Info Call to Random API

Description

List of all calls to methods that return pseudo-random values.

Recommendation

Do not seed Random with the current time because that value is more predictable to an attacker than the default seed.

The java.util.Random class must not be used either for security-critical applications or for protecting sensitive data. Use a more secure random number generator, such as the java.security.SecureRandom class.

Technical details

Method com.microsoft.aad.adal.PRNGFixes.installLinuxPRNGSecureRandom() calling method java.security.SecureRandom.<init>()


    private static void installLinuxPRNGSecureRandom()
    {
        if (android.os.Build$VERSION.SDK_INT <= 18) {
            java.security.Provider[] v1_2 = java.security.Security.getProviders("SecureRandom.SHA1PRNG");
            if ((v1_2 == null) || ((v1_2.length < 1) || (!com.microsoft.aad.adal.PRNGFixes$LinuxPRNGSecureRandomProvider.equals(v1_2[0].getClass())))) {
                com.microsoft.aad.adal.Logger.v("PRNGFixes:installLinuxPRNGSecureRandom", "Insert provider as LinuxPRNGSecureRandomProvider.");
                java.security.Security.insertProviderAt(new com.microsoft.aad.adal.PRNGFixes$LinuxPRNGSecureRandomProvider(), 1);
            }
            java.security.SecureRandom v2_2 = new java.security.SecureRandom();
            String v5_1 = new StringBuilder();
            v5_1.append("Provider: ");
            v5_1.append(v2_2.getProvider().getClass().getName());
            com.microsoft.aad.adal.Logger.i("PRNGFixes:installLinuxPRNGSecureRandom", "LinuxPRNGSecureRandomProvider for SecureRandom. ", v5_1.toString());
            try {
                java.security.NoSuchAlgorithmException v3_7 = java.security.SecureRandom.getInstance("SHA1PRNG");
                String v6_5 = new StringBuilder();
                v6_5.append("Provider: ");
                v6_5.append(v3_7.getProvider().getClass().getName());
                com.microsoft.aad.adal.Logger.i("PRNGFixes:installLinuxPRNGSecureRandom", "LinuxPRNGSecureRandomProvider for SecureRandom with alg SHA1PRNG. ", v6_5.toString());
                return;
            } catch (java.security.NoSuchAlgorithmException v3_8) {
                com.microsoft.aad.adal.Logger.v("PRNGFixes:installLinuxPRNGSecureRandom", "SHA1PRNG not available.");
                throw new SecurityException("SHA1PRNG not available", v3_8);
            }
        } else {
            com.microsoft.aad.adal.Logger.v("PRNGFixes:installLinuxPRNGSecureRandom", "No need to apply the fix.");
            return;
        }
    }

Method com.microsoft.aad.adal.StorageHelper.<init>() calling method java.security.SecureRandom.<init>()


    public StorageHelper(android.content.Context p2)
    {
        this.mKey = 0;
        this.mHMACKey = 0;
        this.mSecretKeyFromAndroidKeyStore = 0;
        this.mContext = p2;
        this.mRandom = new java.security.SecureRandom();
        return;
    }

Method com.nimbusds.jose.crypto.RSA_OAEP.encryptCEK() calling method java.security.SecureRandom.<init>()


    public static byte[] encryptCEK(java.security.interfaces.RSAPublicKey p3, javax.crypto.SecretKey p4, java.security.Provider p5)
    {
        try {
            Exception v0_3 = com.nimbusds.jose.crypto.CipherHelper.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", p5);
            v0_3.init(1, p3, new java.security.SecureRandom());
            return v0_3.doFinal(p4.getEncoded());
        } catch (Exception v0_2) {
            throw new com.nimbusds.jose.JOSEException("RSA block size exception: The RSA key is too short, try a longer one", v0_2);
        } catch (Exception v0_1) {
            throw new com.nimbusds.jose.JOSEException(v0_1.getMessage(), v0_1);
        }
    }

Method com.nimbusds.jose.jca.JCAContext.getSecureRandom() calling method java.security.SecureRandom.<init>()


    public java.security.SecureRandom getSecureRandom()
    {
        java.security.SecureRandom v0_2;
        if (this.randomGen == null) {
            v0_2 = new java.security.SecureRandom();
        } else {
            v0_2 = this.randomGen;
        }
        return v0_2;
    }

Method com.squareup.okhttp.ws.WebSocketCall.<init>() calling method java.security.SecureRandom.<init>()


    WebSocketCall(com.squareup.okhttp.OkHttpClient p2, com.squareup.okhttp.Request p3)
    {
        this(p2, p3, new java.security.SecureRandom());
        return;
    }

