fix: use cryptographically secure random source

List-KR · Apr 6, 2024 · a28b33e · a28b33e
1 parent fc76c21
commit a28b33e
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/sources/src/adshield/validators.ts b/sources/src/adshield/validators.ts
@@ -1,3 +1,4 @@
+import cryptoRandomString from 'crypto-random-string'
 import {JustifyCallStack} from '../utils/call-stack.js'
 import {HasSubstringSetsInString} from '../utils/string.js'
 
@@ -18,7 +19,7 @@ export const AdshieldKeywords = [
 const AdshieldDomainsize = AdshieldDomains.length
 
 // eslint-disable-next-line no-bitwise
-export const GetRandomAdShieldHost = () => AdshieldDomains[(Math.random() * AdshieldDomainsize) >>> 0]
+export const GetRandomAdShieldHost = () => AdshieldDomains[(Number(cryptoRandomString({length: 16, type: 'numeric'})) * 0.0000000000000001 * AdshieldDomainsize) >>> 0]
 
 export const IsAdShieldCall = (Trace = JustifyCallStack()) => {
 	if (Trace.length === 0) {

diff --git a/sources/src/utils/secret.ts b/sources/src/utils/secret.ts
@@ -1,3 +1,4 @@
+import cryptoRandomString from 'crypto-random-string'
 import {AdshieldKeywords, IsAdShieldCall} from '../adshield/validators.js'
 import {Config} from '../config.js'
 import {GenerateCallStack} from './call-stack.js'
@@ -12,7 +13,7 @@ type Fomulate = ((...args: any[]) => any) & Function
 
 const Debug = CreateDebug('secret')
 
-export const Secret = (Date.now() * Math.random()).toString(36)
+export const Secret = cryptoRandomString({length: 20})
 
 export type ProtectedFunctionCreationOptions = Partial<{
 	Name: string;