Info Call to Random API

Description

List of all calls to methods that return pseudo-random values.

Recommendation

Do not seed Random with the current time because that value is more predictable to an attacker than the default seed.

The java.util.Random class must not be used either for security-critical applications or for protecting sensitive data. Use a more secure random number generator, such as the java.security.SecureRandom class.

Technical details

Method org.apache.http.entity.mime.MultipartEntity.generateBoundary() calling method java.util.Random.<init>()


    protected String generateBoundary()
    {
        String v0_1 = new StringBuilder();
        java.util.Random v1_1 = new java.util.Random();
        int v2_2 = (v1_1.nextInt(11) + 30);
        int v3 = 0;
        while (v3 < v2_2) {
            v0_1.append(org.apache.http.entity.mime.MultipartEntity.MULTIPART_CHARS[v1_1.nextInt(org.apache.http.entity.mime.MultipartEntity.MULTIPART_CHARS.length)]);
            v3++;
        }
        return v0_1.toString();
    }

Method okhttp3.OkHttpClient.newWebSocket() calling method java.util.Random.<init>()


    public okhttp3.WebSocket newWebSocket(okhttp3.Request p8, okhttp3.WebSocketListener p9)
    {
        okhttp3.internal.ws.RealWebSocket v6 = new okhttp3.internal.ws.RealWebSocket;
        v6(p8, p9, new java.util.Random(), ((long) this.pingInterval));
        v6.connect(this);
        return v6;
    }

Method org.apache.commons.lang3.RandomStringUtils.<clinit>() calling method java.util.Random.<init>()


    static RandomStringUtils()
    {
        org.apache.commons.lang3.RandomStringUtils.a = new java.util.Random();
        return;
    }

Method com.newrelic.agent.android.util.Util.<clinit>() calling method java.util.Random.<init>()


    static Util()
    {
        com.newrelic.agent.android.util.Util.random = new java.util.Random();
        return;
    }

Method com.google.android.gms.internal.zzclq.y() calling method java.util.Random.<init>()


    public final long y()
    {
        if (this.c.get() != 0) {
            try {
                this.c.compareAndSet(-1, 1);
                return this.c.getAndIncrement();
            } catch (Throwable v1_2) {
                throw v1_2;
            }
        } else {
            try {
                Throwable v1_5 = new java.util.Random((System.nanoTime() ^ this.k().a())).nextLong();
                long v3_1 = (this.d + 1);
                this.d = v3_1;
                return (v1_5 + ((long) v3_1));
            } catch (Throwable v1_6) {
                throw v1_6;
            }
        }
    }

Method com.google.android.gms.analytics.Tracker.<init>() calling method java.util.Random.<init>()


    Tracker(com.google.android.gms.internal.zzaqc p3, String p4, com.google.android.gms.internal.zzart p5)
    {
        super(p3);
        super.b = new java.util.HashMap();
        super.c = new java.util.HashMap();
        if (p4 != null) {
            super.b.put("&tid", p4);
        }
        super.b.put("useSecure", "1");
        super.b.put("&a", Integer.toString((new java.util.Random().nextInt(2147483647) + 1)));
        super.d = new com.google.android.gms.internal.zzart("tracking", super.i());
        super.e = new com.google.android.gms.analytics.Tracker$zza(super, p3);
        return;
    }

Method com.google.maps.android.data.kml.KmlStyle.b() calling method java.util.Random.<init>()


    public static int b(int p3)
    {
        java.util.Random v0_1 = new java.util.Random();
        int v1 = android.graphics.Color.red(p3);
        int v2 = android.graphics.Color.green(p3);
        int v3_1 = android.graphics.Color.blue(p3);
        if (v1 != 0) {
            v1 = v0_1.nextInt(v1);
        }
        if (v3_1 != 0) {
            v3_1 = v0_1.nextInt(v3_1);
        }
        if (v2 != 0) {
            v2 = v0_1.nextInt(v2);
        }
        return android.graphics.Color.rgb(v1, v2, v3_1);
    }

Method com.crashlytics.android.answers.RandomBackoff.<init>() calling method java.util.Random.<init>()


    public RandomBackoff(io.fabric.sdk.android.services.concurrency.internal.Backoff p2, double p3)
    {
        this(p2, p3, new java.util.Random());
        return;
    }

