dataconnect(change): Use SecureRandom when generating internal operation IDs#7910
Conversation
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for GitHub and other Google products, sign up here. |
|
/gemini review |
There was a problem hiding this comment.
Code Review
This pull request correctly replaces the default Random with SecureRandom for generating internal operation IDs, which enhances security. The changes are consistently applied across the relevant classes, and the tests are updated to reflect this. I have one suggestion to optimize the instantiation of SecureRandom for better performance.
📝 PRs merging into main branchOur main branch should always be in a releasable state. If you are working on a larger change, or if you don't want this change to see the light of the day just yet, consider using a feature branch first, and only merge into the main branch when the code complete and ready to be released. |
This PR updates the
firebase-dataconnectmodule to useSecureRandomto generate internal operation IDs. Previously, standard random number generation was used for request IDs; this change passes a lazily createdSecureRandominstance down through core implementation classes likeMutationRefImplandLiveQueryto improve randomness and security. Additionally, the PR adds new arbitrary utilities to support injectingSecureRandominstances for comprehensive property-based testing.Highlights
SecureRandominstance for generatingrequestIdvalues inMutationRefImplandLiveQuery.FirebaseDataConnectFactoryto manage and reuse a singleSecureRandominstance, passing it down to necessary core components.RandomArb,RandomSeed,RandomSourceArb) to reliably inject randomized seeds and instances during property-based testing.Changelog
SecureRandomfor operation IDs.SecureRandomobject and supply it when creatingFirebaseDataConnectinstances.secureRandomin the constructor and passed it down toLiveQueryandMutationRefImplinitializations.execute()to usesecureRandomfor request ID generation via a newrandomRequestId()internal method.start()to generate request IDs using the providedsecureRandom.Randominstance to theFirebaseDataConnectImplconstructor for testing.randomRequestId()respects the injectedsecureRandomobject.mutationRefImplKotest generators to support providing aRandominstance.Arbutility to generateRandominstances for property testing.Arbutility to generate suitable long values for random seed generation.Arbutility to generateRandomSourceinstances for seeded property tests.