Info Call to Random API

Description

List of all calls to methods that return pseudo-random values.

Recommendation

Do not seed Random with the current time because that value is more predictable to an attacker than the default seed.

The java.util.Random class must not be used either for security-critical applications or for protecting sensitive data. Use a more secure random number generator, such as the java.security.SecureRandom class.

Technical details

Method org.apache.cordova.firebase.FirebasePluginMessagingService.onMessageReceived() calling method java.util.Random.<init>()


    public void onMessageReceived(com.google.firebase.messaging.RemoteMessage p10)
    {
        String v3_1;
        String v2_0;
        String v1_1;
        if (p10.getNotification() == null) {
            v2_0 = ((String) p10.getData().get("title"));
            v3_1 = ((String) p10.getData().get("text"));
            v1_1 = ((String) p10.getData().get("id"));
        } else {
            v2_0 = p10.getNotification().getTitle();
            v3_1 = p10.getNotification().getBody();
            v1_1 = p10.getMessageId();
        }
        if (android.text.TextUtils.isEmpty(v1_1)) {
            v1_1 = Integer.toString((new java.util.Random().nextInt(50) + 1));
        }
        android.util.Log.d("FirebasePlugin", new StringBuilder().append("From: ").append(p10.getFrom()).toString());
        android.util.Log.d("FirebasePlugin", new StringBuilder().append("Notification Message id: ").append(v1_1).toString());
        android.util.Log.d("FirebasePlugin", new StringBuilder().append("Notification Message Title: ").append(v2_0).toString());
        android.util.Log.d("FirebasePlugin", new StringBuilder().append("Notification Message Body/Text: ").append(v3_1).toString());
        if ((!android.text.TextUtils.isEmpty(v3_1)) || ((!android.text.TextUtils.isEmpty(v2_0)) || (!p10.getData().isEmpty()))) {
            if (((!org.apache.cordova.firebase.FirebasePlugin.inBackground()) && (org.apache.cordova.firebase.FirebasePlugin.hasNotificationsCallback())) || ((android.text.TextUtils.isEmpty(v3_1)) && (android.text.TextUtils.isEmpty(v2_0)))) {
                int v5 = 0;
            } else {
                v5 = 1;
            }
            this.sendNotification(v1_1, v2_0, v3_1, p10.getData(), v5);
        }
        return;
    }

Method com.google.android.gms.internal.zzclq.zzbay() calling method java.util.Random.<init>()


    public final long zzbay()
    {
        try {
            Throwable v0_2;
            if (this.zzjjp.get() != 0) {
                try {
                    this.zzjjp.compareAndSet(-1, 1);
                    v0_2 = this.zzjjp.getAndIncrement();
                } catch (Throwable v0_3) {
                    throw v0_3;
                }
            } else {
                Throwable v0_7 = new java.util.Random((System.nanoTime() ^ this.zzws().currentTimeMillis())).nextLong();
                int v3_1 = (this.zzjjq + 1);
                this.zzjjq = v3_1;
                v0_2 = (v0_7 + ((long) v3_1));
            }
        } catch (Throwable v0_8) {
            throw v0_8;
        }
        return v0_2;
    }

Method com.google.android.gms.analytics.Tracker.<init>() calling method java.util.Random.<init>()


    Tracker(com.google.android.gms.internal.zzaqc p5, String p6, com.google.android.gms.internal.zzart p7)
    {
        super(p5);
        super.zzbsr = new java.util.HashMap();
        super.zzdqh = new java.util.HashMap();
        if (p6 != null) {
            super.zzbsr.put("&tid", p6);
        }
        super.zzbsr.put("useSecure", "1");
        super.zzbsr.put("&a", Integer.toString((new java.util.Random().nextInt(2147483647) + 1)));
        super.zzdqi = new com.google.android.gms.internal.zzart("tracking", super.zzws());
        super.zzdqj = new com.google.android.gms.analytics.Tracker$zza(super, p5);
        return;
    }

Method okhttp3.OkHttpClient.newWebSocket() calling method java.util.Random.<init>()


    public okhttp3.WebSocket newWebSocket(okhttp3.Request p7, okhttp3.WebSocketListener p8)
    {
        okhttp3.internal.ws.RealWebSocket v0_1 = new okhttp3.internal.ws.RealWebSocket(p7, p8, new java.util.Random(), ((long) this.pingInterval));
        v0_1.connect(this);
        return v0_1;
    }

Method com.google.android.gms.internal.zzcyi.<init>() calling method java.util.Random.<init>()


    public zzcyi(android.content.Context p2, String p3)
    {
        this(p2, p3, new java.util.Random());
        return;
    }

Method com.google.android.gms.internal.zzclq.zzbaz() calling method java.security.SecureRandom.<init>()


    final java.security.SecureRandom zzbaz()
    {
        this.zzve();
        if (this.zzjjo == null) {
            this.zzjjo = new java.security.SecureRandom();
        }
        return this.zzjjo;
    }

Method com.google.android.gms.internal.zzclq.zzayy() calling method java.security.SecureRandom.<init>()


    protected final void zzayy()
    {
        this.zzve();
        com.google.android.gms.internal.zzcho v2_5 = new java.security.SecureRandom();
        long v0 = v2_5.nextLong();
        if (v0 == 0) {
            v0 = v2_5.nextLong();
            if (v0 == 0) {
                this.zzawy().zzazf().log("Utils falling back to Random for random id");
            }
        }
        this.zzjjp.set(v0);
        return;
    }

Method org.apache.cordova.CordovaBridge.generateBridgeSecret() calling method java.security.SecureRandom.<init>()


    int generateBridgeSecret()
    {
        this.expectedBridgeSecret = new java.security.SecureRandom().nextInt(2147483647);
        return this.expectedBridgeSecret;
    }

Method com.github.kevinsawicki.http.HttpRequest.getTrustedFactory() calling method java.security.SecureRandom.<init>()


    private static javax.net.ssl.SSLSocketFactory getTrustedFactory()
    {
        if (com.github.kevinsawicki.http.HttpRequest.TRUSTED_FACTORY == null) {
            javax.net.ssl.TrustManager[] v3 = new javax.net.ssl.TrustManager[1];
            v3[0] = new com.github.kevinsawicki.http.HttpRequest$1();
            try {
                javax.net.ssl.SSLContext v0 = javax.net.ssl.SSLContext.getInstance("TLS");
                v0.init(0, v3, new java.security.SecureRandom());
            } catch (java.security.GeneralSecurityException v1) {
                java.io.IOException v2_1 = new java.io.IOException("Security exception configuring SSL context");
                v2_1.initCause(v1);
                throw new com.github.kevinsawicki.http.HttpRequest$HttpRequestException(v2_1);
            }
            if (android.os.Build$VERSION.SDK_INT >= 20) {
                com.github.kevinsawicki.http.HttpRequest.TRUSTED_FACTORY = v0.getSocketFactory();
            } else {
                com.github.kevinsawicki.http.HttpRequest.TRUSTED_FACTORY = new com.github.kevinsawicki.http.TLSSocketFactory(v0);
            }
        }
        return com.github.kevinsawicki.http.HttpRequest.TRUSTED_FACTORY;
    }