Skip to content

Commit 36f04af

Browse files
jkyberneeesgithub-advanced-security[bot]
jkyberneees
and
github-advanced-security[bot]
authored
Potential fix for code scanning alert no. 3: Insecure randomness
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
1 parent 86a823b commit 36f04af

1 file changed

Lines changed: 4 additions & 1 deletion

File tree

src/load-balancer/http-load-balancer.ts

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -10,6 +10,7 @@ import type {
1010
} from '../interfaces/load-balancer'
1111
import type { Logger } from '../interfaces/logger'
1212
import { defaultLogger } from '../logger/pino-logger'
13+
import * as crypto from 'crypto';
1314

1415
/**
1516
* Internal target with additional tracking data
@@ -421,7 +422,9 @@ export class HttpLoadBalancer implements LoadBalancer {
421422
}
422423

423424
private generateSessionId(): string {
424-
return Math.random().toString(36).substring(2) + Date.now().toString(36)
425+
const randomPart = crypto.randomBytes(16).toString('hex'); // 16 bytes = 32 hex characters
426+
const timestampPart = Date.now().toString(36);
427+
return randomPart + timestampPart;
425428
}
426429

427430
private getClientId(request: Request): string {

0 commit comments

Comments
 (0)