Skip to content

Commit 56dff85

Browse files
committed
add an example of how to get a floating point value between 0 and 1
1 parent 066f3b6 commit 56dff85

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

javascript/ql/src/Security/CWE-338/examples/InsecureRandomness_fixed.js

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -2,5 +2,7 @@ function securePassword() {
22
// GOOD: the random suffix is cryptographically secure
33
var suffix = window.crypto.getRandomValues(new Uint32Array(1))[0];
44
var password = "myPassword" + suffix;
5-
return password;
5+
6+
// GOOD: if a random value between 0 and 1 is desired
7+
var secret = window.crypto.getRandomValues(new Uint32Array(1))[0] * Math.pow(2,-32);
68
}

0 commit comments

Comments
 (0)