add an example of how to get a floating point value between 0 and 1

erik-krogh · erik-krogh · commit 56dff8540f78 · 2024-05-16T11:15:07.000+02:00
diff --git a/javascript/ql/src/Security/CWE-338/examples/InsecureRandomness_fixed.js b/javascript/ql/src/Security/CWE-338/examples/InsecureRandomness_fixed.js
@@ -2,5 +2,7 @@ function securePassword() {
     // GOOD: the random suffix is cryptographically secure
     var suffix = window.crypto.getRandomValues(new Uint32Array(1))[0];
     var password = "myPassword" + suffix;
-    return password;
+    
+    // GOOD: if a random value between 0 and 1 is desired
+    var secret = window.crypto.getRandomValues(new Uint32Array(1))[0] * Math.pow(2,-32);
 }

Original file line number	Diff line number	Diff line change
`@@ -2,5 +2,7 @@ function securePassword() {`
`2`	`2`	`// GOOD: the random suffix is cryptographically secure`
`3`	`3`	`var suffix = window.crypto.getRandomValues(new Uint32Array(1))[0];`
`4`	`4`	`var password = "myPassword" + suffix;`
`5`		`- return password;`
	`5`	`+`
	`6`	`+ // GOOD: if a random value between 0 and 1 is desired`
	`7`	`+ var secret = window.crypto.getRandomValues(new Uint32Array(1))[0] * Math.pow(2,-32);`
`6`	`8`	`}`