Method com.microsoft.identity.common.adal.internal.cache.StorageHelper.<init>() calling method java.security.SecureRandom.<init>()


    public StorageHelper(android.content.Context p2)
    {
        this.mKey = 0;
        this.mHMACKey = 0;
        this.mSecretKeyFromAndroidKeyStore = 0;
        this.mContext = p2.getApplicationContext();
        this.mRandom = new java.security.SecureRandom();
        return;
    }

Method org.apache.commons.math3.random.RandomDataGenerator.getSecRan() calling method java.security.SecureRandom.<init>()


    private org.apache.commons.math3.random.RandomGenerator getSecRan()
    {
        if (this.secRand == null) {
            this.secRand = org.apache.commons.math3.random.RandomGeneratorFactory.createRandomGenerator(new java.security.SecureRandom());
            this.secRand.setSeed((System.currentTimeMillis() + ((long) System.identityHashCode(this))));
        }
        return this.secRand;
    }

Method com.google.android.exoplayer2.upstream.cache.CachedContentIndex.writeFile() calling method java.util.Random.<init>()


    private void writeFile()
    {
        int v0_0 = 0;
        try {
            java.io.IOException v1_1 = this.atomicFile.startWrite();
        } catch (java.io.IOException v1_3) {
            com.google.android.exoplayer2.util.Util.closeQuietly(v0_0);
            throw v1_3;
        } catch (java.io.IOException v1_2) {
            throw new com.google.android.exoplayer2.upstream.cache.Cache$CacheException(v1_2);
        }
        if (this.bufferedOutputStream != null) {
            this.bufferedOutputStream.reset(v1_1);
        } else {
            this.bufferedOutputStream = new com.google.android.exoplayer2.util.ReusableBufferedOutputStream(v1_1);
        }
        v0_0 = new java.io.DataOutputStream(this.bufferedOutputStream);
        v0_0.writeInt(2);
        v0_0.writeInt(this.encrypt);
        if (this.encrypt) {
            int v4_2 = new byte[16];
            new java.util.Random().nextBytes(v4_2);
            v0_0.write(v4_2);
            this.cipher.init(1, this.secretKeySpec, new javax.crypto.spec.IvParameterSpec(v4_2));
            v0_0.flush();
            v0_0 = new java.io.DataOutputStream(new javax.crypto.CipherOutputStream(this.bufferedOutputStream, this.cipher));
        }
        v0_0.writeInt(this.keyToContent.size());
        int v4_5 = 0;
        java.util.Iterator v5_6 = this.keyToContent.values().iterator();
        while (v5_6.hasNext()) {
            com.google.android.exoplayer2.upstream.cache.CachedContent v6_7 = ((com.google.android.exoplayer2.upstream.cache.CachedContent) v5_6.next());
            v6_7.writeToStream(v0_0);
            v4_5 += v6_7.headerHashCode(2);
        }
        v0_0.writeInt(v4_5);
        this.atomicFile.endWrite(v0_0);
        com.google.android.exoplayer2.util.Util.closeQuietly(0);
        return;
    }

Method com.crashlytics.android.answers.RandomBackoff.<init>() calling method java.util.Random.<init>()


    public RandomBackoff(io.fabric.sdk.android.services.concurrency.internal.Backoff p2, double p3)
    {
        this(p2, p3, new java.util.Random());
        return;
    }

Method com.google.android.exoplayer2.source.ShuffleOrder$DefaultShuffleOrder.<init>() calling method java.util.Random.<init>()


    public ShuffleOrder$DefaultShuffleOrder(int p2)
    {
        this(p2, new java.util.Random());
        return;
    }

Method com.google.android.exoplayer2.source.ShuffleOrder$DefaultShuffleOrder.<init>() calling method java.util.Random.<init>()


    public ShuffleOrder$DefaultShuffleOrder(int p2, long p3)
    {
        this(p2, new java.util.Random(p3));
        return;
    }

Method com.google.android.exoplayer2.source.ShuffleOrder$DefaultShuffleOrder.cloneAndClear() calling method java.util.Random.<init>()


    public com.google.android.exoplayer2.source.ShuffleOrder cloneAndClear()
    {
        return new com.google.android.exoplayer2.source.ShuffleOrder$DefaultShuffleOrder(0, new java.util.Random(this.random.nextLong()));
    }

