Info Call to Random API

Description

List of all calls to methods that return pseudo-random values.

Recommendation

Do not seed Random with the current time because that value is more predictable to an attacker than the default seed.

The java.util.Random class must not be used either for security-critical applications or for protecting sensitive data. Use a more secure random number generator, such as the java.security.SecureRandom class.

Technical details

Method io.grpc.okhttp.OkHttpClientTransport.<init>() calling method java.util.Random.<init>()


    OkHttpClientTransport(java.net.InetSocketAddress p2, String p3, String p4, java.util.concurrent.Executor p5, javax.net.ssl.SSLSocketFactory p6, javax.net.ssl.HostnameVerifier p7, io.grpc.okhttp.internal.ConnectionSpec p8, int p9, io.grpc.internal.ProxyParameters p10, Runnable p11, io.grpc.internal.TransportTracer p12)
    {
        this.random = new java.util.Random();
        this.lock = new Object();
        this.logId = io.grpc.internal.LogId.allocate(this.getClass().getName());
        this.streams = new java.util.HashMap();
        this.attributes = io.grpc.Attributes.EMPTY;
        this.maxConcurrentStreams = 0;
        this.pendingStreams = new java.util.LinkedList();
        this.address = ((java.net.InetSocketAddress) com.google.common.base.Preconditions.checkNotNull(p2, "address"));
        this.defaultAuthority = p3;
        this.maxMessageSize = p9;
        this.executor = ((java.util.concurrent.Executor) com.google.common.base.Preconditions.checkNotNull(p5, "executor"));
        this.serializingExecutor = new io.grpc.internal.SerializingExecutor(p5);
        this.nextStreamId = 3;
        this.sslSocketFactory = p6;
        this.hostnameVerifier = p7;
        this.connectionSpec = ((io.grpc.okhttp.internal.ConnectionSpec) com.google.common.base.Preconditions.checkNotNull(p8, "connectionSpec"));
        this.stopwatchFactory = io.grpc.internal.GrpcUtil.STOPWATCH_SUPPLIER;
        this.userAgent = io.grpc.internal.GrpcUtil.getGrpcUserAgent("okhttp", p4);
        this.proxy = p10;
        this.tooManyPingsRunnable = ((Runnable) com.google.common.base.Preconditions.checkNotNull(p11, "tooManyPingsRunnable"));
        this.transportTracer = ((io.grpc.internal.TransportTracer) com.google.common.base.Preconditions.checkNotNull(p12));
        this.initTransportTracer();
        return;
    }

Method io.grpc.okhttp.OkHttpClientTransport.<init>() calling method java.util.Random.<init>()


    OkHttpClientTransport(String p2, java.util.concurrent.Executor p3, io.grpc.okhttp.internal.framed.FrameReader p4, io.grpc.okhttp.internal.framed.FrameWriter p5, int p6, java.net.Socket p7, com.google.common.base.Supplier p8, Runnable p9, com.google.common.util.concurrent.SettableFuture p10, int p11, Runnable p12, io.grpc.internal.TransportTracer p13)
    {
        this.random = new java.util.Random();
        this.lock = new Object();
        this.logId = io.grpc.internal.LogId.allocate(this.getClass().getName());
        this.streams = new java.util.HashMap();
        this.attributes = io.grpc.Attributes.EMPTY;
        this.maxConcurrentStreams = 0;
        this.pendingStreams = new java.util.LinkedList();
        this.address = 0;
        this.maxMessageSize = p11;
        this.defaultAuthority = "notarealauthority:80";
        this.userAgent = io.grpc.internal.GrpcUtil.getGrpcUserAgent("okhttp", p2);
        this.executor = ((java.util.concurrent.Executor) com.google.common.base.Preconditions.checkNotNull(p3, "executor"));
        this.serializingExecutor = new io.grpc.internal.SerializingExecutor(p3);
        this.testFrameReader = ((io.grpc.okhttp.internal.framed.FrameReader) com.google.common.base.Preconditions.checkNotNull(p4, "frameReader"));
        this.testFrameWriter = ((io.grpc.okhttp.internal.framed.FrameWriter) com.google.common.base.Preconditions.checkNotNull(p5, "testFrameWriter"));
        this.socket = ((java.net.Socket) com.google.common.base.Preconditions.checkNotNull(p7, "socket"));
        this.nextStreamId = p6;
        this.stopwatchFactory = p8;
        this.connectionSpec = 0;
        this.connectingCallback = p9;
        this.connectedFuture = ((com.google.common.util.concurrent.SettableFuture) com.google.common.base.Preconditions.checkNotNull(p10, "connectedFuture"));
        this.proxy = 0;
        this.tooManyPingsRunnable = ((Runnable) com.google.common.base.Preconditions.checkNotNull(p12, "tooManyPingsRunnable"));
        this.transportTracer = ((io.grpc.internal.TransportTracer) com.google.common.base.Preconditions.checkNotNull(p13, "transportTracer"));
        this.initTransportTracer();
        return;
    }

