diff --git a/opengrok-indexer/src/test/java/org/opengrok/indexer/web/DummyHttpServletRequest.java b/opengrok-indexer/src/test/java/org/opengrok/indexer/web/DummyHttpServletRequest.java index 19cc4ad09ec..ea29ea4723f 100644 --- a/opengrok-indexer/src/test/java/org/opengrok/indexer/web/DummyHttpServletRequest.java +++ b/opengrok-indexer/src/test/java/org/opengrok/indexer/web/DummyHttpServletRequest.java @@ -77,7 +77,7 @@ public long getCreationTime() { @Override public String getId() { - return RandomStringUtils.random(32, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_."); + return RandomStringUtils.secure().next(32, "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789-_."); } @Override diff --git a/opengrok-web/src/main/java/org/opengrok/web/api/v1/suggester/parser/SuggesterQueryDataParser.java b/opengrok-web/src/main/java/org/opengrok/web/api/v1/suggester/parser/SuggesterQueryDataParser.java index 82e5319e469..23e23cbb012 100644 --- a/opengrok-web/src/main/java/org/opengrok/web/api/v1/suggester/parser/SuggesterQueryDataParser.java +++ b/opengrok-web/src/main/java/org/opengrok/web/api/v1/suggester/parser/SuggesterQueryDataParser.java @@ -18,7 +18,7 @@ */ /* - * Copyright (c) 2018, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2018, 2025, Oracle and/or its affiliates. All rights reserved. */ package org.opengrok.web.api.v1.suggester.parser; @@ -110,11 +110,11 @@ private static ProcessedQueryData processQuery(final String text, final int care logger.log(Level.FINEST, "Processing suggester query: {0} at {1}", new Object[] {text, caretPosition}); - String randomIdentifier = RandomStringUtils. - randomAlphabetic(IDENTIFIER_LENGTH).toLowerCase(); // OK no ROOT + String randomIdentifier = RandomStringUtils.secure(). + nextAlphabetic(IDENTIFIER_LENGTH).toLowerCase(); // OK no ROOT while (text.contains(randomIdentifier)) { - randomIdentifier = RandomStringUtils. - randomAlphabetic(IDENTIFIER_LENGTH).toLowerCase(); // OK no ROOT + randomIdentifier = RandomStringUtils.secure(). + nextAlphabetic(IDENTIFIER_LENGTH).toLowerCase(); // OK no ROOT } String newText = new StringBuilder(text).insert(caretPosition, randomIdentifier).toString(); diff --git a/plugins/src/test/java/opengrok/auth/plugin/FalsePluginTest.java b/plugins/src/test/java/opengrok/auth/plugin/FalsePluginTest.java index 14c8ac7142d..eb80060872d 100644 --- a/plugins/src/test/java/opengrok/auth/plugin/FalsePluginTest.java +++ b/plugins/src/test/java/opengrok/auth/plugin/FalsePluginTest.java @@ -19,6 +19,7 @@ /* * Copyright (c) 2020, Chris Fraire . + * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved. */ package opengrok.auth.plugin; @@ -62,13 +63,13 @@ void shouldUnload() { @Test void shouldNotAllowRandomUserForAnyProject() { DummyHttpServletRequest req = new DummyHttpServletRequest(); - req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.randomAlphanumeric(8))); + req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.secure().nextAlphanumeric(8))); - Project randomProject = new Project(RandomStringUtils.randomAlphanumeric(10)); + Project randomProject = new Project(RandomStringUtils.secure().nextAlphanumeric(10)); boolean projectAllowed = plugin.isAllowed(req, randomProject); assertFalse(projectAllowed, "should not allow rando for random project 1"); - randomProject = new Project(RandomStringUtils.randomAlphanumeric(10)); + randomProject = new Project(RandomStringUtils.secure().nextAlphanumeric(10)); projectAllowed = plugin.isAllowed(req, randomProject); assertFalse(projectAllowed, "should not allow rando for random project 2"); } @@ -76,13 +77,13 @@ void shouldNotAllowRandomUserForAnyProject() { @Test void shouldNotAllowRandomUserForAnyGroup() { DummyHttpServletRequest req = new DummyHttpServletRequest(); - req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.randomAlphanumeric(8))); + req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.secure().nextAlphanumeric(8))); - Group randomGroup = new Group(RandomStringUtils.randomAlphanumeric(10)); + Group randomGroup = new Group(RandomStringUtils.secure().nextAlphanumeric(10)); boolean projectAllowed = plugin.isAllowed(req, randomGroup); assertFalse(projectAllowed, "should not allow rando for