From a1fc7e7228d7b8de05bc2cf074f112af757401d0 Mon Sep 17 00:00:00 2001
From: rcaa <rodrigo_cardoso@hotmail.it>
Date: Sun, 11 Dec 2016 19:12:27 -0300
Subject: [PATCH] changing Math.random to SecureRandom

---
 src/main/java/com/gitblit/models/UserModel.java | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/src/main/java/com/gitblit/models/UserModel.java b/src/main/java/com/gitblit/models/UserModel.java
index d411e504..edbdf028 100644
--- a/src/main/java/com/gitblit/models/UserModel.java
+++ b/src/main/java/com/gitblit/models/UserModel.java
@@ -17,6 +17,7 @@ package com.gitblit.models;
 
 import java.io.Serializable;
 import java.security.Principal;
+import java.security.SecureRandom;
 import java.util.ArrayList;
 import java.util.Collections;
 import java.util.HashSet;
@@ -662,6 +663,9 @@ public class UserModel implements Principal, Serializable, Comparable<UserModel>
 	}
 	
 	public String createCookie() {
-		return StringUtils.getSHA1(String.valueOf(Math.random()));
+		SecureRandom random = new SecureRandom();
+		byte[] values = new byte[20];
+		random.nextBytes(values);
+		return StringUtils.getSHA1(String.valueOf(values));
 	}
 }
-- 
2.39.5