added pseudorandom generator

2022-11-06 15:26:34 +02:00
parent 46dc6cc47c
commit 4cddb6b5cb
9 changed files with 89 additions and 47 deletions
@@ -133,7 +133,7 @@ func (f FilterData) resolveToken(token fexpr.Token, fieldResolver FieldResolver)
 		// current datetime constant
 		// ---
 		if token.Literal == "@now" {
-			placeholder := "t" + security.RandomString(7)
+			placeholder := "t" + security.PseudoRandomString(8)
 			name := fmt.Sprintf("{:%s}", placeholder)
 			params := dbx.Params{placeholder: types.NowDateTime().String()}

@@ -161,13 +161,13 @@ func (f FilterData) resolveToken(token fexpr.Token, fieldResolver FieldResolver)

 		return name, params, err
 	case fexpr.TokenText:
-		placeholder := "t" + security.RandomString(7)
+		placeholder := "t" + security.PseudoRandomString(8)
 		name := fmt.Sprintf("{:%s}", placeholder)
 		params := dbx.Params{placeholder: token.Literal}

 		return name, params, nil
 	case fexpr.TokenNumber:
-		placeholder := "t" + security.RandomString(7)
+		placeholder := "t" + security.PseudoRandomString(8)
 		name := fmt.Sprintf("{:%s}", placeholder)
 		params := dbx.Params{placeholder: cast.ToFloat64(token.Literal)}

@@ -1,18 +1,18 @@
 package security

 import (
-	"crypto/rand"
+	cryptoRand "crypto/rand"
 	"math/big"
+	mathRand "math/rand"
 )

-// RandomString generates a random string with the specified length.
-//
-// The generated string is cryptographically random and matches
-// [A-Za-z0-9]+ (aka. it's transparent to URL-encoding).
-func RandomString(length int) string {
-	const alphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+const defaultRandomAlphabet = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"

-	return RandomStringWithAlphabet(length, alphabet)
+// RandomString generates a cryptographically random string with the specified length.
+//
+// The generated string matches [A-Za-z0-9]+ and it's transparent to URL-encoding.
+func RandomString(length int) string {
+	return RandomStringWithAlphabet(length, defaultRandomAlphabet)
 }

 // RandomStringWithAlphabet generates a cryptographically random string
@@ -24,7 +24,7 @@ func RandomStringWithAlphabet(length int, alphabet string) string {
 	max := big.NewInt(int64(len(alphabet)))

 	for i := range b {
-		n, err := rand.Int(rand.Reader, max)
+		n, err := cryptoRand.Int(cryptoRand.Reader, max)
 		if err != nil {
 			panic(err)
 		}
@@ -33,3 +33,27 @@ func RandomStringWithAlphabet(length int, alphabet string) string {

 	return string(b)
 }
+
+// RandomString generates a pseudorandom string with the specified length.
+//
+// The generated string matches [A-Za-z0-9]+ and it's transparent to URL-encoding.
+//
+// For a cryptographically random string (but a little bit slower) use PseudoRandomString instead.
+func PseudoRandomString(length int) string {
+	return RandomStringWithAlphabet(length, defaultRandomAlphabet)
+}
+
+// PseudoRandomStringWithAlphabet generates a pseudorandom string
+// with the specified length and characters set.
+//
+// For a cryptographically random (but a little bit slower) use RandomStringWithAlphabet instead.
+func PseudoRandomStringWithAlphabet(length int, alphabet string) string {
+	b := make([]byte, length)
+	max := len(alphabet)
+
+	for i := range b {
+		b[i] = alphabet[mathRand.Intn(max)]
+	}
+
+	return string(b)
+}
@@ -8,47 +8,39 @@ import (
 )

 func TestRandomString(t *testing.T) {
-	generated := []string{}
-	reg := regexp.MustCompile(`[a-zA-Z0-9]+`)
-	length := 10
-
-	for i := 0; i < 100; i++ {
-		result := security.RandomString(length)
-
-		if len(result) != length {
-			t.Fatalf("(%d) Expected the length of the string to be %d, got %d", i, length, len(result))
-		}
-
-		if match := reg.MatchString(result); !match {
-			t.Fatalf("(%d) The generated string should have only [a-zA-Z0-9]+ characters, got %q", i, result)
-		}
-
-		for _, str := range generated {
-			if str == result {
-				t.Fatalf("(%d) Repeating random string - found %q in \n%v", i, result, generated)
-			}
-		}
-
-		generated = append(generated, result)
-	}
+	testRandomString(t, security.RandomString)
 }

 func TestRandomStringWithAlphabet(t *testing.T) {
+	testRandomStringWithAlphabet(t, security.RandomStringWithAlphabet)
+}
+
+func TestPseudoRandomString(t *testing.T) {
+	testRandomString(t, security.PseudoRandomString)
+}
+
+func TestPseudoRandomStringWithAlphabet(t *testing.T) {
+	testRandomStringWithAlphabet(t, security.PseudoRandomStringWithAlphabet)
+}
+
+// -------------------------------------------------------------------
+
+func testRandomStringWithAlphabet(t *testing.T, randomFunc func(n int, alphabet string) string) {
 	scenarios := []struct {
 		alphabet      string
 		expectPattern string
 	}{
 		{"0123456789_", `[0-9_]+`},
-		{"abcd", `[abcd]+`},
+		{"abcdef", `[abcdef]+`},
 		{"!@#$%^&*()", `[\!\@\#\$\%\^\&\*\(\)]+`},
 	}

 	for i, s := range scenarios {
-		generated := make([]string, 0, 100)
+		generated := make([]string, 0, 1000)
 		length := 10

-		for j := 0; j < 100; j++ {
-			result := security.RandomStringWithAlphabet(length, s.alphabet)
+		for j := 0; j < 1000; j++ {
+			result := randomFunc(length, s.alphabet)

 			if len(result) != length {
 				t.Fatalf("(%d:%d) Expected the length of the string to be %d, got %d", i, j, length, len(result))
@@ -69,3 +61,29 @@ func TestRandomStringWithAlphabet(t *testing.T) {
 		}
 	}
 }
+
+func testRandomString(t *testing.T, randomFunc func(n int) string) {
+	generated := make([]string, 0, 1000)
+	reg := regexp.MustCompile(`[a-zA-Z0-9]+`)
+	length := 10
+
+	for i := 0; i < 1000; i++ {
+		result := randomFunc(length)
+
+		if len(result) != length {
+			t.Fatalf("(%d) Expected the length of the string to be %d, got %d", i, length, len(result))
+		}
+
+		if match := reg.MatchString(result); !match {
+			t.Fatalf("(%d) The generated string should have only [a-zA-Z0-9]+ characters, got %q", i, result)
+		}
+
+		for _, str := range generated {
+			if str == result {
+				t.Fatalf("(%d) Repeating random string - found %q in \n%v", i, result, generated)
+			}
+		}
+
+		generated = append(generated, result)
+	}
+}