minor symfony#57746 do not use uniqid() for generating dev tool tokens (xabbuh)

This PR was merged into the 7.2 branch.

Discussion
----------

do not use `uniqid()` for generating dev tool tokens

| Q             | A
| ------------- | ---
| Branch?       | 7.2
| Bug fix?      | no
| New feature?  | no
| Deprecations? | no
| Issues        | part of symfony#57588
| License       | MIT

Commits
-------

5ad7ab9 do not use uniqid() for generating dev tool tokens

Author: nicolas-grekas

src/Symfony/Bundle/FrameworkBundle/EventListener/ConsoleProfilerListener.php

@@ -77,7 +77,7 @@ public function initialize(ConsoleCommandEvent $event): void
             return;
         }
 
-        $request->attributes->set('_stopwatch_token', substr(hash('xxh128', uniqid(mt_rand(), true)), 0, 6));
+        $request->attributes->set('_stopwatch_token', bin2hex(random_bytes(3)));
         $this->stopwatch->openSection();
     }
 

src/Symfony/Component/HttpKernel/Debug/TraceableEventDispatcher.php

@@ -27,7 +27,7 @@ protected function beforeDispatch(string $eventName, object $event): void
     {
         switch ($eventName) {
             case KernelEvents::REQUEST:
-                $event->getRequest()->attributes->set('_stopwatch_token', substr(hash('xxh128', uniqid(mt_rand(), true)), 0, 6));
+                $event->getRequest()->attributes->set('_stopwatch_token', bin2hex(random_bytes(3)));
                 $this->stopwatch->openSection();
                 break;
             case KernelEvents::VIEW:

src/Symfony/Component/HttpKernel/Profiler/Profiler.php

@@ -133,7 +133,7 @@ public function collect(Request $request, Response $response, ?\Throwable $excep
             return null;
         }
 
-        $profile = new Profile(substr(hash('xxh128', uniqid(mt_rand(), true)), 0, 6));
+        $profile = new Profile(bin2hex(random_bytes(3)));
         $profile->setTime(time());
         $profile->setUrl($request->getUri());
         $profile->setMethod($request->getMethod());

src/Symfony/Component/Serializer/Debug/TraceableSerializer.php

@@ -37,7 +37,7 @@ public function __construct(
 
     public function serialize(mixed $data, string $format, array $context = []): string
     {
-        $context[self::DEBUG_TRACE_ID] = $traceId = uniqid('', true);
+        $context[self::DEBUG_TRACE_ID] = $traceId = bin2hex(random_bytes(4));
 
         $startTime = microtime(true);
         $result = $this->serializer->serialize($data, $format, $context);
@@ -52,7 +52,7 @@ public function serialize(mixed $data, string $format, array $context = []): str
 
     public function deserialize(mixed $data, string $type, string $format, array $context = []): mixed
     {
-        $context[self::DEBUG_TRACE_ID] = $traceId = uniqid('', true);
+        $context[self::DEBUG_TRACE_ID] = $traceId = bin2hex(random_bytes(4));
 
         $startTime = microtime(true);
         $result = $this->serializer->deserialize($data, $type, $format, $context);
@@ -67,7 +67,7 @@ public function deserialize(mixed $data, string $type, string $format, array $co
 
     public function normalize(mixed $object, ?string $format = null, array $context = []): array|string|int|float|bool|\ArrayObject|null
     {
-        $context[self::DEBUG_TRACE_ID] = $traceId = uniqid('', true);
+        $context[self::DEBUG_TRACE_ID] = $traceId = bin2hex(random_bytes(4));
 
         $startTime = microtime(true);
         $result = $this->serializer->normalize($object, $format, $context);
@@ -82,7 +82,7 @@ public function normalize(mixed $object, ?string $format = null, array $context
 
     public function denormalize(mixed $data, string $type, ?string $format = null, array $context = []): mixed
     {
-        $context[self::DEBUG_TRACE_ID] = $traceId = uniqid('', true);
+        $context[self::DEBUG_TRACE_ID] = $traceId = bin2hex(random_bytes(4));
 
         $startTime = microtime(true);
         $result = $this->serializer->denormalize($data, $type, $format, $context);
@@ -97,7 +97,7 @@ public function denormalize(mixed $data, string $type, ?string $format = null, a
 
     public function encode(mixed $data, string $format, array $context = []): string
     {
-        $context[self::DEBUG_TRACE_ID] = $traceId = uniqid('', true);
+        $context[self::DEBUG_TRACE_ID] = $traceId = bin2hex(random_bytes(4));
 
         $startTime = microtime(true);
         $result = $this->serializer->encode($data, $format, $context);
@@ -112,7 +112,7 @@ public function encode(mixed $data, string $format, array $context = []): string
 
     public function decode(string $data, string $format, array $context = []): mixed
     {
-        $context[self::DEBUG_TRACE_ID] = $traceId = uniqid('', true);
+        $context[self::DEBUG_TRACE_ID] = $traceId = bin2hex(random_bytes(4));
 
         $startTime = microtime(true);
         $result = $this->serializer->decode($data, $format, $context);