[jira] [Commented] (FLINK-10186) FindBugs warnings: Random object created and used only once

Thu, 23 Aug 2018 11:59:19 -0700 


    [ 
https://issues.apache.org/jira/browse/FLINK-10186?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16590696#comment-16590696
 ] 

ASF GitHub Bot commented on FLINK-10186:
----------------------------------------

Guibo-Pan commented on a change in pull request #6591: [FLINK-10186] Fix 
FindBugs warnings: Random object created and used o…
URL: https://github.com/apache/flink/pull/6591#discussion_r212410516
 
 

 ##########
 File path: 
flink-streaming-java/src/main/java/org/apache/flink/streaming/runtime/io/BufferSpiller.java
 ##########
 @@ -115,7 +115,7 @@ public BufferSpiller(IOManager ioManager, int pageSize) 
throws IOException {
                this.tempDir = tempDirs[DIRECTORY_INDEX.getAndIncrement() % 
tempDirs.length];
 
                byte[] rndBytes = new byte[32];
-               new Random().nextBytes(rndBytes);
 
 Review comment:
   It's inside constructor method, and just randoms for once in an instance.

----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org


> FindBugs warnings: Random object created and used only once
> -----------------------------------------------------------
>
>                 Key: FLINK-10186
>                 URL: https://issues.apache.org/jira/browse/FLINK-10186
>             Project: Flink
>          Issue Type: Bug
>          Components: Streaming
>            Reporter: Hiroaki Yoshida
>            Priority: Major
>              Labels: pull-request-available
>
> FindBugs-3.0.1 ([http://findbugs.sourceforge.net/]) reported a 
> DMI_RANDOM_USED_ONLY_ONCE warning on master:
> {code:java}
> H B DMI: Random object created and used only once in new 
> org.apache.flink.streaming.runtime.io.BufferSpiller(IOManager, int)  At 
> BufferSpiller.java:[line 118]
> {code}
> The description of the bug is as follows:
> {quote}*DMI: Random object created and used only once 
> (DMI_RANDOM_USED_ONLY_ONCE)*
> This code creates a java.util.Random object, uses it to generate one random 
> number, and then discards the Random object. This produces mediocre quality 
> random numbers and is inefficient. If possible, rewrite the code so that the 
> Random object is created once and saved, and each time a new random number is 
> required invoke a method on the existing Random object to obtain it.
> If it is important that the generated Random numbers not be guessable, you 
> must not create a new Random for each random number; the values are too 
> easily guessable. You should strongly consider using a 
> java.security.SecureRandom instead (and avoid allocating a new SecureRandom 
> for each random number needed).
> [http://findbugs.sourceforge.net/bugDescriptions.html#DMI_RANDOM_USED_ONLY_ONCE]
> {quote}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Reply via email to