Fix code scanning alert no. 12: Insecure randomness

reactplay / react-play

react-play is an opensource platform that helps you learn ReactJS faster with hands-on practice model. It is a collection of projects that you can use to learn ReactJS.

MIT License

1.36k stars 843 forks source link

Fixes https://github.com/reactplay/react-play/security/code-scanning/12

To fix the problem, we need to replace the use of Math.random() with a cryptographically secure random number generator. In a browser environment, window.crypto.getRandomValues is the appropriate choice. This method generates cryptographically secure random values, making it much harder for an attacker to predict the generated passwords.

Replace the randomNumberGenerator function to use window.crypto.getRandomValues instead of Math.random().
Ensure the generated random number is within the specified limit without introducing bias.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

Name	Link
Latest commit	eeaa238885e738cb9cfe874507407a49883b3bb0
Latest deploy log	https://app.netlify.com/sites/reactplayio/deploys/6707e1850af6f800088f0fc7
Deploy Preview	https://deploy-preview-1544--reactplayio.netlify.app
Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

Name

Link

Latest commit

eeaa238885e738cb9cfe874507407a49883b3bb0

Latest deploy log

https://app.netlify.com/sites/reactplayio/deploys/6707e1850af6f800088f0fc7

Deploy Preview

https://deploy-preview-1544--reactplayio.netlify.app

Preview on mobile

Toggle QR Code...

Use your smartphone camera to open QR code link.

reactplay / react-play

Fix code scanning alert no. 12: Insecure randomness #1544

Deploy Preview for reactplayio ready!

reactplay / react-play

Fix code scanning alert no. 12: Insecure randomness #1544

✅ Deploy Preview for reactplayio ready!

Deploy Preview for reactplayio ready!