random group 1"); - randomGroup = new Group(RandomStringUtils.randomAlphanumeric(10)); + randomGroup = new Group(RandomStringUtils.secure().nextAlphanumeric(10)); projectAllowed = plugin.isAllowed(req, randomGroup); assertFalse(projectAllowed, "should not allow rando for random group 2"); } diff --git a/plugins/src/test/java/opengrok/auth/plugin/TruePluginTest.java b/plugins/src/test/java/opengrok/auth/plugin/TruePluginTest.java index a46872edf05..9dc891db514 100644 --- a/plugins/src/test/java/opengrok/auth/plugin/TruePluginTest.java +++ b/plugins/src/test/java/opengrok/auth/plugin/TruePluginTest.java @@ -19,6 +19,7 @@ /* * Copyright (c) 2020, Chris Fraire . + * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved. */ package opengrok.auth.plugin; @@ -62,13 +63,13 @@ void shouldUnload() { @Test void shouldAllowRandomUserForAnyProject() { DummyHttpServletRequest req = new DummyHttpServletRequest(); - req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.randomAlphanumeric(8))); + req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.secure().nextAlphanumeric(8))); - Project randomProject = new Project(RandomStringUtils.randomAlphanumeric(10)); + Project randomProject = new Project(RandomStringUtils.secure().nextAlphanumeric(10)); boolean projectAllowed = plugin.isAllowed(req, randomProject); assertTrue(projectAllowed, "should allow rando for random project 1"); - randomProject = new Project(RandomStringUtils.randomAlphanumeric(10)); + randomProject = new Project(RandomStringUtils.secure().nextAlphanumeric(10)); projectAllowed = plugin.isAllowed(req, randomProject); assertTrue(projectAllowed, "should allow rando for random project 2"); } @@ -76,13 +77,13 @@ void shouldAllowRandomUserForAnyProject() { @Test void shouldAllowRandomUserForAnyGroup() { DummyHttpServletRequest req = new DummyHttpServletRequest(); - req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.randomAlphanumeric(8))); + req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.secure().nextAlphanumeric(8))); - Group randomGroup = new Group(RandomStringUtils.randomAlphanumeric(10)); + Group randomGroup = new Group(RandomStringUtils.secure().nextAlphanumeric(10)); boolean projectAllowed = plugin.isAllowed(req, randomGroup); assertTrue(projectAllowed, "should allow rando for random group 1"); - randomGroup = new Group(RandomStringUtils.randomAlphanumeric(10)); + randomGroup = new Group(RandomStringUtils.secure().nextAlphanumeric(10)); projectAllowed = plugin.isAllowed(req, randomGroup); assertTrue(projectAllowed, "should allow rando for random group 2"); } diff --git a/plugins/src/test/java/opengrok/auth/plugin/UserWhiteListPluginTest.java b/plugins/src/test/java/opengrok/auth/plugin/UserWhiteListPluginTest.java index 20f46451ceb..e1f07379d8b 100644 --- a/plugins/src/test/java/opengrok/auth/plugin/UserWhiteListPluginTest.java +++ b/plugins/src/test/java/opengrok/auth/plugin/UserWhiteListPluginTest.java @@ -19,7 +19,7 @@ /* * Copyright (c) 2020, Chris Fraire . - * Copyright (c) 2020, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2020, 2025, Oracle and/or its affiliates. All rights reserved. */ package opengrok.auth.plugin; @@ -141,7 +141,7 @@ void shouldThrowOnLoadIfUnreadableFileSpecified(String param) { init(param); HashMap unreadablePluginParameters = new HashMap<>(); unreadablePluginParameters.put(UserWhiteListPlugin.FILE_PARAM, - RandomStringUtils.randomAlphanumeric(24)); + RandomStringUtils.secure().nextAlphanumeric(24)); IllegalArgumentException caughtException = null; try { @@ -188,8 +188,9 @@ void shouldStripWhitespaceFromWhitelists(String param) throws IOException { } // Make sure there as some entries with trailing spaces in the file. - Stream stream = Files.lines(tmpFile.toPath()); - assertTrue(stream.anyMatch(s -> s.startsWith(" ") || s.endsWith(" "))); + try (Stream stream = Files.lines(tmpFile.toPath())) { + assertTrue(stream.anyMatch(s -> s.startsWith(" ") || s.endsWith(" "))); + } pluginParameters.put(UserWhiteListPlugin.FILE_PARAM, tmpFile.toString()); plugin.load(pluginParameters); @@ -221,11 +222,11 @@ void shouldAllowWhitelistedUserForAnyProject(String param) { } req.setAttribute(UserPlugin.REQUEST_ATTR, user); - Project randomProject = new Project(RandomStringUtils.randomAlphanumeric(10)); + Project randomProject = new Project(RandomStringUtils.secure().nextAlphanumeric(10)); boolean projectAllowed = plugin.isAllowed(req, randomProject); assertTrue(projectAllowed, "should allow OK entity for random project 1"); - randomProject = new Project(RandomStringUtils.randomAlphanumeric(10)); + randomProject = new Project(RandomStringUtils.secure().nextAlphanumeric(10)); projectAllowed = plugin.isAllowed(req, randomProject); assertTrue(projectAllowed, "should allow OK entity for random project 2"); } @@ -237,13 +238,13 @@ void shouldNotAllowRandomUserForAnyProject(String param) { plugin.load(validPluginParameters); DummyHttpServletRequest req = new DummyHttpServletRequest(); - req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.randomAlphanumeric(8))); + req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.secure().nextAlphanumeric(8))); - Project randomProject = new Project(RandomStringUtils.randomAlphanumeric(10)); + Project randomProject = new Project(RandomStringUtils.secure().nextAlphanumeric(10)); boolean projectAllowed = plugin.isAllowed(req, randomProject); assertFalse(projectAllowed, "should not allow random user for random project 1"); - randomProject = new Project(RandomStringUtils.randomAlphanumeric(10)); + randomProject = new Project(RandomStringUtils.secure().nextAlphanumeric(10)); projectAllowed = plugin.isAllowed(req, randomProject); assertFalse(projectAllowed, "should not allow random user for random project 2"); } @@ -263,11 +264,11 @@ void shouldAllowWhitelistedUserForAnyGroup(String param) { } req.setAttribute(UserPlugin.REQUEST_ATTR, user); - Group randomGroup = new Group(RandomStringUtils.randomAlphanumeric(10)); + Group randomGroup = new Group(RandomStringUtils.secure().nextAlphanumeric(10)); boolean groupAllowed = plugin.isAllowed(req, randomGroup); assertTrue(groupAllowed, "should allow OK entity for random group 1"); - randomGroup = new Group(RandomStringUtils.randomAlphanumeric(10)); + randomGroup = new Group(RandomStringUtils.secure().nextAlphanumeric(10)); groupAllowed = plugin.isAllowed(req, randomGroup); assertTrue(groupAllowed, "should allow OK entity for random group 2"); } @@ -279,13 +280,13 @@ void shouldNotAllowRandomUserForAnyGroup(String param) { plugin.load(validPluginParameters); DummyHttpServletRequest req = new DummyHttpServletRequest(); - req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.randomAlphanumeric(8))); + req.setAttribute(UserPlugin.REQUEST_ATTR, new User(RandomStringUtils.secure().nextAlphanumeric(8))); - Group randomGroup = new Group(RandomStringUtils.randomAlphanumeric(10)); + Group randomGroup = new Group(RandomStringUtils.secure().nextAlphanumeric(10)); boolean projectAllowed = plugin.isAllowed(req, randomGroup); assertFalse(projectAllowed, "should not allow random group 1"); - randomGroup = new Group(RandomStringUtils.randomAlphanumeric(10)); + randomGroup = new Group(RandomStringUtils.secure().nextAlphanumeric(10)); projectAllowed = plugin.isAllowed(req, randomGroup); assertFalse(projectAllowed, "should not allow random group 2"); } diff --git a/plugins/src/test/java/opengrok/auth/plugin/util/DummyHttpServletRequestLdap.java b/plugins/src/test/java/opengrok/auth/plugin/util/DummyHttpServletRequestLdap.java index 4023db10f17..dfbc9cd7502 100644 --- a/plugins/src/test/java/opengrok/auth/plugin/util/DummyHttpServletRequestLdap.java +++ b/plugins/src/test/java/opengrok/auth/plugin/util/DummyHttpServletRequestLdap.java @@ -18,7 +18,7 @@ */ /* - * Copyright (c) 2016, 2021, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2016, 2025, Oracle and/or its affiliates. All rights reserved. */ package opengrok.auth.plugin.util; @@ -69,7 +69,7 @@ public String getId() { if ((user = (User) getAttribute(UserPlugin.REQUEST_ATTR)) != null) { return user.getUsername(); } - return RandomStringUtils.randomAlphanumeric(5); + return RandomStringUtils.secure().nextAlphanumeric(5); } @Override diff --git a/pom.xml b/pom.xml index d2f9df9784c..1e05e213c3a 100644 --- a/pom.xml +++ b/pom.xml @@ -72,7 +72,7 @@ Portions Copyright (c) 2018, 2020, Chris Fraire . 5.10.0 2.2 3.0.0-M5 - 3.13.0 + 3.18.0 1.14.1 5.17.0 2.14.0