Merge pull request #411 from Lukas-Nielsen/autofix/alert-5-9cb8bd043a

Fix code scanning alert no. 5: Creating biased random numbers from a cryptographically secure source
Lukas-Nielsen · Sep 27, 2024 · c3d5629 · c3d5629
2 parents 5c71343 + 361b14f
commit c3d5629
Showing 1 changed file with 11 additions and 4 deletions.
diff --git a/src/pages/Password.tsx b/src/pages/Password.tsx
@@ -145,7 +145,14 @@ const generatePassword = () => {
 const getPassword = (
 	length = 20,
 	characters = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz~!@-#$+*",
-) =>
-	Array.from(crypto.getRandomValues(new Uint32Array(length)))
-		.map((x) => characters[x % characters.length])
-		.join("");
+) => {
+	const password = [];
+	const maxMultiple = Math.floor(256 / characters.length) * characters.length;
+	while (password.length < length) {
+		const byte = crypto.getRandomValues(new Uint8Array(1))[0];
+		if (byte < maxMultiple) {
+			password.push(characters[byte % characters.length]);
+		}
+	}
+	return password.join("");
+};