fix: 修复 AESUtils.getRandomString 使用不安全的 Random，改为 SecureRandom

2026-06-10 15:37:28 +00:00 · 2026-05-29 02:40:32 +08:00
parent 1dddec110e
commit 4586138bf1
1 changed files with 1 additions and 2 deletions
--- a/parser/src/main/java/cn/qaiu/util/AESUtils.java
+++ b/parser/src/main/java/cn/qaiu/util/AESUtils.java
@@ -14,7 +14,6 @@ import java.security.spec.X509EncodedKeySpec;
 import java.util.Base64;
 import java.util.Date;
 import java.util.HexFormat;
-import java.util.Random;
 import java.util.regex.Matcher;
 import java.util.regex.Pattern;

@@ -299,7 +298,7 @@ public class AESUtils {
    //length用户要求产生字符串的长度
    public static String getRandomString(int length){
        String str="abcdefghijklmnopqrstuvwxyz0123456789";
-        Random random=new Random();
+        SecureRandom random=new SecureRandom();
        StringBuilder sb=new StringBuilder();
        for(int i=0;i<length;i++){
            int number=random.nextInt(36);