summaryrefslogtreecommitdiffstats
path: root/modules
diff options
context:
space:
mode:
authorDenis Denisov <denji@users.noreply.github.com>2016-12-20 14:32:02 +0200
committerThomas Boerger <thomas@webhippie.de>2016-12-20 13:32:02 +0100
commit380e32e129d7a8868b9853e92e208a97e3ac125f (patch)
tree3b7ffc74a7f28f9c165ee4a780e52053d9f749fd /modules
parent952587dbae987e05fb36f0ff56bf5eff92ae1080 (diff)
downloadgitea-380e32e129d7a8868b9853e92e208a97e3ac125f.tar.gz
gitea-380e32e129d7a8868b9853e92e208a97e3ac125f.zip
Fix random string generator (#384)
* Remove unused custom-alphabet feature of random string generator Fix random string generator Random string generator should return error if it fails to read random data via crypto/rand * Fixes variable (un)initialization mixed assign Update test GetRandomString
Diffstat (limited to 'modules')
-rw-r--r--modules/base/tool.go32
-rw-r--r--modules/base/tool_test.go4
2 files changed, 26 insertions, 10 deletions
diff --git a/modules/base/tool.go b/modules/base/tool.go
index 1722c88ac8..eb25108869 100644
--- a/modules/base/tool.go
+++ b/modules/base/tool.go
@@ -13,6 +13,7 @@ import (
"fmt"
"html/template"
"math"
+ "math/big"
"net/http"
"strconv"
"strings"
@@ -81,18 +82,31 @@ func BasicAuthEncode(username, password string) string {
}
// GetRandomString generate random string by specify chars.
-func GetRandomString(n int, alphabets ...byte) string {
+func GetRandomString(n int) (string, error) {
const alphanum = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz"
- var bytes = make([]byte, n)
- rand.Read(bytes)
- for i, b := range bytes {
- if len(alphabets) == 0 {
- bytes[i] = alphanum[b%byte(len(alphanum))]
- } else {
- bytes[i] = alphabets[b%byte(len(alphabets))]
+
+ buffer := make([]byte, n)
+ max := big.NewInt(int64(len(alphanum)))
+
+ for i := 0; i < n; i++ {
+ index, err := randomInt(max)
+ if err != nil {
+ return "", err
}
+
+ buffer[i] = alphanum[index]
}
- return string(bytes)
+
+ return string(buffer), nil
+}
+
+func randomInt(max *big.Int) (int, error) {
+ rand, err := rand.Int(rand.Reader, max)
+ if err != nil {
+ return 0, err
+ }
+
+ return int(rand.Int64()), nil
}
// VerifyTimeLimitCode verify time limit code
diff --git a/modules/base/tool_test.go b/modules/base/tool_test.go
index ec839e5e10..2ca70b8b32 100644
--- a/modules/base/tool_test.go
+++ b/modules/base/tool_test.go
@@ -43,7 +43,9 @@ func TestBasicAuthEncode(t *testing.T) {
}
func TestGetRandomString(t *testing.T) {
- assert.Len(t, GetRandomString(4), 4)
+ randomString, err := GetRandomString(4)
+ assert.NoError(t, err)
+ assert.Len(t, randomString, 4)
}
// TODO: Test PBKDF2()