We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 066f3b6 commit 56dff85Copy full SHA for 56dff85
javascript/ql/src/Security/CWE-338/examples/InsecureRandomness_fixed.js
@@ -2,5 +2,7 @@ function securePassword() {
2
// GOOD: the random suffix is cryptographically secure
3
var suffix = window.crypto.getRandomValues(new Uint32Array(1))[0];
4
var password = "myPassword" + suffix;
5
- return password;
+
6
+ // GOOD: if a random value between 0 and 1 is desired
7
+ var secret = window.crypto.getRandomValues(new Uint32Array(1))[0] * Math.pow(2,-32);
8
}
0 commit comments