Fixed Security Hotspot reported by SonarQube.

2025-02-25 18:55:31 -06:00 · 2022-08-14 07:09:45 +05:30 · 2022-08-14 07:09:45 +05:30 · 1e94c3bd81
commit 1e94c3bd81
parent 6179b216c5
9 changed files with 17 additions and 25 deletions
--- a/runtime/src/js/pgadmin.js
+++ b/runtime/src/js/pgadmin.js
@ -38,16 +38,6 @@ if (fs.existsSync('dev_config.json')) {
  }
 }

-// This function is used to create UUID
-function createUUID() {
-  let dt = new Date().getTime();
-  return 'xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx'.replace(/[xy]/g, function(c) {
-    let r = (dt + Math.random()*16)%16 | 0;
-    dt = Math.floor(dt/16);
-    return (c==='x' ? r :(r&0x3|0x8)).toString(16);
-  });
-}
-
 // This functions is used to start the pgAdmin4 server by spawning a
 // separate process.
 function startDesktopMode() {
@ -56,7 +46,7 @@ function startDesktopMode() {
  if (pgadminServerProcess != null)
    return;

-  let UUID = createUUID();
+  let UUID = crypto.randomUUID();
  // Set the environment variables so that pgAdmin 4 server
  // starts listening on the appropriate port.
  process.env.PGADMIN_INT_PORT = serverPort;
--- a/web/pgadmin/dashboard/static/js/PgAdminLogo.jsx
+++ b/web/pgadmin/dashboard/static/js/PgAdminLogo.jsx
@ -12,7 +12,7 @@ export default function PgAdminLogo() {

  return (
    <div className="welcome-logo" aria-hidden="true">
-      <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 600 130">
+      <svg xmlns="https://www.w3.org/2000/svg" viewBox="0 0 600 130">
        <defs>
          <style>{'.cls-1{stroke:#000;stroke-width:10.19px;}.cls-2{fill:#336791;}.cls-3,.cls-4,.cls-9{fill:none;}.cls-3,.cls-4,.cls-5,.cls-6{stroke:#fff;}.cls-3,.cls-4{stroke-linecap:round;stroke-width:3.4px;}.cls-3{stroke-linejoin:round;}.cls-4{stroke-linejoin:bevel;}.cls-5,.cls-6{fill:#fff;}.cls-5{stroke-width:1.13px;}.cls-6{stroke-width:0.57px;}.cls-7{fill:#2775b6;}.cls-8{fill:#333;}.cls-9{stroke:#333;stroke-width:3px;}'}</style>
        </defs>
--- a/web/pgadmin/preferences/static/js/components/PreferencesComponent.jsx
+++ b/web/pgadmin/preferences/static/js/components/PreferencesComponent.jsx
@ -178,7 +178,7 @@ export default function PreferencesComponent({ ...props }) {
      let preferencesTreeData = [];
      let preferencesValues = {};
      res.data.forEach(node => {
-        let id = Math.floor(Math.random() * 1000);
+        let id = crypto.getRandomValues(new Uint16Array(1));
        let tdata = {
          'id': id.toString(),
          'label': node.label,
@ -200,7 +200,7 @@ export default function PreferencesComponent({ ...props }) {
        }

        node.children.forEach(subNode => {
-          let sid = Math.floor(Math.random() * 1000);
+          let sid = crypto.getRandomValues(new Uint16Array(1));
          let nodeData = {
            'id': sid.toString(),
            'label': subNode.label,
@ -368,7 +368,7 @@ export default function PreferencesComponent({ ...props }) {
            firstElement = field;
          }
        });
-        setLoadTree(Math.floor(Math.random() * 1000));
+        setLoadTree(crypto.getRandomValues(new Uint16Array(1)));
        initTreeTimeout = setTimeout(() => {
          prefTreeInit.current = true;
          if(firstElement) {
--- a/web/pgadmin/static/js/Explain/Graphical.jsx
+++ b/web/pgadmin/static/js/Explain/Graphical.jsx
@ -66,7 +66,7 @@ PolyLine.propTypes = {
 function Multitext({currentXpos, currentYpos, label, maxWidth}) {
  const theme = useTheme();
  let abc = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ';
-  var xmlns = 'http://www.w3.org/2000/svg';
+  var xmlns = 'https://www.w3.org/2000/svg';
  var svgElem = document.createElementNS(xmlns, 'svg');
  svgElem.setAttributeNS(xmlns, 'height', '100%');
  svgElem.setAttributeNS(xmlns, 'width', '100%');
@ -295,7 +295,7 @@ function PlanSVG({planData, zoomFactor, fitZoomFactor, ...props}) {
  }, [planData.width]);

