Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CWE-330 | Use of Insufficiently Random Values #1830

Closed
mr-africa opened this issue Dec 8, 2021 · 3 comments
Closed

CWE-330 | Use of Insufficiently Random Values #1830

mr-africa opened this issue Dec 8, 2021 · 3 comments
Labels
enhancement New feature or request
Projects
kanban

Comments

@mr-africa
Copy link
Contributor

Hello!

My react native android app was audited by some security company. And they have found an issue in sentry-java codebase. I know it's a weird issue and it's ok to use insecure random not in cipher algorithms. But my employer require to fix these issues.

Could you change please

import java.util.Random;

to

 import java.security.SecureRandom;

in files:

https://github.com/getsentry/sentry-java/blob/main/sentry/src/main/java/io/sentry/SentryClient.java#L19

and

https://github.com/getsentry/sentry-java/blob/main/sentry/src/main/java/io/sentry/TracesSampler.java#L4
@marandaneto marandaneto added this to To do in kanban via automation Dec 8, 2021
@marandaneto marandaneto moved this from To do to In progress in kanban Dec 8, 2021
@marandaneto marandaneto moved this from In progress to To do in kanban Dec 8, 2021
@marandaneto marandaneto added enhancement New feature or request Status: Backlog and removed Status: Untriaged labels Dec 8, 2021
@marandaneto
Copy link
Contributor

@mr-africa changing does not hurt either, thanks for reporting.
would you like to submit a PR?

@mr-africa mr-africa mentioned this issue Dec 8, 2021
Merged
4 tasks
@mr-africa
Copy link
Contributor Author

@marandaneto I submitted a pull request. But I don't know how to test my changes it could you review it and test if possible.

@mr-africa mr-africa mentioned this issue Dec 9, 2021
Closed
kanban automation moved this from To do to Done Dec 15, 2021
@mr-africa
Copy link
Contributor Author

@marandaneto Can I ask one more question. When these changes will be available in sentry-react-native?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
kanban
Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mr-africa @marandaneto