-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Fix generation of alphanumeric strings #21
Conversation
I think it would be possible (though statistically rare) for the above to produce a string of all digits (with no alphabetic characters). Is that okay? One way you could do the algorithm that might not need the
That way you can always be sure that at least one character is a digit, but it's not predictable which character is the digit, or which digit is in that space. And thank you for finding and fixing this issue! |
I'm currently changing the approach I was following to make it even simpler. Sorry for the delay!! |
Work in progress ⬆️ |
Fixed.
I think now it's better, thanks for the tip @technosophos. |
randomstringutils.go
Outdated
if err != nil { | ||
return "", fmt.Errorf("Error: %s", err) | ||
} | ||
match, _ := regexp.MatchString("([0-9]+)", RandomString) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The only thing that catches my attention about this approach is the use of _ to avoid dealing with the error. The error is returned if the regex doesn't compile which shouldn't be an issue. But, gometalinter (and obviously one of the linters it uses) notes the issue.
I don't know that I mind this approach since I would be shocked if this regex didn't compile somewhere. This is more a note for myself if I ever get this setup working through a linter.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yeah, a panic-on-error is probably a good approach here. But I don't know that that would necessarily prevent us from merging.
@dbarranco would you mind capturing the error here and just doing something like:
if err != nil {
panic(err)
}
That way if another dev (ahem, most likely me) comes along and breaks the regexp, we'll get an early warning.
Thanks for the fast review @mattfarina @technosophos ! Just added your feedback, ping me if you find suitable add more warnings near the panic. Regards! |
LGTM. Anything else @mattfarina ? Or are we ready to merge? |
@dbarranco @technosophos I released v1.0.1 with this change. |
Thanks! @mattfarina @technosophos :) |
Hi all!
I found an issue in the kubernetes helm charts due to the generation of alpha numeric strings.
Currently, the helm chart of Magento is using the
randAlphaNum
to generate the password of the application in the secrets.yaml:magento-password: {{ randAlphaNum 10 | b64enc | quote }}
In each deploy Magento checks if the password of the application is alpha numeric, and following your library and making a simple test I can see that not every time the string generated is alpha numeric. Here you can see a simple script that generates random alpha numeric strings:
And one of the outputs of this test:
So each time the random string generated is not alpha numeric, you will see this error in the helm chart of Magento:
It would be nice to add this to the repo in order to generate always alpha numeric strings. Another solution of this will be concatenating a random string of numbers and a random string of characters in the helm template of the password of Magento, but that would decrease the entropy of the password, making it easier to hack.
Best regards!