Method io.grpc.internal.RetriableStream.<clinit>() calling method java.util.Random.<init>()


    static RetriableStream()
    {
        io.grpc.internal.RetriableStream.GRPC_PREVIOUS_RPC_ATTEMPTS = io.grpc.Metadata$Key.of("grpc-previous-rpc-attempts", io.grpc.Metadata.ASCII_STRING_MARSHALLER);
        io.grpc.internal.RetriableStream.GRPC_RETRY_PUSHBACK_MS = io.grpc.Metadata$Key.of("grpc-retry-pushback-ms", io.grpc.Metadata.ASCII_STRING_MARSHALLER);
        io.grpc.internal.RetriableStream.CANCELLED_BECAUSE_COMMITTED = io.grpc.Status.CANCELLED.withDescription("Stream thrown away because RetriableStream committed");
        io.grpc.internal.RetriableStream.random = new java.util.Random();
        return;
    }

Method okhttp3.OkHttpClient.newWebSocket() calling method java.util.Random.<init>()


    public okhttp3.WebSocket newWebSocket(okhttp3.Request p8, okhttp3.WebSocketListener p9)
    {
        okhttp3.internal.ws.RealWebSocket v6 = new okhttp3.internal.ws.RealWebSocket;
        v6(p8, p9, new java.util.Random(), ((long) this.pingInterval));
        v6.connect(this);
        return v6;
    }

Method io.grpc.internal.ExponentialBackoffPolicy.<init>() calling method java.util.Random.<init>()


    ExponentialBackoffPolicy()
    {
        this.random = new java.util.Random();
        this.initialBackoffNanos = java.util.concurrent.TimeUnit.SECONDS.toNanos(1);
        this.maxBackoffNanos = java.util.concurrent.TimeUnit.MINUTES.toNanos(2);
        this.multiplier = 1.6;
        this.jitter = 0.2;
        this.nextBackoffNanos = this.initialBackoffNanos;
        return;
    }

Method io.grpc.internal.DnsNameResolver.<init>() calling method java.util.Random.<init>()


    DnsNameResolver(String p2, String p3, io.grpc.Attributes p4, io.grpc.internal.SharedResourceHolder$Resource p5, io.grpc.internal.ProxyDetector p6)
    {
        this.random = new java.util.Random();
        this.delegateResolver = this.pickDelegateResolver();
        this.resolutionRunnable = new io.grpc.internal.DnsNameResolver$1(this);
        this.executorResource = p5;
        IllegalArgumentException v2_2 = new StringBuilder();
        v2_2.append("//");
        v2_2.append(p3);
        IllegalArgumentException v2_4 = java.net.URI.create(v2_2.toString());
        this.authority = ((String) com.google.common.base.Preconditions.checkNotNull(v2_4.getAuthority(), "nameUri (%s) doesn\'t have an authority", v2_4));
        this.host = ((String) com.google.common.base.Preconditions.checkNotNull(v2_4.getHost(), "host"));
        if (v2_4.getPort() != -1) {
            this.port = v2_4.getPort();
        } else {
            IllegalArgumentException v2_9 = ((Integer) p4.get(io.grpc.NameResolver$Factory.PARAMS_DEFAULT_PORT));
            if (v2_9 == null) {
                StringBuilder v4_2 = new StringBuilder();
                v4_2.append("name \'");
                v4_2.append(p3);
                v4_2.append("\' doesn\'t contain a port, and default port is not set in params");
                throw new IllegalArgumentException(v4_2.toString());
            } else {
                this.port = v2_9.intValue();
            }
        }
        this.proxyDetector = p6;
        return;
    }

