Math.random() usage

Question

Math.random() usage

swetha8612 opened this issue a year ago · 3 comments

As part of our company's security policy, we run all our application through fortify scan. Fortify scan raised a flag where Math.random() has been used in this package. It is suggesting to replace with window.crypto.getRandomValues(new Uint32Array(10))[0]. Could you please have a look. Thank you.

Answer 1 · 2023-12-15T14:20:04.000Z

the only place Math.random is used is to randomise the Redux internal actions, to ensure developers don't try and respond to them specifically. This is not anything that should be of a security concern.

Answer 2 · 2023-12-15T14:21:30.000Z

Also, having prior experience with Fortify, I can vouch that many of its rules are stupid, and this one in particular.

Answer 3 · 2023-12-15T14:24:05.000Z

Thank you for confirming.