fix insecure math/rand use for access token generation (#1441)
This commit is contained in:
parent
fe47c99ac2
commit
3717a2ebeb
@ -1,9 +1,8 @@
|
||||
package utils
|
||||
|
||||
import (
|
||||
"crypto/rand"
|
||||
"encoding/base64"
|
||||
"math/rand"
|
||||
"time"
|
||||
)
|
||||
|
||||
const tokenLength = 32
|
||||
@ -19,8 +18,7 @@ func GenerateAccessToken() (string, error) {
|
||||
// case the caller should not continue.
|
||||
func generateRandomBytes(n int) ([]byte, error) {
|
||||
b := make([]byte, n)
|
||||
rand.Seed(time.Now().UTC().UnixNano())
|
||||
_, err := rand.Read(b) //nolint
|
||||
_, err := rand.Read(b)
|
||||
// Note that err == nil only if we read len(b) bytes.
|
||||
if err != nil {
|
||||
return nil, err
|
||||
|
Loading…
x
Reference in New Issue
Block a user