diff --git a/CHANGELOG.md b/CHANGELOG.md index 24a7c9236c..9fe6a9667c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -3,6 +3,7 @@ ## Unreleased * Ref: Rename Fragment span operation from `ui.fragment.load` to `ui.load` (#1824) +* Ref: change `java.util.Random` to `java.security.SecureRandom` for possible security reasons (#1831) ## 5.4.3 diff --git a/sentry/src/main/java/io/sentry/SentryClient.java b/sentry/src/main/java/io/sentry/SentryClient.java index 615995dda4..b7fb87f490 100644 --- a/sentry/src/main/java/io/sentry/SentryClient.java +++ b/sentry/src/main/java/io/sentry/SentryClient.java @@ -9,6 +9,7 @@ import io.sentry.util.Objects; import java.io.Closeable; import java.io.IOException; +import java.security.SecureRandom; import java.util.ArrayList; import java.util.Collection; import java.util.Collections; @@ -16,7 +17,6 @@ import java.util.HashMap; import java.util.List; import java.util.Map; -import java.util.Random; import org.jetbrains.annotations.ApiStatus; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; @@ -29,7 +29,7 @@ public final class SentryClient implements ISentryClient { private final @NotNull SentryOptions options; private final @NotNull ITransport transport; - private final @Nullable Random random; + private final @Nullable SecureRandom random; private final @NotNull SortBreadcrumbsByDate sortBreadcrumbsByDate = new SortBreadcrumbsByDate(); @@ -51,7 +51,7 @@ public boolean isEnabled() { final RequestDetailsResolver requestDetailsResolver = new RequestDetailsResolver(options); transport = transportFactory.create(options, requestDetailsResolver.resolve()); - this.random = options.getSampleRate() == null ? null : new Random(); + this.random = options.getSampleRate() == null ? null : new SecureRandom(); } private boolean shouldApplyScopeData( diff --git a/sentry/src/main/java/io/sentry/TracesSampler.java b/sentry/src/main/java/io/sentry/TracesSampler.java index 4babf853e2..9f14ec9502 100644 --- a/sentry/src/main/java/io/sentry/TracesSampler.java +++ b/sentry/src/main/java/io/sentry/TracesSampler.java @@ -1,20 +1,20 @@ package io.sentry; import io.sentry.util.Objects; -import java.util.Random; +import java.security.SecureRandom; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.TestOnly; final class TracesSampler { private final @NotNull SentryOptions options; - private final @NotNull Random random; + private final @NotNull SecureRandom random; public TracesSampler(final @NotNull SentryOptions options) { - this(Objects.requireNonNull(options, "options are required"), new Random()); + this(Objects.requireNonNull(options, "options are required"), new SecureRandom()); } @TestOnly - TracesSampler(final @NotNull SentryOptions options, final @NotNull Random random) { + TracesSampler(final @NotNull SentryOptions options, final @NotNull SecureRandom random) { this.options = options; this.random = random; } diff --git a/sentry/src/test/java/io/sentry/TracesSamplerTest.kt b/sentry/src/test/java/io/sentry/TracesSamplerTest.kt index e3f1aab6df..595d853181 100644 --- a/sentry/src/test/java/io/sentry/TracesSamplerTest.kt +++ b/sentry/src/test/java/io/sentry/TracesSamplerTest.kt @@ -2,7 +2,7 @@ package io.sentry import com.nhaarman.mockitokotlin2.mock import com.nhaarman.mockitokotlin2.whenever -import java.util.Random +import java.security.SecureRandom import kotlin.test.Test import kotlin.test.assertFalse import kotlin.test.assertTrue @@ -10,7 +10,7 @@ import kotlin.test.assertTrue class TracesSamplerTest { class Fixture { internal fun getSut(randomResult: Double? = null, tracesSampleRate: Double? = null, tracesSamplerResult: Double? = Double.MIN_VALUE): TracesSampler { - val random = mock() + val random = mock() if (randomResult != null) { whenever(random.nextDouble()).thenReturn(randomResult) }