WIP:リファクタとAWSへの対応 #16
Conversation
|
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| pass := "" | ||
| gen := "1234567890qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM" | ||
| for i := 0; i < 12; i++ { | ||
| pass += string(gen[rand.Intn(len(gen))]) |
Check failure
Code scanning / CodeQL
Use of insufficient randomness as the key of a cryptographic algorithm High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 7 days ago
To fix the problem, we need to replace the use of math/rand with crypto/rand to ensure that the password generation is cryptographically secure. This involves importing the crypto/rand package and using it to generate random indices for selecting characters from the character set. Specifically, we will replace the rand.Intn function with rand.Int from the crypto/rand package, which provides a cryptographically secure random number generator.
| @@ -6,3 +6,4 @@ | ||
| "log" | ||
| "math/rand" | ||
| "crypto/rand" | ||
| "math/big" | ||
| "net/http" | ||
| @@ -42,3 +43,7 @@ | ||
| for i := 0; i < 12; i++ { | ||
| pass += string(gen[rand.Intn(len(gen))]) | ||
| idx, err := rand.Int(rand.Reader, big.NewInt(int64(len(gen)))) | ||
| if err != nil { | ||
| log.Fatal(err) | ||
| } | ||
| pass += string(gen[idx.Int64()]) | ||
| } |
2021年度のPISCONで開発しているものです