-
Notifications
You must be signed in to change notification settings - Fork 28k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[SPARK-42922][SQL] Move from Random to SecureRandom #40568
Conversation
+CC @srowen |
I think it's fine. These do look like better usages of RNGs. Let's see what tests say. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1, LGTM (if this is all).
Shall we prevent the future regression by adding some Checkstyle or Scalastyle rule? We can do that separately as a new JIRA.
According to the |
### What changes were proposed in this pull request? Most uses of `Random` in spark are either in testcases or where we need a pseudo random number which is repeatable. Use `SecureRandom`, instead of `Random` for the cases where it impacts security. ### Why are the changes needed? Use of `SecureRandom` in more security sensitive contexts. This was flagged in our internal scans as well. ### Does this PR introduce _any_ user-facing change? Directly no. Would improve security posture of Apache Spark. ### How was this patch tested? Existing unit tests Closes #40568 from mridulm/SPARK-42922. Authored-by: Mridul Muralidharan <mridulatgmail.com> Signed-off-by: Sean Owen <srowen@gmail.com> (cherry picked from commit 7444343) Signed-off-by: Sean Owen <srowen@gmail.com>
### What changes were proposed in this pull request? Most uses of `Random` in spark are either in testcases or where we need a pseudo random number which is repeatable. Use `SecureRandom`, instead of `Random` for the cases where it impacts security. ### Why are the changes needed? Use of `SecureRandom` in more security sensitive contexts. This was flagged in our internal scans as well. ### Does this PR introduce _any_ user-facing change? Directly no. Would improve security posture of Apache Spark. ### How was this patch tested? Existing unit tests Closes #40568 from mridulm/SPARK-42922. Authored-by: Mridul Muralidharan <mridulatgmail.com> Signed-off-by: Sean Owen <srowen@gmail.com> (cherry picked from commit 7444343) Signed-off-by: Sean Owen <srowen@gmail.com>
Merged to master/3.4/3.3 |
Thanks for the reviews everyone ! |
late LGTM |
### What changes were proposed in this pull request? Most uses of `Random` in spark are either in testcases or where we need a pseudo random number which is repeatable. Use `SecureRandom`, instead of `Random` for the cases where it impacts security. ### Why are the changes needed? Use of `SecureRandom` in more security sensitive contexts. This was flagged in our internal scans as well. ### Does this PR introduce _any_ user-facing change? Directly no. Would improve security posture of Apache Spark. ### How was this patch tested? Existing unit tests Closes apache#40568 from mridulm/SPARK-42922. Authored-by: Mridul Muralidharan <mridulatgmail.com> Signed-off-by: Sean Owen <srowen@gmail.com> (cherry picked from commit 7444343) Signed-off-by: Sean Owen <srowen@gmail.com>
What changes were proposed in this pull request?
Most uses of
Random
in spark are either in testcases or where we need a pseudo random number which is repeatable.Use
SecureRandom
, instead ofRandom
for the cases where it impacts security.Why are the changes needed?
Use of
SecureRandom
in more security sensitive contexts.This was flagged in our internal scans as well.
Does this PR introduce any user-facing change?
Directly no.
Would improve security posture of Apache Spark.
How was this patch tested?
Existing unit tests