Skip to content

Replace math/rand usage with crypto/rand#39

Open
ChrisRx wants to merge 1 commit intolabstack:masterfrom
ChrisRx:crypto-rand
Open

Replace math/rand usage with crypto/rand#39
ChrisRx wants to merge 1 commit intolabstack:masterfrom
ChrisRx:crypto-rand

Conversation

@ChrisRx
Copy link

@ChrisRx ChrisRx commented Aug 28, 2020

This replaces the usage of math/rand with crypto/rand to support downstream usages of the random package that have security implications, such as the csrf middleware.

I don't see it used a lot of places, the only place outside of the csrf middleware appears to be the request_id middleware. If it makes more sense to ensure performance for non-crypographic usage of this package (which request_id middleware appears to be), I can create a second type and constructor for SecureRandom that uses the crypto/rand source, leaving the existing behavior for the Random type. Just let me know what you prefer.

@ChrisRx
Replace math/rand usage with crypto/rand
57f6fdb 
This replaces the usage of math/rand with crypto/rand to support
downstream usages of the random package that have security implications,
such as the csrf middleware.
@ChrisRx ChrisRx closed this Aug 28, 2020
@ChrisRx ChrisRx reopened this Aug 28, 2020
@codecov-commenter
Copy link

codecov-commenter commented Aug 28, 2020
edited
Loading

Codecov Report

❌ Patch coverage is 75.00000% with 2 lines in your changes missing coverage. Please review.
✅ Project coverage is 59.11%. Comparing base (4919956) to head (57f6fdb).
⚠️ Report is 11 commits behind head on master.

Files with missing lines Patch % Lines
random/random.go 75.00% 1 Missing and 1 partial ⚠️
Additional details and impacted files 
@@            Coverage Diff             @@
##           master      #39      +/-   ##
==========================================
- Coverage   59.26%   59.11%   -0.15%     
==========================================
  Files           6        6              
  Lines         518      521       +3     
==========================================
+ Hits          307      308       +1     
- Misses        208      209       +1     
- Partials        3        4       +1

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:
  • ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

@ChrisRx
Copy link
Author

ChrisRx commented Oct 17, 2020

I tried to make codecov happy locally, however, I think the difference it calculates in coverage is unavoidable. I think it is mistaken about the error being handled for the call to ReadByte(), because I believe the only safe thing to do should it return any error is for the program to crash. Is there anything that I need to do to help get this merged in?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@ChrisRx @codecov-commenter