Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

refactor: Java Security Ultimate Security Repo Scanner 2023 #268

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

refactor: Java Security Ultimate Security Repo Scanner 2023 #268

wants to merge 1 commit into from

Conversation

caytec
Copy link

@caytec caytec commented Oct 18, 2023

@caytec @TeamModerne
refactor: Java Security Ultimate Security Repo Scanner 2023
7110058 
Disclaimer: Automated Commit Alert

Please be aware that this commit, generated through automated processes, may contain false alerts or not be precisely targeted. This automated commit is part of a large-scale effort to enhance software security over time. It is sent to various repositories to improve code quality and security. Exercise caution when reviewing the changes, and ensure that any necessary adjustments are made to maintain the integrity and functionality of the software.

Use this link to re-run the recipe: https://app.moderne.io/recipes/builder/TkgUEiqd7?organizationId=RWNsaXBzZSBGb3VuZGF0aW9u

Co-authored-by: Moderne <[email protected]>
ptziegler
ptziegler reviewed Oct 18, 2023
View reviewed changes
org.eclipse.draw2d/src/org/eclipse/draw2d/graph/RankSorter.java
@@ -22,7 +23,7 @@
*/
class RankSorter {

Random flipflop = new Random(3);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

SecureRandom can be significantly slower than the plain old Random. Do we really need a cryptographically strong generator here?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By the looks of it, this change is redundant because randomization here is not used for any security purposes and possibly slows the overall performance of the sorter.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Optimization cases which can risk in outages are also made in scope of understanding the data through the lenses of great mixture of AI and software engineering. That's the though worth taking to considerations, as sometimes he can be kinda silly and send either very serious stuff or very chill like that ;)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think only zip folder change can be viable here, could you update the pr to not include SecureRandom changes?

@ptziegler
Copy link
Contributor

Thank you for your contribution! It seems like you first need to sign the ECA before we can accept this contribution, .

@caytec
Copy link
Author

caytec commented Oct 18, 2023

Yes. I sorted this out already I think. Thanks guys for letting me know! First time contributing here, so yeah :')

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ptziegler ptziegler ptziegler left review comments

@Destrolaric Destrolaric Destrolaric left review comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@caytec @ptziegler @Destrolaric