Skip to content

Reuse SecureRandom instances across benchmark test classes#62

Open
sonarqube-agent[bot] wants to merge 1 commit into
masterfrom
remediate-master-20260703-180114-019635f6
Open

Reuse SecureRandom instances across benchmark test classes#62
sonarqube-agent[bot] wants to merge 1 commit into
masterfrom
remediate-master-20260703-180114-019635f6

Conversation

@sonarqube-agent

Copy link
Copy Markdown

This PR was automatically created by the Remediation Agent's Scheduled backlog remediation feature.

Why these issues? All five issues are CRITICAL violations of the java:S2119 rule (Save and re-use this Random), representing a coherent group with identical fixes across five benchmark test classes. These changes are low-risk, localized refactorings that directly address a high-impact performance and security concern.

Fixed 5 CRITICAL SonarQube issues where SecureRandom objects were being instantiated on every method invocation instead of being reused. By converting these to class-level fields, the code is now more efficient and produces better randomness as recommended by the java:S2119 rule.

View Project in SonarCloud


Fixed Issues

java:S2119 - Save and re-use this "Random". • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00257.java:63

Why is this an issue?

Creating a new Random object each time a random value is needed is inefficient and may produce numbers that are not random, depending on the JDK. For better efficiency and randomness, create a single Random, store it, and reuse it.

What changed

This hunk adds a private static final SecureRandom field at the class level, so that a single SecureRandom instance is created once and reused across all method invocations. This directly addresses the issue at line 63 of BenchmarkTest00257.java where a new SecureRandom object was being created each time the method was called. By defining the Random instance as a class-level field, it is saved and reused, which is more efficient and produces better randomness.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00257.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00257.java
@@ -30,0 +31,1 @@ public class BenchmarkTest00257 extends HttpServlet {
+    private static final java.security.SecureRandom random = new java.security.SecureRandom();
java:S2119 - Save and re-use this "Random". • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00776.java:90

Why is this an issue?

Creating a new Random object each time a random value is needed is inefficient and may produce numbers that are not random, depending on the JDK. For better efficiency and randomness, create a single Random, store it, and reuse it.

What changed

This hunk adds a private instance field random of type java.security.SecureRandom to the class BenchmarkTest00776. This moves the SecureRandom instantiation from inside a method (where it was created on every invocation) to a class-level field, so it is created once and reused. This directly addresses the issue about saving and reusing a Random object instead of creating a new one each time a method is invoked, which is inefficient and may produce non-random numbers.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00776.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest00776.java
@@ -31,0 +32,2 @@ public class BenchmarkTest00776 extends HttpServlet {
+    private java.security.SecureRandom random = new java.security.SecureRandom();
+
java:S2119 - Save and re-use this "Random". • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01976.java:74

Why is this an issue?

Creating a new Random object each time a random value is needed is inefficient and may produce numbers that are not random, depending on the JDK. For better efficiency and randomness, create a single Random, store it, and reuse it.

What changed

This hunk adds a private static final SecureRandom field at the class level in BenchmarkTest01976.java, so that a single SecureRandom instance is created once and reused across all method invocations. This directly addresses the bug where a new SecureRandom was being instantiated each time the method was called, which is inefficient and may produce less random values depending on the JDK.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01976.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest01976.java
@@ -30,0 +31,1 @@ public class BenchmarkTest01976 extends HttpServlet {
+    private static final java.security.SecureRandom random = new java.security.SecureRandom();
java:S2119 - Save and re-use this "Random". • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02017.java:62

Why is this an issue?

Creating a new Random object each time a random value is needed is inefficient and may produce numbers that are not random, depending on the JDK. For better efficiency and randomness, create a single Random, store it, and reuse it.

What changed

This hunk adds a private static final SecureRandom field at the class level, so that a single Random instance is created once and reused across all method invocations. This directly addresses the bug where a new SecureRandom was being instantiated each time the method was called (at line 62), which is inefficient and may produce less random values depending on the JDK. By defining the Random object as a class-level field, it is saved and reused as recommended.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02017.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02017.java
@@ -30,0 +31,1 @@ public class BenchmarkTest02017 extends HttpServlet {
+    private static final java.security.SecureRandom random = new java.security.SecureRandom();
java:S2119 - Save and re-use this "Random". • CRITICALView issue

Location: src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02191.java:63

Why is this an issue?

Creating a new Random object each time a random value is needed is inefficient and may produce numbers that are not random, depending on the JDK. For better efficiency and randomness, create a single Random, store it, and reuse it.

What changed

This hunk adds a private instance field random of type java.security.SecureRandom to the class BenchmarkTest02191. Instead of creating a new SecureRandom object each time a method is invoked, the random instance is now created once at the class level and reused, fixing the 'Save and re-use this Random' warning about inefficiency and potential randomness issues caused by instantiating a new Random on every method call.

--- a/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02191.java
+++ b/src/main/java/org/owasp/benchmark/testcode/BenchmarkTest02191.java
@@ -30,0 +31,1 @@ public class BenchmarkTest02191 extends HttpServlet {
+    private java.security.SecureRandom random = new java.security.SecureRandom();

Have a suggestion or found an issue? Share your feedback here.


SonarQube Remediation Agent uses AI. Check for mistakes.

Fixed issues:
- AZ3eW0LoPF-XYsB0KnQY for java:S2119 rule
- AZ3eW0mIPF-XYsB0KnW4 for java:S2119 rule
- AZ3eW0-DPF-XYsB0KndO for java:S2119 rule
- AZ3eW0NXPF-XYsB0KnQy for java:S2119 rule
- AZ3eW0NDPF-XYsB0KnQs for java:S2119 rule

Generated by SonarQube Agent (task: 1b0ca324-eef7-4064-9e90-0299376435fb)
@sonarqube-agent

Copy link
Copy Markdown
Author

⚠️ This repository does not have a CODEOWNERS file. The PR has been created but has not been automatically assigned to any reviewer. To ensure PRs are reviewed promptly, consider adding a CODEOWNERS file to your repository.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant