File tree Expand file tree Collapse file tree 2 files changed +5
-3
lines changed
javascript/ql/src/Security/CWE-338 Expand file tree Collapse file tree 2 files changed +5
-3
lines changed Original file line number Diff line number Diff line change 3636 <p >
3737
3838 For JavaScript in the browser,
39- <code >RandomSource .getRandomValues</code > provides a cryptographically
39+ <code >crypto .getRandomValues</code > provides a cryptographically
4040 secure pseudo-random number generator.
4141
4242 </p >
6969
7070 <references >
7171 <li >Wikipedia: <a href =" http://en.wikipedia.org/wiki/Pseudorandom_number_generator" a >.</li >
72- <li >Mozilla Developer Network: <a href =" https://developer.mozilla.org/en-US/docs/Web/API/RandomSource /getRandomValues" RandomSource. getRandomValues</a >.</li >
72+ <li >Mozilla Developer Network: <a href =" https://developer.mozilla.org/en-US/docs/Web/API/Crypto /getRandomValues" Crypto: getRandomValues() </a >.</li >
7373 <li >NodeJS: <a href =" https://nodejs.org/api/crypto.html#crypto_crypto_randombytes_size_callback" a ></li >
7474 </references >
7575</qhelp >
Original file line number Diff line number Diff line change @@ -2,5 +2,7 @@ function securePassword() {
22 // GOOD: the random suffix is cryptographically secure
33 var suffix = window . crypto . getRandomValues ( new Uint32Array ( 1 ) ) [ 0 ] ;
44 var password = "myPassword" + suffix ;
5- return password ;
5+
6+ // GOOD: if a random value between 0 and 1 is desired
7+ var secret = window . crypto . getRandomValues ( new Uint32Array ( 1 ) ) [ 0 ] * Math . pow ( 2 , - 32 ) ;
68}
You can’t perform that action at this time.
0 commit comments