From 25b45a00ea5fc3ceb83fb973f527c8e911749c48 Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Fri, 22 Nov 2024 03:36:44 +0000
Subject: [PATCH] Introduced protections against predictable RNG abuse

---
 .../owncloud/android/datamodel/UploadStorageManagerTest.java  | 3 ++-
 .../java/com/owncloud/android/util/EncryptionTestIT.java      | 4 ++--
 2 files changed, 4 insertions(+), 3 deletions(-)

diff --git a/app/src/androidTest/java/com/owncloud/android/datamodel/UploadStorageManagerTest.java b/app/src/androidTest/java/com/owncloud/android/datamodel/UploadStorageManagerTest.java
index 3d7d52b4c96a..3fb33c685cd2 100644
--- a/app/src/androidTest/java/com/owncloud/android/datamodel/UploadStorageManagerTest.java
+++ b/app/src/androidTest/java/com/owncloud/android/datamodel/UploadStorageManagerTest.java
@@ -26,6 +26,7 @@
 import com.owncloud.android.files.services.NameCollisionPolicy;
 import com.owncloud.android.lib.common.accounts.AccountUtils;
 import com.owncloud.android.operations.UploadFileOperation;
+import java.security.SecureRandom;
 
 import org.junit.After;
 import org.junit.Before;
@@ -200,7 +201,7 @@ private OCUpload createUpload(Account account) {
                                            generateUniqueNumber(),
                                        account.name);
 
-        upload.setFileSize(new Random().nextInt(20000) * 10000);
+        upload.setFileSize(new SecureRandom().nextInt(20000) * 10000);
         upload.setUploadStatus(UploadsStorageManager.UploadStatus.UPLOAD_IN_PROGRESS);
         upload.setLocalAction(2);
         upload.setNameCollisionPolicy(NameCollisionPolicy.ASK_USER);
diff --git a/app/src/androidTest/java/com/owncloud/android/util/EncryptionTestIT.java b/app/src/androidTest/java/com/owncloud/android/util/EncryptionTestIT.java
index 5914e09a018d..0cbbd8df1ce7 100644
--- a/app/src/androidTest/java/com/owncloud/android/util/EncryptionTestIT.java
+++ b/app/src/androidTest/java/com/owncloud/android/util/EncryptionTestIT.java
@@ -199,7 +199,7 @@ public void encryptStringSymmetricRandom() throws Exception {
             byte[] key = generateKey();
 
             String encryptedString;
-            if (new Random().nextBoolean()) {
+            if (new SecureRandom().nextBoolean()) {
                 encryptedString = EncryptionUtils.encryptStringSymmetricAsString(privateKey, key);
             } else {
                 encryptedString = EncryptionUtils.encryptStringSymmetricAsStringOld(privateKey, key);
@@ -262,7 +262,7 @@ public void encryptPrivateKey() throws Exception {
             String privateKeyString = encodeBytesToBase64String(privateKeyBytes);
 
             String encryptedString;
-            if (new Random().nextBoolean()) {
+            if (new SecureRandom().nextBoolean()) {
                 encryptedString = EncryptionUtils.encryptPrivateKey(privateKeyString, keyPhrase);
             } else {
                 encryptedString = EncryptionUtils.encryptPrivateKeyOld(privateKeyString, keyPhrase);