github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-25 10:43:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(tlon): use crypto.randomUUID instead of Math.random for channel ID

Browse Source 
Fixes security test failure - Math.random is flagged as weak randomness.
This commit is contained in:
Hunter Miller
2026-02-23 09:43:31 -06:00
committed by Josh Lehman
parent 75cb9d0c8d
commit a84dacd2ba
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
extensions/tlon/src/channel.ts
View File

@@ -1,3 +1,4 @@
import crypto from "node:crypto";
import { configureClient } from "@tloncorp/api";
import type {
ChannelOutboundAdapter,
@@ -37,7 +38,7 @@ async function createHttpPokeApi(params: {
}) {
const ssrfPolicy = ssrfPolicyFromAllowPrivateNetwork(params.allowPrivateNetwork);
const cookie = await authenticate(params.url, params.code, { ssrfPolicy });
const channelId = `${Math.floor(Date.now() / 1000)}-${Math.random().toString(36).substring(2, 8)}`;
const channelId = `${Math.floor(Date.now() / 1000)}-${crypto.randomUUID()}`;
const channelUrl = `${params.url}/~/channel/${channelId}`;
const shipName = params.ship.replace(/^~/, "");