Closed yousif-bugsnag closed 7 months ago
NPM build
Package | |
---|---|
Before | 175.95 kB |
After | 175.95 kB |
± | No change |
CDN build
Unminified | Minfied | Minified + gzipped | |
---|---|---|---|
Before | 84.94 kB |
31.99 kB |
9.84 kB |
After | 84.94 kB |
31.99 kB |
9.84 kB |
± | No change | No change | No change |
Ok | File (✨=New File) | Lines | Branches | Functions | Statements |
---|---|---|---|---|---|
🔴 | /home/runner/work/bugsnag-js-performance/bugsnag-js-performance/packages/platforms/react-native/lib/id-generator.ts | 100% (+0%) |
100% (+0%) |
87.5% (-12.5%) |
96.96% (-3.04%) |
Total:
Lines | Branches | Functions | Statements |
---|---|---|---|
92.25%(+0.05%) | 80.67%(+0.29%) | 93.33%(-0.15%) | 90.31%(-0.04%) |
Generated against 6dae1decad0c6755dad39453c04839cefa7c0533 on 8 December 2023 at 11:43:34 UTC
Goal
Some duplicate span IDs were observed in production as
Math.random
isn't random enough.This PR updates the id generation to source randomness from cryptographically secure number generators in the native layer.
Design
Two new methods
requestEntropy
andrequestEntropyAsync
have been added to the Native Module. These return random bytes as a 2048 character hex string generated usingSecureRandom
on Android andSecRandomCopyBytes
on iOS. These characters are then used by the ID generator to generate span and trace IDs by randomly selecting characters from the string usingMath.random()
.If the Native Module is not available for any reason, we fall back to generating a random string in JS using
Math.random
.When the client is loaded, a synchronous call to
requestEntropy
is made for an initial set of random values. After 1000 calls,requestEntropyAsync
is called to refresh the random values asynchronously.As part of this work, also fixed a bug in the iOS Native Module that was preventing it from working on the old architecture (it was missing an
RCT_EXPORT_
macro on the method), and reinstated the native device attribute e2e tests for old arch on iOS.Testing
Tested manually, added some more unit tests, and relied on the existing trace validation in e2e tests.