsearch/tdigest/Sort.java b/libs/tdigest/src/main/java/org/elasticsearch/tdigest/Sort.java
@@ -21,14 +21,15 @@
 
 package org.elasticsearch.tdigest;
 
+import java.security.SecureRandom;
 import java.util.Arrays;
 import java.util.Random;
 
 /**
  * Static sorting methods
  */
 public class Sort {
-    private static final Random prng = new Random(); // for choosing pivots during quicksort
+    private static final Random prng = new SecureRandom(); // for choosing pivots during quicksort
 
     /**
      * Single-key stabilized quick sort on using an index array

diff --git a/...earch/xpack/sql/expression/function/scalar/datetime/DateFormatRandomDatasetGenerator.java b/...earch/xpack/sql/expression/function/scalar/datetime/DateFormatRandomDatasetGenerator.java
@@ -8,6 +8,7 @@
 package org.elasticsearch.xpack.sql.expression.function.scalar.datetime;
 
 import com.carrotsearch.randomizedtesting.generators.RandomNumbers;
+import java.security.SecureRandom;
 
 import org.elasticsearch.core.PathUtils;
 import org.elasticsearch.core.SuppressForbidden;
@@ -51,7 +52,7 @@ private static class TestRecord {
 
     @SuppressForbidden(reason = "It is ok to use Random outside of an actual test")
     private static Random rnd() {
-        return new Random();
+        return new SecureRandom();
     }
 
     public static void main(String[] args) throws IOException {

diff --git a/...ava/org/elasticsearch/xpack/sql/expression/function/scalar/datetime/ToCharTestScript.java b/...ava/org/elasticsearch/xpack/sql/expression/function/scalar/datetime/ToCharTestScript.java
@@ -8,6 +8,7 @@
 package org.elasticsearch.xpack.sql.expression.function.scalar.datetime;
 
 import com.carrotsearch.randomizedtesting.generators.RandomNumbers;
+import java.security.SecureRandom;
 
 import org.elasticsearch.common.util.set.Sets;
 import org.elasticsearch.core.PathUtils;
@@ -241,7 +242,7 @@ private String unitTestExporterScript() {
 
     @SuppressForbidden(reason = "It is ok to use Random outside of an actual test")
     private static Random rnd() {
-        return new Random();
+        return new SecureRandom();
     }
 
     public static void main(String[] args) throws Exception {