-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP:リファクタとAWSへの対応 #16
base: master
Are you sure you want to change the base?
Conversation
This pull request sets up GitHub code scanning for this repository. Once the scans have completed and the checks have passed, the analysis results for this pull request branch will appear on this overview. Once you merge this pull request, the 'Security' tab will show more code scanning analysis results (for example, for the default branch). Depending on your configuration and choice of analysis tool, future pull requests will be annotated with code scanning analysis results. For more information about GitHub code scanning, check out the documentation. |
pass := "" | ||
gen := "1234567890qwertyuiopasdfghjklzxcvbnmQWERTYUIOPASDFGHJKLZXCVBNM" | ||
for i := 0; i < 12; i++ { | ||
pass += string(gen[rand.Intn(len(gen))]) |
Check failure
Code scanning / CodeQL
Use of insufficient randomness as the key of a cryptographic algorithm High
random number
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix AI 20 days ago
To fix the problem, we need to replace the use of math/rand
with crypto/rand
to ensure that the password generation is cryptographically secure. This involves importing the crypto/rand
package and using it to generate random indices for selecting characters from the character set. Specifically, we will replace the rand.Intn
function with rand.Int
from the crypto/rand
package, which provides a cryptographically secure random number generator.
-
Copy modified lines R7-R8 -
Copy modified lines R44-R48
@@ -6,3 +6,4 @@ | ||
"log" | ||
"math/rand" | ||
"crypto/rand" | ||
"math/big" | ||
"net/http" | ||
@@ -42,3 +43,7 @@ | ||
for i := 0; i < 12; i++ { | ||
pass += string(gen[rand.Intn(len(gen))]) | ||
idx, err := rand.Int(rand.Reader, big.NewInt(int64(len(gen)))) | ||
if err != nil { | ||
log.Fatal(err) | ||
} | ||
pass += string(gen[idx.Int64()]) | ||
} |
2021年度のPISCONで開発しているものです