hbase/hbase-zookeeper
Andrew Purtell 5386325acd HBASE-26582 Prune use of Random and SecureRandom objects (#4118)
Avoid the pattern where a Random object is allocated, used once or twice, and
then left for GC. This pattern triggers warnings from some static analysis tools
because this pattern leads to poor effective randomness. In a few cases we were
legitimately suffering from this issue; in others a change is still good to
reduce noise in analysis results.

Use ThreadLocalRandom where there is no requirement to set the seed to gain
good reuse.

Where useful relax use of SecureRandom to simply Random or ThreadLocalRandom,
which are unlikely to block if the system entropy pool is low, if we don't need
crypographically strong randomness for the use case. The exception to this is
normalization of use of Bytes#random to fill byte arrays with randomness.
Because Bytes#random may be used to generate key material it must be backed by
SecureRandom.

Signed-off-by: Duo Zhang <zhangduo@apache.org>
2022-03-11 15:06:48 +08:00
..
src HBASE-26582 Prune use of Random and SecureRandom objects (#4118) 2022-03-11 15:06:48 +08:00
pom.xml HBASE-26691 Replacing log4j with reload4j for branch-2.x (#4050) 2022-03-04 12:08:36 -08:00