Method com.google.android.gms.iid.zzl.b() calling method java.util.Random.<init>()


    public final void b(android.content.Intent p13)
    {
        if (p13 != null) {
            String v1_20 = p13.getAction();
            if (("com.google.android.c2dm.intent.REGISTRATION".equals(v1_20)) || ("com.google.android.gms.iid.InstanceID".equals(v1_20))) {
                String v1_4 = p13.getStringExtra("registration_id");
                if (v1_4 == null) {
                    v1_4 = p13.getStringExtra("unregistered");
                }
                String v2_1 = 0;
                if (v1_4 != null) {
                    String v1_21;
                    this.m = android.os.SystemClock.elapsedRealtime();
                    this.q = 0;
                    this.o = 0;
                    this.p = 0;
                    if (!v1_4.startsWith("|")) {
                        v1_21 = 0;
                    } else {
                        String v2_16 = v1_4.split("\\|");
                        if (!"ID".equals(v2_16[1])) {
                            String v1_24;
                            String v1_22 = String.valueOf(v1_4);
                            if (v1_22.length() == 0) {
                                v1_24 = new String("Unexpected structured response ");
                            } else {
                                v1_24 = "Unexpected structured response ".concat(v1_22);
                            }
                            android.util.Log.w("InstanceID/Rpc", v1_24);
                        }
                        v1_21 = v2_16[2];
                        if (v2_16.length > 4) {
                            if (!"SYNC".equals(v2_16[3])) {
                                if ("RST".equals(v2_16[3])) {
                                    String v0_13 = this.g;
                                    com.google.android.gms.iid.InstanceID.c(this.g);
                                    com.google.android.gms.iid.InstanceIDListenerService.zza(v0_13, com.google.android.gms.iid.InstanceID.b());
                                    p13.removeExtra("registration_id");
                                    this.a(v1_21, p13);
                                    return;
                                }
                            } else {
                                String v0_15 = this.g;
                                StringBuilder v3_15 = new android.content.Intent("com.google.android.gms.iid.InstanceID");
                                v3_15.putExtra("CMD", "SYNC");
                                v3_15.setClassName(v0_15, "com.google.android.gms.gcm.GcmReceiver");
                                v0_15.sendBroadcast(v3_15);
                            }
                        }
                        String v0_18 = v2_16[(v2_16.length - 1)];
                        if (v0_18.startsWith(":")) {
                            v0_18 = v0_18.substring(1);
                        }
                        p13.putExtra("registration_id", v0_18);
                    }
                    if (v1_21 != null) {
                        this.a(v1_21, p13);
                        return;
                    } else {
                        this.a(p13);
                        return;
                    }
                } else {
                    String v1_2 = p13.getStringExtra("error");
                    if (v1_2 != null) {
                        if (android.util.Log.isLoggable("InstanceID/Rpc", 3)) {
                            String v8_1;
                            String v9_0 = String.valueOf(v1_2);
                            if (v9_0.length() == 0) {
                                v8_1 = new String("Received InstanceID error ");
                            } else {
                                v8_1 = "Received InstanceID error ".concat(v9_0);
                            }
                            android.util.Log.d("InstanceID/Rpc", v8_1);
                        }
                        if (v1_2.startsWith("|")) {
                            long v7_6 = v1_2.split("\\|");
                            if (!"ID".equals(v7_6[1])) {
                                String v1_7;
                                String v1_5 = String.valueOf(v1_2);
                                if (v1_5.length() == 0) {
                                    v1_7 = new String("Unexpected structured response ");
                                } else {
                                    v1_7 = "Unexpected structured response ".concat(v1_5);
                                }
                                android.util.Log.w("InstanceID/Rpc", v1_7);
                            }
                            if (v7_6.length <= 2) {
                                v1_2 = "UNKNOWN";
                            } else {
                                String v1_9 = v7_6[2];
                                String v2_0 = v7_6[3];
                                if (v2_0.startsWith(":")) {
                                    v2_0 = v2_0.substring(1);
                                }
                                v2_1 = v1_9;
                                v1_2 = v2_0;
                            }
                            p13.putExtra("error", v1_2);
                        }
                        if (v2_1 != null) {
                            this.a(v2_1, v1_2);
                        } else {
                            this.a(v1_2);
                        }
                        long v7_7 = p13.getLongExtra("Retry-After", 0);
                        if (v7_7 <= 0) {
                            if ((("SERVICE_NOT_AVAILABLE".equals(v1_2)) || ("AUTHENTICATION_FAILED".equals(v1_2))) && ("com.google.android.gsf".equals(com.google.android.gms.iid.zzl.a))) {
                                this.o = (this.o + 1);
                                if (this.o >= 3) {
                                    if (this.o == 3) {
                                        this.p = (new java.util.Random().nextInt(1000) + 1000);
                                    }
                                    this.p = (this.p << 1);
                                    this.q = (android.os.SystemClock.elapsedRealtime() + ((long) this.p));
                                    String v0_1 = this.p;
                                    StringBuilder v3_3 = new StringBuilder((String.valueOf(v1_2).length() + 31));
                                    v3_3.append("Backoff due to ");
                                    v3_3.append(v1_2);
                                    v3_3.append(" for ");
                                    v3_3.append(v0_1);
                                    android.util.Log.w("InstanceID/Rpc", v3_3.toString());
                                }
                            }
                            return;
                        } else {
                            this.n = android.os.SystemClock.elapsedRealtime();
                            this.p = (((int) v7_7) * 1000);
                            this.q = (android.os.SystemClock.elapsedRealtime() + ((long) this.p));
                            String v0_5 = this.p;
                            String v2_11 = new StringBuilder(52);
                            v2_11.append("Explicit request from server to backoff: ");
                            v2_11.append(v0_5);
                            android.util.Log.w("InstanceID/Rpc", v2_11.toString());
                            return;
                        }
                    } else {
                        String v13_25 = String.valueOf(p13.getExtras());
                        String v2_13 = new StringBuilder((String.valueOf(v13_25).length() + 49));
                        v2_13.append("Unexpected response, no error or registration id ");
                        v2_13.append(v13_25);
                        android.util.Log.w("InstanceID/Rpc", v2_13.toString());
                        return;
                    }
                }
            } else {
                if (android.util.Log.isLoggable("InstanceID/Rpc", 3)) {
                    String v13_30;
                    String v13_28 = String.valueOf(p13.getAction());
                    if (v13_28.length() == 0) {
                        v13_30 = new String("Unexpected response ");
                    } else {
                        v13_30 = "Unexpected response ".concat(v13_28);
                    }
                    android.util.Log.d("InstanceID/Rpc", v13_30);
                }
                return;
            }
        } else {
            if (android.util.Log.isLoggable("InstanceID/Rpc", 3)) {
                android.util.Log.d("InstanceID/Rpc", "Unexpected response: null");
            }
            return;
        }
    }

