Use secure random generator. (#5941)

kitodo · Feb 23, 2024 · 2969b18 · 2969b18
1 parent 4fa7db4
commit 2969b18
Showing 1 changed file with 18 additions and 1 deletion.
diff --git a/Kitodo/src/test/java/org/kitodo/selenium/testframework/generators/UserGenerator.java b/Kitodo/src/test/java/org/kitodo/selenium/testframework/generators/UserGenerator.java
@@ -11,11 +11,20 @@
 
 package org.kitodo.selenium.testframework.generators;
 
+import java.security.SecureRandom;
+
 import org.apache.commons.lang3.RandomStringUtils;
 import org.kitodo.data.database.beans.User;
 
 public class UserGenerator {
 
+    private static final SecureRandom secureRandom = new SecureRandom();
+
+    /**
+     * Create user with random name, surname, login and password.
+     *
+     * @return Created user.
+     */
     public static User generateUser() {
         String suffix = generateRandomString(5);
 
@@ -30,7 +39,15 @@ public static User generateUser() {
         return user;
     }
 
+    /**
+     * Create a random string with a defined length.
+     *
+     * @param length How long the to be created string should be
+     * @return Created string with random values.
+     */
     private static String generateRandomString(int length) {
-        return RandomStringUtils.random(length, true, true);
+        // RandomStringUtils is using a non-secure random generator by default
+        // call random method with all parameters to set a secure random generator
+        return RandomStringUtils.random(length, 0, 0, true, true, null, secureRandom);
     }
 }