Method com.google.android.exoplayer2.source.ShuffleOrder$DefaultShuffleOrder.cloneAndInsert() calling method java.util.Random.<init>()


    public com.google.android.exoplayer2.source.ShuffleOrder cloneAndInsert(int p10, int p11)
    {
        int[] v0 = new int[p11];
        int[] v1 = new int[p11];
        int v2_1 = 0;
        int[] v3_0 = 0;
        while (v3_0 < p11) {
            v0[v3_0] = this.random.nextInt((this.shuffled.length + 1));
            int v4_8 = this.random.nextInt((v3_0 + 1));
            v1[v3_0] = v1[v4_8];
            v1[v4_8] = (v3_0 + p10);
            v3_0++;
        }
        java.util.Arrays.sort(v0);
        int[] v3_4 = new int[(this.shuffled.length + p11)];
        int v4_0 = 0;
        int v5_0 = 0;
        while (v2_1 < (this.shuffled.length + p11)) {
            if ((v5_0 >= p11) || (v4_0 != v0[v5_0])) {
                int v7_2 = (v4_0 + 1);
                v3_4[v2_1] = this.shuffled[v4_0];
                if (v3_4[v2_1] >= p10) {
                    v3_4[v2_1] = (v3_4[v2_1] + p11);
                }
                v4_0 = v7_2;
            } else {
                int v6_7 = (v5_0 + 1);
                v3_4[v2_1] = v1[v5_0];
                v5_0 = v6_7;
            }
            v2_1++;
        }
        return new com.google.android.exoplayer2.source.ShuffleOrder$DefaultShuffleOrder(v3_4, new java.util.Random(this.random.nextLong()));
    }

Method com.google.android.exoplayer2.source.ShuffleOrder$DefaultShuffleOrder.cloneAndRemove() calling method java.util.Random.<init>()


    public com.google.android.exoplayer2.source.ShuffleOrder cloneAndRemove(int p7)
    {
        int[] v0_3 = new int[(this.shuffled.length - 1)];
        int v1 = 0;
        int v2_1 = 0;
        while (v2_1 < this.shuffled.length) {
            if (this.shuffled[v2_1] != p7) {
                int v3_4;
                if (v1 == 0) {
                    v3_4 = v2_1;
                } else {
                    v3_4 = (v2_1 - 1);
                }
                int v4_5;
                if (this.shuffled[v2_1] <= p7) {
                    v4_5 = this.shuffled[v2_1];
                } else {
                    v4_5 = (this.shuffled[v2_1] - 1);
                }
                v0_3[v3_4] = v4_5;
            } else {
                v1 = 1;
            }
            v2_1++;
        }
        return new com.google.android.exoplayer2.source.ShuffleOrder$DefaultShuffleOrder(v0_3, new java.util.Random(this.random.nextLong()));
    }

Method com.google.android.exoplayer2.trackselection.RandomTrackSelection$Factory.<init>() calling method java.util.Random.<init>()


    public RandomTrackSelection$Factory()
    {
        this.random = new java.util.Random();
        return;
    }

Method com.google.android.exoplayer2.trackselection.RandomTrackSelection$Factory.<init>() calling method java.util.Random.<init>()


    public RandomTrackSelection$Factory(int p4)
    {
        this.random = new java.util.Random(((long) p4));
        return;
    }

Method com.google.android.exoplayer2.trackselection.RandomTrackSelection.<init>() calling method java.util.Random.<init>()


    public varargs RandomTrackSelection(com.google.android.exoplayer2.source.TrackGroup p3, int[] p4)
    {
        super(p3, p4);
        super.random = new java.util.Random();
        super.selectedIndex = super.random.nextInt(super.length);
        return;
    }

Method com.google.android.exoplayer2.trackselection.RandomTrackSelection.<init>() calling method java.util.Random.<init>()


    public RandomTrackSelection(com.google.android.exoplayer2.source.TrackGroup p2, int[] p3, long p4)
    {
        this(p2, p3, new java.util.Random(p4));
        return;
    }

Method kotlin.random.FallbackThreadLocalRandom$implStorage$1.initialValue() calling method java.util.Random.<init>()


    protected java.util.Random initialValue()
    {
        return new java.util.Random();
    }

Method kotlin.random.KotlinRandom.<init>() calling method java.util.Random.<init>()


    public KotlinRandom(kotlin.random.Random p2)
    {
        kotlin.jvm.internal.Intrinsics.checkParameterIsNotNull(p2, "impl");
        this.impl = p2;
        return;
    }

