Skip to content

Potential fix for code scanning alert no. 39: Insecure randomness #1442

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
Hristo313 wants to merge 1 commit into from
Closed

Potential fix for code scanning alert no. 39: Insecure randomness #1442

Hristo313 wants to merge 1 commit into from

Conversation

@Hristo313
Copy link
Contributor

@Hristo313 Hristo313 commented Nov 5, 2025

Potential fix for https://github.com/IgniteUI/igniteui-cli/security/code-scanning/39

To address the insecure randomness, replace all usage of Math.random() with a cryptographically secure random number generator. In browsers, this is window.crypto.getRandomValues(). Since this is TypeScript (and judging by the filename, probably browser code), use window.crypto.getRandomValues() to generate secure random numbers.

Update the getRandomNumber(min, max) implementation so that instead of relying on Math.random(), it uses a helper that generates a cryptographically strong random number in the needed range. Also replace all direct usages (in getRandomDate) of Math.random().

This requires:

  1. Adding a helper function (e.g., secureRandomNumber(min, max)) that uses window.crypto.getRandomValues() to generate appropriate random integers in the [min, max] range (including both endpoints).
  2. Replacing the implementation of getRandomNumber (and corresponding usages, and others as relevant) so that it uses the cryptographically secure logic throughout.
  3. Only add new imports if absolutely required.

Edit only the relevant methods (getRandomNumber, getRandomDate) and do not change unrelated code.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

@Hristo313 @github-advanced-security
fix: fix for code scanning alert no. 39: Insecure randomness
e920a8e 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
@coveralls
Copy link

coveralls commented Nov 5, 2025

Coverage Status

coverage: 70.242%. remained the same
when pulling e920a8e on copilot-insecure-randomness-problem-fix
into 1f86df3 on master.

@Hristo313 Hristo313 marked this pull request as ready for review November 5, 2025 13:37
@Hristo313 Hristo313 closed this Nov 5, 2025
@Hristo313 Hristo313 deleted the copilot-insecure-randomness-problem-fix branch November 11, 2025 13:42
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

14.6.x 🛠️ status: in-development

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@Hristo313 @coveralls