From 34c2a1ff4b9e17d703f5052027a9d6ab93ef477e Mon Sep 17 00:00:00 2001
From: API2 <164052842+long2005a1@users.noreply.github.com>
Date: Mon, 25 Nov 2024 11:09:53 +0000
Subject: [PATCH] =?UTF-8?q?feat=EF=BC=88security=EF=BC=89=EF=BC=9A?=
 =?UTF-8?q?=E4=BD=BF=E7=94=A8=E5=8A=A0=E5=AF=86=20rand=20=E7=94=9F?=
 =?UTF-8?q?=E6=88=90=E9=9A=8F=E6=9C=BA=E5=AD=97=E7=AC=A6=E4=B8=B2=20?=
 =?UTF-8?q?=EF=BC=88#7525)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 pkg/utils/random/random.go | 19 +++++++++++++------
 1 file changed, 13 insertions(+), 6 deletions(-)

diff --git a/pkg/utils/random/random.go b/pkg/utils/random/random.go
index 65fbf14a0d3..c3f3dd48377 100644
--- a/pkg/utils/random/random.go
+++ b/pkg/utils/random/random.go
@@ -1,20 +1,27 @@
 package random
 
 import (
-	"math/rand"
+	"crypto/rand"
+	"math/big"
+	mathRand "math/rand"
 	"time"
 
 	"github.com/google/uuid"
 )
 
-var Rand *rand.Rand
+var Rand *mathRand.Rand
 
 const letterBytes = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
 
 func String(n int) string {
 	b := make([]byte, n)
+	letterLen := big.NewInt(int64(len(letterBytes)))
 	for i := range b {
-		b[i] = letterBytes[Rand.Intn(len(letterBytes))]
+		idx, err := rand.Int(rand.Reader, letterLen)
+		if err != nil {
+			panic(err)
+		}
+		b[i] = letterBytes[idx.Int64()]
 	}
 	return string(b)
 }
@@ -24,10 +31,10 @@ func Token() string {
 }
 
 func RangeInt64(left, right int64) int64 {
-	return rand.Int63n(left+right) - left
+	return mathRand.Int63n(left+right) - left
 }
 
 func init() {
-	s := rand.NewSource(time.Now().UnixNano())
-	Rand = rand.New(s)
+	s := mathRand.NewSource(time.Now().UnixNano())
+	Rand = mathRand.New(s)
 }