Thirdparty
/
wvp-GB28181-pro
mirror of https://github.com/648540858/wvp-GB28181-pro
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #1 from Pixeebot-2-0/pixeebot/drip-2024-11-16-pixee-java/secure-random 

Introduced protections against predictable RNG abuse
pull/1694/head
Pixee OSS Assistant 2024-11-17 07:00:26 -05:00 committed by GitHub
parent 5b393b7273 6afaca2ace
commit 15813e872d
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/main/java/com/genersoft/iot/vmp/conf/redis/RedisRpcConfig.java
View File

@ -7,6 +7,7 @@ import com.genersoft.iot.vmp.conf.redis.bean.RedisRpcMessage;
import com.genersoft.iot.vmp.conf.redis.bean.RedisRpcRequest; import com.genersoft.iot.vmp.conf.redis.bean.RedisRpcRequest;
import com.genersoft.iot.vmp.conf.redis.bean.RedisRpcResponse; import com.genersoft.iot.vmp.conf.redis.bean.RedisRpcResponse;
import com.genersoft.iot.vmp.service.redisMsg.control.RedisRpcController; import com.genersoft.iot.vmp.service.redisMsg.control.RedisRpcController;
import java.security.SecureRandom;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Qualifier;
@ -31,7 +32,7 @@ public class RedisRpcConfig implements MessageListener {
public final static String REDIS_REQUEST_CHANNEL_KEY = "WVP_REDIS_REQUEST_CHANNEL_KEY"; public final static String REDIS_REQUEST_CHANNEL_KEY = "WVP_REDIS_REQUEST_CHANNEL_KEY";
private final Random random = new Random(); private final Random random = new SecureRandom();
@Autowired @Autowired
private UserSetting userSetting; private UserSetting userSetting;

3
src/main/java/com/genersoft/iot/vmp/gb28181/auth/DigestServerAuthenticationHelper.java
View File

@ -26,6 +26,7 @@
package com.genersoft.iot.vmp.gb28181.auth; package com.genersoft.iot.vmp.gb28181.auth;
import gov.nist.core.InternalErrorHandler; import gov.nist.core.InternalErrorHandler;
import java.security.SecureRandom;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import javax.sip.address.URI; import javax.sip.address.URI;
@ -83,7 +84,7 @@ public class DigestServerAuthenticationHelper {
*/ */
private String generateNonce() { private String generateNonce() {
long time = Instant.now().toEpochMilli(); long time = Instant.now().toEpochMilli();
Random rand = new Random(); Random rand = new SecureRandom();
long pad = rand.nextLong(); long pad = rand.nextLong();
String nonceString = Long.valueOf(time).toString() String nonceString = Long.valueOf(time).toString()
+ Long.valueOf(pad).toString(); + Long.valueOf(pad).toString();

3
src/main/java/com/genersoft/iot/vmp/jt1078/cmd/JT1078Template.java
View File

@ -3,6 +3,7 @@ package com.genersoft.iot.vmp.jt1078.cmd;
import com.genersoft.iot.vmp.jt1078.proc.entity.Cmd; import com.genersoft.iot.vmp.jt1078.proc.entity.Cmd;
import com.genersoft.iot.vmp.jt1078.proc.response.*; import com.genersoft.iot.vmp.jt1078.proc.response.*;
import com.genersoft.iot.vmp.jt1078.session.SessionManager; import com.genersoft.iot.vmp.jt1078.session.SessionManager;
import java.security.SecureRandom;
import java.util.Random; import java.util.Random;
@ -13,7 +14,7 @@ import java.util.Random;
*/ */
public class JT1078Template { public class JT1078Template {
private final Random random = new Random(); private final Random random = new SecureRandom();
private static final String H9101 = "9101"; private static final String H9101 = "9101";
private static final String H9102 = "9102"; private static final String H9102 = "9102";