Replace Math.random with crypto.getBytes for session tokens

pull/2705/head
Nick O'Leary 2020-09-11 14:09:54 +01:00
parent baffe4861c
commit 70b6674f44
No known key found for this signature in database
GPG Key ID: 4F2157149161A6C9
3 changed files with 6 additions and 20 deletions

View File

@ -14,15 +14,7 @@
* limitations under the License.
**/
function generateToken(length) {
var c = "ABCDEFGHIJKLMNOPQRSTUZWXYZabcdefghijklmnopqrstuvwxyz1234567890";
var token = [];
for (var i=0;i<length;i++) {
token.push(c[Math.floor(Math.random()*c.length)]);
}
return token.join("");
}
const crypto = require("crypto");
var storage;
var sessionExpiryTime
@ -115,7 +107,7 @@ module.exports = {
},
create: function(user,client,scope) {
return loadSessions().then(function() {
var accessToken = generateToken(128);
var accessToken = crypto.randomBytes(128).toString('base64');
var accessTokenExpiresAt = Date.now() + (sessionExpiryTime*1000);

View File

@ -16,6 +16,7 @@
var ws = require("ws");
var url = require("url");
const crypto = require("crypto");
var log = require("@node-red/util").log; // TODO: separate module
var Tokens;
@ -56,17 +57,9 @@ function handleSessionExpiry(session) {
}
})
}
function generateSession(length) {
var c = "ABCDEFGHIJKLMNOPQRSTUZWXYZabcdefghijklmnopqrstuvwxyz1234567890";
var token = [];
for (var i=0;i<length;i++) {
token.push(c[Math.floor(Math.random()*c.length)]);
}
return token.join("");
}
function CommsConnection(ws, user) {
this.session = generateSession(32);
this.session = crypto.randomBytes(32).toString('base64');
this.ws = ws;
this.stack = [];
this.user = user;

View File

@ -18,9 +18,10 @@ var net = require("net");
var fs = require("fs-extra");
var path = require("path");
var os = require("os");
const crypto = require("crypto");
function getListenPath() {
var seed = (0x100000+Math.random()*0x999999).toString(16);
var seed = crypto.randomBytes(8).toString('hex');
var fn = 'node-red-git-askpass-'+seed+'-sock';
var listenPath;
if (process.platform === 'win32') {