Use SecureRandom instead of Random for Metrics (#3495)

* Use SecureRandom instead of Random * Update changelog
getsentry · Jun 21, 2024 · 75bfb8b · 75bfb8b
1 parent 2e90ac7
commit 75bfb8b
Show file tree

Hide file tree

Showing 2 changed files with 3 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -9,6 +9,7 @@
 - Move fragment auto span finish to onFragmentStarted ([#3424](https://github.com/getsentry/sentry-java/pull/3424))
 - Remove profiling timeout logic and disable profiling on API 21 ([#3478](https://github.com/getsentry/sentry-java/pull/3478))
 - Properly reset metric flush flag on metric emission ([#3493](https://github.com/getsentry/sentry-java/pull/3493))
+- Use SecureRandom in favor of Random for Metrics ([#3495](https://github.com/getsentry/sentry-java/pull/3495))
 
 ## 7.10.0
 

diff --git a/sentry/src/main/java/io/sentry/metrics/MetricsHelper.java b/sentry/src/main/java/io/sentry/metrics/MetricsHelper.java
@@ -1,11 +1,11 @@
 package io.sentry.metrics;
 
 import io.sentry.MeasurementUnit;
+import java.security.SecureRandom;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.Random;
 import java.util.regex.Pattern;
 import org.jetbrains.annotations.ApiStatus;
 import org.jetbrains.annotations.NotNull;
@@ -27,7 +27,7 @@ public final class MetricsHelper {
   private static final char TAGS_ESCAPE_CHAR = '\\';
 
   private static long FLUSH_SHIFT_MS =
-      (long) (new Random().nextFloat() * (ROLLUP_IN_SECONDS * 1000f));
+      (long) (new SecureRandom().nextFloat() * (ROLLUP_IN_SECONDS * 1000f));
 
   public static long getTimeBucketKey(final long timestampMs) {
     final long seconds = timestampMs / 1000;