calvin.erfmann/pangolin
1
0
Fork 0
mirror of https://github.com/fosrl/pangolin.git synced 2026-06-06 07:38:46 +00:00
Code Issues Packages Projects Releases Wiki Activity

Potential fix for pull request finding 'CodeQL / Insecure randomness'

Browse Source 
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
This commit is contained in:
Owen Schwartz
2026-06-04 10:33:15 -07:00
committed by GitHub
parent 6c4cbcab5d
commit 01361884eb
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
server/private/routers/ssh/signSshKey.ts
View File

@@ -12,6 +12,7 @@
*/ */
import { Request, Response, NextFunction } from "express"; import { Request, Response, NextFunction } from "express";
import { randomInt } from "crypto";
import { z } from "zod"; import { z } from "zod";
import { import {
actionAuditLog, actionAuditLog,
@@ -392,7 +393,7 @@ export async function signSshKey(
if (existingUserWithSameName) { if (existingUserWithSameName) {
let foundUniqueUsername = false; let foundUniqueUsername = false;
for (let attempt = 0; attempt < 20; attempt++) { for (let attempt = 0; attempt < 20; attempt++) {
const randomNum = Math.floor(Math.random() * 101); // 0 to 100 const randomNum = randomInt(0, 101); // 0 to 100
const candidateUsername = `${usernameToUse}${randomNum}`; const candidateUsername = `${usernameToUse}${randomNum}`;
const [existingUser] = await db const [existingUser] = await db