Method com.coupa.android.coupamobile.core.MyCipher.getKey() calling method java.security.SecureRandom.setSeed()


    private byte[] getKey()
    {
        byte[] v0_4 = this.mySecret.getBytes("utf-8");
        javax.crypto.KeyGenerator v1_2 = javax.crypto.KeyGenerator.getInstance("AES");
        java.security.SecureRandom v2_0 = java.security.SecureRandom.getInstance("SHA1PRNG", "Crypto");
        v2_0.setSeed(v0_4);
        v1_2.init(128, v2_0);
        return v1_2.generateKey().getEncoded();
    }

Method com.google.android.gms.internal.zzclq.z() calling method java.security.SecureRandom.<init>()


    final java.security.SecureRandom z()
    {
        this.c();
        if (this.b == null) {
            this.b = new java.security.SecureRandom();
        }
        return this.b;
    }

Method com.google.android.gms.internal.zzclq.h_() calling method java.security.SecureRandom.<init>()


    protected final void h_()
    {
        this.c();
        com.google.android.gms.internal.zzcho v0_5 = new java.security.SecureRandom();
        long v1 = v0_5.nextLong();
        if (v1 == 0) {
            v1 = v0_5.nextLong();
            if (v1 == 0) {
                this.t().A().a("Utils falling back to Random for random id");
            }
        }
        this.c.set(v1);
        return;
    }

Method com.facebook.android.crypto.keychain.SecureRandomFix.a() calling method java.security.SecureRandom.<init>()


    public static java.security.SecureRandom a()
    {
        if ((android.os.Build$VERSION.SDK_INT >= 17) && (android.os.Build$VERSION.SDK_INT <= 18)) {
            try {
                if (!ark>com.facebook.android.crypto.keychain.SecureRandomFixark>.b) {
                    ark>com.facebook.android.crypto.keychain.SecureRandomFixark>.d();
                    ark>com.facebook.android.crypto.keychain.SecureRandomFixark>.b = 1;
                }
            } catch (Throwable v1_1) {
                throw v1_1;
            }
        }
        if (android.os.Build$VERSION.SDK_INT > 18) {
            return new java.security.SecureRandom();
        } else {
            return new ark>com.facebook.android.crypto.keychain.SecureRandomFixark>$LocalSecureRandom();
        }
    }

Method com.facebook.android.crypto.keychain.SecureRandomFix$LocalSecureRandom.<init>() calling method java.security.SecureRandom.<init>()


    public SecureRandomFix$LocalSecureRandom()
    {
        super(new com.facebook.android.crypto.keychain.SecureRandomFix$LinuxPRNGSecureRandom(), com.facebook.android.crypto.keychain.SecureRandomFix.b());
        return;
    }

Method com.RNFetchBlob.RNFetchBlobUtils.a() calling method java.security.SecureRandom.<init>()


    public static okhttp3.OkHttpClient$Builder a(okhttp3.OkHttpClient p4)
    {
        try {
            RuntimeException v0_1 = new javax.net.ssl.TrustManager[1];
            v0_1[0] = new ark>com.RNFetchBlob.RNFetchBlobUtilsark>$1();
            javax.net.ssl.SSLContext v1_2 = javax.net.ssl.SSLContext.getInstance("SSL");
            v1_2.init(0, v0_1, new java.security.SecureRandom());
            RuntimeException v0_2 = v1_2.getSocketFactory();
            Exception v4_1 = p4.newBuilder();
            v4_1.sslSocketFactory(v0_2);
            v4_1.hostnameVerifier(new ark>com.RNFetchBlob.RNFetchBlobUtilsark>$2());
            return v4_1;
        } catch (Exception v4_2) {
            throw new RuntimeException(v4_2);
        }
    }