  return (
-    <svg height={planData.height*zoomFactor} width={planData.width*zoomFactor} version="1.1" xmlns="http://www.w3.org/2000/svg">
+    <svg height={planData.height*zoomFactor} width={planData.width*zoomFactor} version="1.1" xmlns="https://www.w3.org/2000/svg">
      <defs>
        {Object.keys(props.ctx.arrows).map((arr_id, i)=>{
          let arrowPoints = [
--- a/web/pgadmin/static/js/Explain/svg_download.js
+++ b/web/pgadmin/static/js/Explain/svg_download.js
@ -10,7 +10,7 @@ import getApiInstance from '../api_instance';

 function convertImageURLtoDataURI(api, image) {
  return new Promise(function(resolve, reject) {
-    let href = image.getAttribute('href') || image.getAttributeNS('http://www.w3.org/1999/xlink', 'href');
+    let href = image.getAttribute('href') || image.getAttributeNS('https://www.w3.org/1999/xlink', 'href');
    api.get(href).then(({data})=>{
      image.setAttribute('href', 'data:image/svg+xml;base64,'+window.btoa(data));
      resolve();
--- a/web/pgadmin/static/js/backform.pgadmin.js
+++ b/web/pgadmin/static/js/backform.pgadmin.js
@ -2534,7 +2534,7 @@ define([
      Backform.FieldsetControl.prototype.initialize.apply(
        this, arguments
      );
-      this.tabIndex = (opts.tabIndex || parseInt(Math.random() * 1000)) + 1;
+      this.tabIndex = (opts.tabIndex || parseInt(crypto.getRandomValues(new Uint8Array(1)))) + 1;
      if(opts.field.get('tabPanelExtraClasses')) {
        this.tabPanelExtraClasses = opts.field.get('tabPanelExtraClasses');
      }
--- a/web/pgadmin/static/js/helpers/ModalProvider.jsx
+++ b/web/pgadmin/static/js/helpers/ModalProvider.jsx
@ -98,7 +98,7 @@ export default function ModalProvider({ children }) {
  const [modals, setModals] = React.useState([]);

  const showModal = (title, content, modalOptions) => {
-    let id = getEpoch().toString() + Math.random();
+    let id = getEpoch().toString() + crypto.getRandomValues(new Uint8Array(1));
    setModals((prev) => [...prev, {
      id: id,
      title: title,
--- a/web/pgadmin/static/js/utils.js
+++ b/web/pgadmin/static/js/utils.js
@ -260,9 +260,11 @@ export function fully_qualify(pgBrowser, data, item) {
 }

 export function getRandomInt(min, max) {
-  min = Math.ceil(min);
-  max = Math.floor(max);
-  return Math.floor(Math.random() * (max - min + 1)) + min;
+  const intArray = new Uint32Array(1);
+  crypto.getRandomValues(intArray);
+
+  var range = max - min + 1;
+  return min + (intArray[0] % range);
 }

 export function titleize(i_str) {
--- a/web/pgadmin/tools/debugger/static/js/components/DebuggerArgumentComponent.jsx
+++ b/web/pgadmin/tools/debugger/static/js/components/DebuggerArgumentComponent.jsx
@ -427,7 +427,7 @@ export default function DebuggerArgumentComponent({ debuggerInfo, restartDebug,

        setDebuggerArgs(funcArgsData, funcObj, myObj);
        debuggerArgsSchema.current = new DebuggerArgumentSchema();
-        setLoadArgs(Math.floor(Math.random() * 1000));
+        setLoadArgs(crypto.getRandomValues(new Uint16Array(1)));
      })
      .catch(() => {
        Notify.alert(
@ -485,7 +485,7 @@ export default function DebuggerArgumentComponent({ debuggerInfo, restartDebug,
      setTimeout(() => {
        /* Reload the debugger arguments */
        setLoaderText('');
-        setLoadArgs(Math.floor(Math.random() * 1000));
+        setLoadArgs(crypto.getRandomValues(new Uint16Array(1)));
        /* Disable debug button */
        setIsDisableDebug(true);
      }, 100);