Method kotlinx.coroutines.scheduling.CoroutineScheduler.<init>() calling method java.util.Random.<init>()


    public CoroutineScheduler(int p8, int p9, long p10, String p12)
    {
        String v0_5;
        kotlin.jvm.internal.Intrinsics.checkParameterIsNotNull(p12, "schedulerName");
        this.corePoolSize = p8;
        this.maxPoolSize = p9;
        this.idleWorkerKeepAliveNs = p10;
        this.schedulerName = p12;
        if (this.corePoolSize < 1) {
            v0_5 = 0;
        } else {
            v0_5 = 1;
        }
        if (v0_5 == null) {
            Throwable v1_3 = new StringBuilder();
            v1_3.append("Core pool size ");
            v1_3.append(this.corePoolSize);
            v1_3.append(" should be at least 1");
            throw ((Throwable) new IllegalArgumentException(v1_3.toString().toString()));
        } else {
            String v0_14;
            if (this.maxPoolSize < this.corePoolSize) {
                v0_14 = 0;
            } else {
                v0_14 = 1;
            }
            if (v0_14 == null) {
                Throwable v1_8 = new StringBuilder();
                v1_8.append("Max pool size ");
                v1_8.append(this.maxPoolSize);
                v1_8.append(" should be greater than or equals to core pool size ");
                v1_8.append(this.corePoolSize);
                throw ((Throwable) new IllegalArgumentException(v1_8.toString().toString()));
            } else {
                String v0_18;
                if (this.maxPoolSize > 2097150) {
                    v0_18 = 0;
                } else {
                    v0_18 = 1;
                }
                if (v0_18 == null) {
                    Throwable v1_13 = new StringBuilder();
                    v1_13.append("Max pool size ");
                    v1_13.append(this.maxPoolSize);
                    v1_13.append(" should not exceed maximal supported number of threads 2097150");
                    throw ((Throwable) new IllegalArgumentException(v1_13.toString().toString()));
                } else {
                    String v0_23;
                    if (this.idleWorkerKeepAliveNs <= 0) {
                        v0_23 = 0;
                    } else {
                        v0_23 = 1;
                    }
                    if (v0_23 == null) {
                        Throwable v1_19 = new StringBuilder();
                        v1_19.append("Idle worker keep alive time ");
                        v1_19.append(this.idleWorkerKeepAliveNs);
                        v1_19.append(" must be positive");
                        throw ((Throwable) new IllegalArgumentException(v1_19.toString().toString()));
                    } else {
                        this.globalQueue = new kotlinx.coroutines.scheduling.GlobalQueue();
                        this.cpuPermits = new java.util.concurrent.Semaphore(this.corePoolSize, 0);
                        this.parkedWorkersStack = 0;
                        String v0_8 = new kotlinx.coroutines.scheduling.CoroutineScheduler$Worker[(this.maxPoolSize + 1)];
                        this.workers = v0_8;
                        this.controlState = 0;
                        this.random = new java.util.Random();
                        this._isTerminated = 0;
                        return;
                    }
                }
            }
        }
    }

Method okhttp3.OkHttpClient.newWebSocket() calling method java.util.Random.<init>()


    public okhttp3.WebSocket newWebSocket(okhttp3.Request p3, okhttp3.WebSocketListener p4)
    {
        okhttp3.internal.ws.RealWebSocket v0_1 = new okhttp3.internal.ws.RealWebSocket(p3, p4, new java.util.Random());
        v0_1.connect(this);
        return v0_1;
    }

Method org.apache.commons.math3.random.JDKRandomGenerator.<init>() calling method java.util.Random.<init>()


    public JDKRandomGenerator()
    {
        return;
    }

Method org.apache.commons.math3.random.JDKRandomGenerator.<init>() calling method java.util.Random.<init>()


    public JDKRandomGenerator(int p1)
    {
        this.setSeed(p1);
        return;
    }

Method org.apache.commons.math3.random.RandomAdaptor.<init>() calling method java.util.Random.<init>()


    private RandomAdaptor()
    {
        this.randomGenerator = 0;
        return;
    }

Method org.apache.commons.math3.random.RandomAdaptor.<init>() calling method java.util.Random.<init>()


    public RandomAdaptor(org.apache.commons.math3.random.RandomGenerator p1)
    {
        this.randomGenerator = p1;
        return;
    }

Method org.apache.commons.math3.random.RandomGeneratorFactory$1.setSeed() calling method java.util.Random.setSeed()


    public void setSeed(int p4)
    {
        this.val$rng.setSeed(((long) p4));
        return;
    }

Method org.apache.commons.math3.random.RandomGeneratorFactory$1.setSeed() calling method java.util.Random.setSeed()


    public void setSeed(long p2)
    {
        this.val$rng.setSeed(p2);
        return;
    }

Method org.apache.commons.math3.random.RandomGeneratorFactory$1.setSeed() calling method java.util.Random.setSeed()


    public void setSeed(int[] p4)
    {
        this.val$rng.setSeed(org.apache.commons.math3.random.RandomGeneratorFactory.convertToLong(p4));
        return;
    }