Info Call to Random API

Description

List of all calls to methods that return pseudo-random values.

Recommendation

Do not seed Random with the current time because that value is more predictable to an attacker than the default seed.

The java.util.Random class must not be used either for security-critical applications or for protecting sensitive data. Use a more secure random number generator, such as the java.security.SecureRandom class.

Technical details

Method com.facebook.GraphRequest.<clinit>() calling method java.security.SecureRandom.<init>()


    static GraphRequest()
    {
        com.facebook.GraphRequest.versionPattern = java.util.regex.Pattern.compile("^/?v\\d+\\.\\d+/(.*)");
        String v0_4 = "-_1234567890abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ".toCharArray();
        StringBuilder v1_1 = new StringBuilder();
        java.security.SecureRandom v2_0 = new java.security.SecureRandom();
        int v3_2 = (v2_0.nextInt(11) + 30);
        int v4 = 0;
        while (v4 < v3_2) {
            v1_1.append(v0_4[v2_0.nextInt(v0_4.length)]);
            v4++;
        }
        com.facebook.GraphRequest.MIME_BOUNDARY = v1_1.toString();
        return;
    }

Method com.facebook.internal.Utility.generateRandomString() calling method java.util.Random.<init>()


    public static String generateRandomString(int p2)
    {
        return new java.math.BigInteger((p2 * 5), new java.util.Random()).toString(32);
    }