Introduced protections against predictable RNG abuse (#7)

pixeebot[bot] · web-flow · commit b392edb5e6a6 · 2024-05-03T11:41:09.000-04:00
Co-authored-by: pixeebot[bot] &lt;104101892+pixeebot[bot]@users.noreply.github.com&gt;
diff --git a/Ghidra/Features/BytePatterns/src/main/java/ghidra/bytepatterns/bitcluster/FacePatterns.java b/Ghidra/Features/BytePatterns/src/main/java/ghidra/bytepatterns/bitcluster/FacePatterns.java
@@ -17,6 +17,7 @@
 
 import java.io.IOException;
 import java.io.Writer;
+import java.security.SecureRandom;
 import java.util.*;
 
 public class FacePatterns {
@@ -138,7 +139,7 @@ public void outputTopPatterns(Writer writer) throws IOException {
 	//Samples a list of byte sequences.
 	static private ArrayList<byte[]> sample(ArrayList<byte[]> li, int numOfSamples) {
 		ArrayList<byte[]> result = new ArrayList<byte[]>();
-		Random rand = new Random();
+		Random rand = new SecureRandom();
 		for (int s = 0; s < numOfSamples; s++) {
 			int r = rand.nextInt(li.size());
 			result.add(li.get(r));
diff --git a/Ghidra/Features/CodeCompare/src/main/java/ghidra/feature/vt/api/correlator/address/DebugUtils.java b/Ghidra/Features/CodeCompare/src/main/java/ghidra/feature/vt/api/correlator/address/DebugUtils.java
@@ -16,6 +16,7 @@
 package ghidra.feature.vt.api.correlator.address;
 
 import java.awt.Color;
+import java.security.SecureRandom;
 import java.util.*;
 import java.util.Map.Entry;
 
@@ -163,7 +164,7 @@ private static IntRangeMap getColorRangeMap(Program program, boolean create) {
 		return map;
 	}
 
-	private static Random RAND = new Random();
+	private static Random RAND = new SecureRandom();
 
 	private static Color pickColor(CorrelationContainer container) {
 		float saturation;
diff --git a/Ghidra/Features/FileFormats/src/main/java/ghidra/file/formats/android/dex/DexToSmaliFileSystem.java b/Ghidra/Features/FileFormats/src/main/java/ghidra/file/formats/android/dex/DexToSmaliFileSystem.java
@@ -18,6 +18,7 @@
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.AccessMode;
+import java.security.SecureRandom;
 import java.util.*;
 
 import org.apache.commons.io.FileUtils;
@@ -89,7 +90,7 @@ public boolean isValid(TaskMonitor monitor) throws IOException {
 	public void open(TaskMonitor monitor) throws IOException, CryptoException, CancelledException {
 		monitor.setMessage("Converting DEX to SMALI...");
 
-		int rand = new Random().nextInt() & 0xffff;
+		int rand = new SecureRandom().nextInt() & 0xffff;
 		File outputDir = new File(Application.getUserTempDirectory(), "ghidra_file_system_" + rand);
 
 		DexFile dexFile =
diff --git a/Ghidra/Framework/DB/src/main/java/db/buffers/LocalBufferFile.java b/Ghidra/Framework/DB/src/main/java/db/buffers/LocalBufferFile.java
@@ -16,6 +16,7 @@
 package db.buffers;
 
 import java.io.*;
+import java.security.SecureRandom;
 import java.util.*;
 
 import ghidra.framework.Application;
@@ -45,7 +46,7 @@ public class LocalBufferFile implements BufferFile {
 // ?? Should be changed !!
 	private static final int MINIMUM_BLOCK_SIZE = 128;
 
-	private static final Random random = new Random();
+	private static final Random random = new SecureRandom();
 
 	/**
 	 * Current file header format version number.
