change java.util.Random to java.security.SecureRandom (#1831)

getsentry · Dec 9, 2021 · 5ce8406 · 5ce8406
1 parent 9c2110f
commit 5ce8406
Show file tree

Hide file tree

Showing 4 changed files with 10 additions and 9 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,6 +3,7 @@
 ## Unreleased
 
 * Ref: Rename Fragment span operation from `ui.fragment.load` to `ui.load` (#1824)
+* Ref: change `java.util.Random` to `java.security.SecureRandom` for possible security reasons (#1831)
 
 ## 5.4.3
 

diff --git a/sentry/src/main/java/io/sentry/SentryClient.java b/sentry/src/main/java/io/sentry/SentryClient.java
@@ -9,14 +9,14 @@
 import io.sentry.util.Objects;
 import java.io.Closeable;
 import java.io.IOException;
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Collection;
 import java.util.Collections;
 import java.util.Comparator;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-import java.util.Random;
 import org.jetbrains.annotations.ApiStatus;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.Nullable;
@@ -29,7 +29,7 @@ public final class SentryClient implements ISentryClient {
 
   private final @NotNull SentryOptions options;
   private final @NotNull ITransport transport;
-  private final @Nullable Random random;
+  private final @Nullable SecureRandom random;
 
   private final @NotNull SortBreadcrumbsByDate sortBreadcrumbsByDate = new SortBreadcrumbsByDate();
 
@@ -51,7 +51,7 @@ public boolean isEnabled() {
     final RequestDetailsResolver requestDetailsResolver = new RequestDetailsResolver(options);
     transport = transportFactory.create(options, requestDetailsResolver.resolve());
 
-    this.random = options.getSampleRate() == null ? null : new Random();
+    this.random = options.getSampleRate() == null ? null : new SecureRandom();
   }
 
   private boolean shouldApplyScopeData(

diff --git a/sentry/src/main/java/io/sentry/TracesSampler.java b/sentry/src/main/java/io/sentry/TracesSampler.java
@@ -1,20 +1,20 @@
 package io.sentry;
 
 import io.sentry.util.Objects;
-import java.util.Random;
+import java.security.SecureRandom;
 import org.jetbrains.annotations.NotNull;
 import org.jetbrains.annotations.TestOnly;
 
 final class TracesSampler {
   private final @NotNull SentryOptions options;
-  private final @NotNull Random random;
+  private final @NotNull SecureRandom random;
 
   public TracesSampler(final @NotNull SentryOptions options) {
-    this(Objects.requireNonNull(options, "options are required"), new Random());
+    this(Objects.requireNonNull(options, "options are required"), new SecureRandom());
   }
 
   @TestOnly
-  TracesSampler(final @NotNull SentryOptions options, final @NotNull Random random) {
+  TracesSampler(final @NotNull SentryOptions options, final @NotNull SecureRandom random) {
     this.options = options;
     this.random = random;
   }

diff --git a/sentry/src/test/java/io/sentry/TracesSamplerTest.kt b/sentry/src/test/java/io/sentry/TracesSamplerTest.kt
@@ -2,15 +2,15 @@ package io.sentry
 
 import com.nhaarman.mockitokotlin2.mock
 import com.nhaarman.mockitokotlin2.whenever
-import java.util.Random
+import java.security.SecureRandom
 import kotlin.test.Test
 import kotlin.test.assertFalse
 import kotlin.test.assertTrue
 
 class TracesSamplerTest {
     class Fixture {
         internal fun getSut(randomResult: Double? = null, tracesSampleRate: Double? = null, tracesSamplerResult: Double? = Double.MIN_VALUE): TracesSampler {
-            val random = mock<Random>()
+            val random = mock<SecureRandom>()
             if (randomResult != null) {
                 whenever(random.nextDouble()).thenReturn(randomResult)
             }