CWE-330 | Use of Insufficiently Random Values

[mr-africa]

Hello!

My react native android app was audited by some security company. And they have found an issue in sentry-java codebase. I know it's a weird issue and it's ok to use insecure random not in cipher algorithms. But my employer require to fix these issues.

Could you change please

import java.util.Random;

to

 import java.security.SecureRandom;

in files:

https://github.com/getsentry/sentry-java/blob/main/sentry/src/main/java/io/sentry/SentryClient.java#L19

and

https://github.com/getsentry/sentry-java/blob/main/sentry/src/main/java/io/sentry/TracesSampler.java#L4

[marandaneto]

@mr-africa changing does not hurt either, thanks for reporting.
would you like to submit a PR?

[mr-africa]

@marandaneto I submitted a pull request. But I don't know how to test my changes it could you review it and test if possible.

[mr-africa]

@marandaneto Can I ask one more question. When these changes will be available in sentry-react-native?