hbase

History

Andrew Purtell 10471944bd HBASE-26582 Prune use of Random and SecureRandom objects (#4118 ) Avoid the pattern where a Random object is allocated, used once or twice, and then left for GC. This pattern triggers warnings from some static analysis tools because this pattern leads to poor effective randomness. In a few cases we were legitimately suffering from this issue; in others a change is still good to reduce noise in analysis results. Use ThreadLocalRandom where there is no requirement to set the seed to gain good reuse. Where useful relax use of SecureRandom to simply Random or ThreadLocalRandom, which are unlikely to block if the system entropy pool is low, if we don't need crypographically strong randomness for the use case. The exception to this is normalization of use of Bytes#random to fill byte arrays with randomness. Because Bytes#random may be used to generate key material it must be backed by SecureRandom. Signed-off-by: Duo Zhang <zhangduo@apache.org>	2022-03-08 13:49:02 -08:00
..
src	HBASE-26582 Prune use of Random and SecureRandom objects (#4118 )	2022-03-08 13:49:02 -08:00
pom.xml	HBASE-26621 Set version as 3.0.0-alpha-3-SNAPSHOT in master (#3978 )	2021-12-24 14:20:32 +08:00

Andrew Purtell 10471944bd

HBASE-26582 Prune use of Random and SecureRandom objects (#4118 )

Avoid the pattern where a Random object is allocated, used once or twice, and
then left for GC. This pattern triggers warnings from some static analysis tools
because this pattern leads to poor effective randomness. In a few cases we were
legitimately suffering from this issue; in others a change is still good to
reduce noise in analysis results.

Use ThreadLocalRandom where there is no requirement to set the seed to gain
good reuse.

Where useful relax use of SecureRandom to simply Random or ThreadLocalRandom,
which are unlikely to block if the system entropy pool is low, if we don't need
crypographically strong randomness for the use case. The exception to this is
normalization of use of Bytes#random to fill byte arrays with randomness.
Because Bytes#random may be used to generate key material it must be backed by
SecureRandom.

Signed-off-by: Duo Zhang <zhangduo@apache.org>

2022-03-08 13:49:02 -08:00

src

HBASE-26582 Prune use of Random and SecureRandom objects (#4118 )

2022-03-08 13:49:02 -08:00

pom.xml

HBASE-26621 Set version as 3.0.0-alpha-3-SNAPSHOT in master (#3978 )

2021-12-24 14:20:32 +08:00