I was told about a flaw in my Android code through Veracode analysis, and it was because of
File image = File.createTempFile(imageFileName, ".jpg", storageDir);
Where imageFileName is created from a JPEG_+TimeStamp.
I thought RandomSecure() was enough to bypass this test (As I thought this was used for randomness), but I checked the code and createTempFile is generated from
result = new File(tmpDirFile, prefix + Math.randomIntInternal() + suffix);
And I can't find info about this, is it better than RandomSecure? Is it true random?
Aucun commentaire:
Enregistrer un commentaire