Method com.google.firebase.firestore.g.zzs.<clinit>() calling method java.util.Random.<init>()


    static zzs()
    {
        com.google.firebase.firestore.g.zzs.zza = new java.util.Random();
        com.google.firebase.firestore.g.zzs.zzb = new com.google.firebase.firestore.g.zzs$1();
        com.google.firebase.firestore.g.zzs.zzc = com.google.firebase.firestore.g.zzt.zza;
        return;
    }

Method com.google.android.gms.internal.measurement.zzkd.zzln() calling method java.util.Random.<init>()


    public final long zzln()
    {
        if (this.zzasz.get() != 0) {
            try {
                this.zzasz.compareAndSet(-1, 1);
                return this.zzasz.getAndIncrement();
            } catch (Throwable v1_2) {
                throw v1_2;
            }
        } else {
            try {
                Throwable v1_5 = new java.util.Random((System.nanoTime() ^ this.zzbt().currentTimeMillis())).nextLong();
                long v3_1 = (this.zzadj + 1);
                this.zzadj = v3_1;
                return (v1_5 + ((long) v3_1));
            } catch (Throwable v1_7) {
                throw v1_7;
            }
        }
    }

Method com.crashlytics.android.answers.RandomBackoff.<init>() calling method java.util.Random.<init>()


    public RandomBackoff(io.fabric.sdk.android.services.concurrency.internal.Backoff p2, double p3)
    {
        this(p2, p3, new java.util.Random());
        return;
    }

Method com.google.common.cache.Striped64.<clinit>() calling method java.util.Random.<init>()


    static Striped64()
    {
        com.google.common.cache.Striped64.threadHashCode = new ThreadLocal();
        com.google.common.cache.Striped64.rng = new java.util.Random();
        com.google.common.cache.Striped64.NCPU = Runtime.getRuntime().availableProcessors();
        try {
            com.google.common.cache.Striped64.UNSAFE = com.google.common.cache.Striped64.getUnsafe();
            com.google.common.cache.Striped64.baseOffset = com.google.common.cache.Striped64.UNSAFE.objectFieldOffset(com.google.common.cache.Striped64.getDeclaredField("base"));
            com.google.common.cache.Striped64.busyOffset = com.google.common.cache.Striped64.UNSAFE.objectFieldOffset(com.google.common.cache.Striped64.getDeclaredField("busy"));
            return;
        } catch (Exception v0_7) {
            throw new Error(v0_7);
        }
    }

Method com.google.android.gms.internal.firebase_storage.zzf.<clinit>() calling method java.util.Random.<init>()


    static zzf()
    {
        com.google.android.gms.internal.firebase_storage.zzf.zzdz = new com.google.android.gms.internal.firebase_storage.zzi();
        com.google.android.gms.internal.firebase_storage.zzf.zzea = com.google.android.gms.common.util.DefaultClock.getInstance();
        com.google.android.gms.internal.firebase_storage.zzf.zzeb = new java.util.Random();
        return;
    }

Method com.google.android.gms.internal.firebase_database.zzkp.<clinit>() calling method java.util.Random.<init>()


    static zzkp()
    {
        com.google.android.gms.internal.firebase_database.zzkp.zzun = new java.util.Random();
        com.google.android.gms.internal.firebase_database.zzkp.zzuo = 0;
        int[] v0_4 = new int[12];
        com.google.android.gms.internal.firebase_database.zzkp.zzup = v0_4;
        return;
    }

Method com.google.android.gms.internal.firebase_database.zzkb.<init>() calling method java.util.Random.<init>()


    zzkb(com.google.android.gms.internal.firebase_database.zzjr p5, String p6, int p7)
    {
        this.zzgf = new java.util.Random();
        this.zzub = 0;
        this.zzud = 0;
        this.zzth = com.google.android.gms.internal.firebase_database.zzjr.getThreadFactory().newThread(new com.google.android.gms.internal.firebase_database.zzkc(this));
        com.google.android.gms.internal.firebase_database.zzjq v0_2 = com.google.android.gms.internal.firebase_database.zzjr.zzgi();
        Thread v1_1 = this.zzth;
        StringBuilder v3_1 = new StringBuilder((String.valueOf(p6).length() + 18));
        v3_1.append(p6);
        v3_1.append("Writer-");
        v3_1.append(p7);
        v0_2.zza(v1_1, v3_1.toString());
        this.zzty = p5;
        this.zzuc = new java.util.concurrent.LinkedBlockingQueue();
        return;
    }

Method com.google.android.gms.internal.firebase_database.zzbm.<init>() calling method java.util.Random.<init>()


    private zzbm(java.util.concurrent.ScheduledExecutorService p2, com.google.android.gms.internal.firebase_database.zzhz p3, long p4, long p6, double p8, double p10)
    {
        this.zzgf = new java.util.Random();
        this.zzgi = 1;
        this.zzbc = p2;
        this.zzbs = p3;
        this.zzgb = p4;
        this.zzgc = p6;
        this.zzge = p8;
        this.zzgd = p10;
        return;
    }

Method com.facebook.internal.Utility.generateRandomString() calling method java.util.Random.<init>()


    public static String generateRandomString(int p2)
    {
        return new java.math.BigInteger((p2 * 5), new java.util.Random()).toString(32);
    }

Method com.nimbusds.jose.jca.JCAContext.getSecureRandom() calling method java.security.SecureRandom.<init>()


    public java.security.SecureRandom getSecureRandom()
    {
        java.security.SecureRandom v0_0 = this.randomGen;
        if (v0_0 == null) {
            v0_0 = new java.security.SecureRandom();
        }
        return v0_0;
    }

Method com.nimbusds.jose.crypto.RSA_OAEP.encryptCEK() calling method java.security.SecureRandom.<init>()


    public static byte[] encryptCEK(java.security.interfaces.RSAPublicKey p2, javax.crypto.SecretKey p3, java.security.Provider p4)
    {
        try {
            String v4_2 = com.nimbusds.jose.crypto.CipherHelper.getInstance("RSA/ECB/OAEPWithSHA-1AndMGF1Padding", p4);
            v4_2.init(1, p2, new java.security.SecureRandom());
            return v4_2.doFinal(p3.getEncoded());
        } catch (Exception v2_3) {
            throw new com.nimbusds.jose.JOSEException("RSA block size exception: The RSA key is too short, try a longer one", v2_3);
        } catch (Exception v2_2) {
            throw new com.nimbusds.jose.JOSEException(v2_2.getMessage(), v2_2);
        }
    }

Method com.google.android.gms.internal.measurement.zzkd.zzlo() calling method java.security.SecureRandom.<init>()


    final java.security.SecureRandom zzlo()
    {
        this.zzab();
        if (this.zzasy == null) {
            this.zzasy = new java.security.SecureRandom();
        }
        return this.zzasy;
    }

Method com.google.android.gms.internal.measurement.zzkd.zzgo() calling method java.security.SecureRandom.<init>()


    protected final void zzgo()
    {
        this.zzab();
        com.google.android.gms.internal.measurement.zzfk v0_5 = new java.security.SecureRandom();
        long v1 = v0_5.nextLong();
        if (v1 == 0) {
            v1 = v0_5.nextLong();
            if (v1 == 0) {
                this.zzgi().zziy().log("Utils falling back to Random for random id");
            }
        }
        this.zzasz.set(v1);
        return;
    }