diff --git a/xwiki-platform-core/xwiki-platform-appwithinminutes/xwiki-platform-appwithinminutes-test/xwiki-platform-appwithinminutes-test-docker/src/test/it/org/xwiki/appwithinminutes/test/ui/AddEntryIT.java b/xwiki-platform-core/xwiki-platform-appwithinminutes/xwiki-platform-appwithinminutes-test/xwiki-platform-appwithinminutes-test-docker/src/test/it/org/xwiki/appwithinminutes/test/ui/AddEntryIT.java index c710d1ebc38d..cd54f9e4cc94 100644 --- a/xwiki-platform-core/xwiki-platform-appwithinminutes/xwiki-platform-appwithinminutes-test/xwiki-platform-appwithinminutes-test-docker/src/test/it/org/xwiki/appwithinminutes/test/ui/AddEntryIT.java +++ b/xwiki-platform-core/xwiki-platform-appwithinminutes/xwiki-platform-appwithinminutes-test/xwiki-platform-appwithinminutes-test-docker/src/test/it/org/xwiki/appwithinminutes/test/ui/AddEntryIT.java @@ -33,7 +33,7 @@ import org.xwiki.test.ui.TestUtils; import org.xwiki.test.ui.po.LiveTableElement; -import static org.apache.commons.lang3.RandomStringUtils.insecure; +import static org.apache.commons.lang3.RandomStringUtils.secure; import static org.junit.jupiter.api.Assertions.assertTrue; /** @@ -77,7 +77,7 @@ void entryNameWithURLSpecialCharacters(TestReference testReference, TestUtils te // Test EntryNamePane entryNamePane = homePage.clickAddNewEntry(); - String entryName = "A?b=c&d#" + insecure().nextAlphanumeric(3); + String entryName = "A?b=c&d#" + secure().nextAlphanumeric(3); entryNamePane.setName(entryName); EntryEditPage entryEditPage = entryNamePane.clickAdd(); entryEditPage.setValue("description", "This is a test panel."); diff --git a/xwiki-platform-core/xwiki-platform-container/xwiki-platform-container-servlet/src/main/java/org/xwiki/container/servlet/filters/SavedRequestManager.java b/xwiki-platform-core/xwiki-platform-container/xwiki-platform-container-servlet/src/main/java/org/xwiki/container/servlet/filters/SavedRequestManager.java index fe7206aa864c..30e499273dfe 100644 --- a/xwiki-platform-core/xwiki-platform-container/xwiki-platform-container-servlet/src/main/java/org/xwiki/container/servlet/filters/SavedRequestManager.java +++ b/xwiki-platform-core/xwiki-platform-container/xwiki-platform-container-servlet/src/main/java/org/xwiki/container/servlet/filters/SavedRequestManager.java @@ -174,7 +174,7 @@ public static String saveRequest(HttpServletRequest request) // Generate a random key to identify this request String key; do { - key = RandomStringUtils.randomAlphanumeric(8); + key = RandomStringUtils.secure().randomAlphanumeric(8); } while (savedRequests.containsKey(key)); // Store the saved request savedRequests.put(key, savedRequest); diff --git a/xwiki-platform-core/xwiki-platform-security/xwiki-platform-security-authentication/xwiki-platform-security-authentication-test/xwiki-platform-security-authentication-test-docker/src/test/it/org/xwiki/security/authentication/test/ui/ResetPasswordIT.java b/xwiki-platform-core/xwiki-platform-security/xwiki-platform-security-authentication/xwiki-platform-security-authentication-test/xwiki-platform-security-authentication-test-docker/src/test/it/org/xwiki/security/authentication/test/ui/ResetPasswordIT.java index 7ce947128623..fddc32e96f48 100644 --- a/xwiki-platform-core/xwiki-platform-security/xwiki-platform-security-authentication/xwiki-platform-security-authentication-test/xwiki-platform-security-authentication-test-docker/src/test/it/org/xwiki/security/authentication/test/ui/ResetPasswordIT.java +++ b/xwiki-platform-core/xwiki-platform-security/xwiki-platform-security-authentication/xwiki-platform-security-authentication-test/xwiki-platform-security-authentication-test-docker/src/test/it/org/xwiki/security/authentication/test/ui/ResetPasswordIT.java @@ -30,7 +30,6 @@ import javax.mail.internet.MimeMessage; import org.apache.commons.io.IOUtils; -import org.apache.commons.lang3.RandomStringUtils; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.BeforeEach; import org.junit.jupiter.api.Test; @@ -46,7 +45,7 @@ import com.icegreen.greenmail.util.GreenMail; import com.icegreen.greenmail.util.ServerSetupTest; -import static org.apache.commons.lang3.RandomStringUtils.insecure; +import static org.apache.commons.lang3.RandomStringUtils.secure; import static org.junit.jupiter.api.Assertions.assertEquals; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertTrue; @@ -102,7 +101,7 @@ public void resetForgottenPassword(TestUtils setup) throws Exception { setup.forceGuestUser(); - String userName = "testUser" + insecure().nextAlphanumeric(6); + String userName = "testUser" + secure().nextAlphanumeric(6); String password = "password"; String newPassword = "newPasswörd"; diff --git a/xwiki-platform-core/xwiki-platform-sheet/xwiki-platform-sheet-api/src/test/java/org/xwiki/sheet/internal/SheetDocumentDisplayerTest.java b/xwiki-platform-core/xwiki-platform-sheet/xwiki-platform-sheet-api/src/test/java/org/xwiki/sheet/internal/SheetDocumentDisplayerTest.java index af22b0efba38..eefc7cfc763c 100644 --- a/xwiki-platform-core/xwiki-platform-sheet/xwiki-platform-sheet-api/src/test/java/org/xwiki/sheet/internal/SheetDocumentDisplayerTest.java +++ b/xwiki-platform-core/xwiki-platform-sheet/xwiki-platform-sheet-api/src/test/java/org/xwiki/sheet/internal/SheetDocumentDisplayerTest.java @@ -94,7 +94,7 @@ private DocumentModelBridge mockDocument(DocumentReference documentReference) th { StringBuilder id = new StringBuilder(documentReference.getLastSpaceReference().getName()); // Allow different instances of the same document to exist. - id.append('.').append(documentReference.getName()).append(RandomStringUtils.insecure().nextAlphanumeric(3)); + id.append('.').append(documentReference.getName()).append(RandomStringUtils.secure().nextAlphanumeric(3)); DocumentModelBridge document = mock(DocumentModelBridge.class, id.toString()); when(document.getDocumentReference()).thenReturn(documentReference); diff --git a/xwiki-platform-core/xwiki-platform-tag/xwiki-platform-tag-test/xwiki-platform-tag-test-docker/src/test/it/org/xwiki/tag/test/ui/TagIT.java b/xwiki-platform-core/xwiki-platform-tag/xwiki-platform-tag-test/xwiki-platform-tag-test-docker/src/test/it/org/xwiki/tag/test/ui/TagIT.java index a5b75e2126a4..66adda2cef77 100644 --- a/xwiki-platform-core/xwiki-platform-tag/xwiki-platform-tag-test/xwiki-platform-tag-test-docker/src/test/it/org/xwiki/tag/test/ui/TagIT.java +++ b/xwiki-platform-core/xwiki-platform-tag/xwiki-platform-tag-test/xwiki-platform-tag-test-docker/src/test/it/org/xwiki/tag/test/ui/TagIT.java @@ -30,7 +30,7 @@ import org.xwiki.test.docker.junit5.UITest; import org.xwiki.test.ui.TestUtils; -import static org.apache.commons.lang3.RandomStringUtils.insecure; +import static org.apache.commons.lang3.RandomStringUtils.secure; import static org.junit.jupiter.api.Assertions.assertFalse; import static org.junit.jupiter.api.Assertions.assertTrue; @@ -62,7 +62,7 @@ void setUp(TestUtils setup) void addRemoveTag(TestUtils setup, TestReference testReference) { TaggablePage taggablePage = resetTaggablePage(setup, testReference); - String tag = insecure().nextAlphanumeric(4); + String tag = secure().nextAlphanumeric(4); assertFalse(taggablePage.hasTag(tag)); AddTagsPane addTagsPane = taggablePage.addTags(); addTagsPane.setTags(tag); @@ -80,13 +80,13 @@ void addRemoveTag(TestUtils setup, TestReference testReference) void cancelAddTag(TestUtils setup, TestReference testReference) { TaggablePage taggablePage = resetTaggablePage(setup, testReference); - String firstTag = insecure().nextAlphanumeric(4); + String firstTag = secure().nextAlphanumeric(4); assertFalse(taggablePage.hasTag(firstTag)); AddTagsPane addTagsPane = taggablePage.addTags(); addTagsPane.setTags(firstTag); addTagsPane.cancel(); - String secondTag = insecure().nextAlphanumeric(4); + String secondTag = secure().nextAlphanumeric(4); assertFalse(taggablePage.hasTag(secondTag)); addTagsPane = taggablePage.addTags(); addTagsPane.setTags(secondTag); @@ -103,9 +103,9 @@ void cancelAddTag(TestUtils setup, TestReference testReference) void addManyRemoveOneTag(TestUtils setup, TestReference testReference) { TaggablePage taggablePage = resetTaggablePage(setup, testReference); - String firstTag = insecure().nextAlphanumeric(4); + String firstTag = secure().nextAlphanumeric(4); assertFalse(taggablePage.hasTag(firstTag)); - String secondTag = insecure().nextAlphanumeric(4); + String secondTag = secure().nextAlphanumeric(4); assertFalse(taggablePage.hasTag(secondTag)); AddTagsPane addTagsPane = taggablePage.addTags(); @@ -126,7 +126,7 @@ void addManyRemoveOneTag(TestUtils setup, TestReference testReference) void addExistingTag(TestUtils setup, TestReference testReference) { TaggablePage taggablePage = resetTaggablePage(setup, testReference); - String tag = insecure().nextAlphanumeric(4); + String tag = secure().nextAlphanumeric(4); assertFalse(taggablePage.hasTag(tag)); AddTagsPane addTagsPane = taggablePage.addTags(); addTagsPane.setTags(tag); @@ -147,7 +147,7 @@ void addExistingTag(TestUtils setup, TestReference testReference) void testAddTagContainingPipe(TestUtils setup, TestReference testReference) { TaggablePage taggablePage = resetTaggablePage(setup, testReference); - String tag = insecure().nextAlphanumeric(3) + "|" + insecure().nextAlphanumeric(3); + String tag = secure().nextAlphanumeric(3) + "|" + secure().nextAlphanumeric(3); assertFalse(taggablePage.hasTag(tag)); AddTagsPane addTagsPane = taggablePage.addTags(); addTagsPane.setTags(tag); @@ -169,9 +169,9 @@ void testAddTagContainingPipe(TestUtils setup, TestReference testReference) void stripLeadingAndTrailingSpacesFromTags(TestUtils setup, TestReference testReference) { TaggablePage taggablePage = resetTaggablePage(setup, testReference); - String firstTag = insecure().nextAlphanumeric(4); + String firstTag = secure().nextAlphanumeric(4); assertFalse(taggablePage.hasTag(firstTag)); - String secondTag = insecure().nextAlphanumeric(4); + String secondTag = secure().nextAlphanumeric(4); assertFalse(taggablePage.hasTag(secondTag)); AddTagsPane addTagsPane = taggablePage.addTags(); diff --git a/xwiki-platform-core/xwiki-platform-wysiwyg/xwiki-platform-wysiwyg-api/src/main/java/org/xwiki/wysiwyg/internal/converter/DefaultRequestParameterConverter.java b/xwiki-platform-core/xwiki-platform-wysiwyg/xwiki-platform-wysiwyg-api/src/main/java/org/xwiki/wysiwyg/internal/converter/DefaultRequestParameterConverter.java index c1c593942aff..35e868942b42 100644 --- a/xwiki-platform-core/xwiki-platform-wysiwyg/xwiki-platform-wysiwyg-api/src/main/java/org/xwiki/wysiwyg/internal/converter/DefaultRequestParameterConverter.java +++ b/xwiki-platform-core/xwiki-platform-wysiwyg/xwiki-platform-wysiwyg-api/src/main/java/org/xwiki/wysiwyg/internal/converter/DefaultRequestParameterConverter.java @@ -187,7 +187,7 @@ private void handleConversionErrors(RequestParameterConversionResult conversionR private String save(RequestParameterConversionResult conversionResult) { // Generate a random key to identify the request. - String key = RandomStringUtils.randomAlphanumeric(4); + String key = RandomStringUtils.secure().nextAlphanumeric(4); MutableServletRequest request = conversionResult.getRequest(); // Save the output on the session. diff --git a/xwiki-platform-distribution/xwiki-platform-distribution-flavor/xwiki-platform-distribution-flavor-test/xwiki-platform-distribution-flavor-test-storage/src/test/it/org/xwiki/test/storage/DocumentTest.java b/xwiki-platform-distribution/xwiki-platform-distribution-flavor/xwiki-platform-distribution-flavor-test/xwiki-platform-distribution-flavor-test-storage/src/test/it/org/xwiki/test/storage/DocumentTest.java index 59b8f1941b16..66d9ab55974e 100644 --- a/xwiki-platform-distribution/xwiki-platform-distribution-flavor/xwiki-platform-distribution-flavor-test/xwiki-platform-distribution-flavor-test-storage/src/test/it/org/xwiki/test/storage/DocumentTest.java +++ b/xwiki-platform-distribution/xwiki-platform-distribution-flavor/xwiki-platform-distribution-flavor-test/xwiki-platform-distribution-flavor-test-storage/src/test/it/org/xwiki/test/storage/DocumentTest.java @@ -101,7 +101,7 @@ public void testRollback() throws Exception @Test public void testSaveOfThreeHundredKilobyteDocument() throws Exception { - final String content = insecure().nextAlphanumeric(300000); + final String content = secure().nextAlphanumeric(300000); final HttpMethod ret = this.doPostAsAdmin(this.spaceName, this.pageName, null, "save", null, new HashMap() {{ diff --git a/xwiki-platform-distribution/xwiki-platform-distribution-flavor/xwiki-platform-distribution-flavor-test/xwiki-platform-distribution-flavor-test-ui/src/test/it/org/xwiki/test/ui/EditInlineTest.java b/xwiki-platform-distribution/xwiki-platform-distribution-flavor/xwiki-platform-distribution-flavor-test/xwiki-platform-distribution-flavor-test-ui/src/test/it/org/xwiki/test/ui/EditInlineTest.java index c3da33a66420..9c62ab9d76bb 100644 --- a/xwiki-platform-distribution/xwiki-platform-distribution-flavor/xwiki-platform-distribution-flavor-test/xwiki-platform-distribution-flavor-test-ui/src/test/it/org/xwiki/test/ui/EditInlineTest.java +++ b/xwiki-platform-distribution/xwiki-platform-distribution-flavor/xwiki-platform-distribution-flavor-test/xwiki-platform-distribution-flavor-test-ui/src/test/it/org/xwiki/test/ui/EditInlineTest.java @@ -54,7 +54,7 @@ public void testEditButtonTriggersInlineEditing() @Test public void testInlineEditCanChangeTitle() { - String title = insecure().nextAlphanumeric(4); + String title = secure().nextAlphanumeric(4); getUtil().gotoPage(getTestClassName(), getTestMethodName(), "edit", "editor=inline&title=" + title); InlinePage inlinePage = new InlinePage(); // Check if the title specified on the request is properly displayed. @@ -88,7 +88,7 @@ public void testInlineEditCanChangeParent() @IgnoreBrowser(value = "internet.*", version = "9\\.*", reason="See https://jira.xwiki.org/browse/XE-1177") public void testInlineEditPreservesTitle() { - String title = insecure().nextAlphanumeric(4); + String title = secure().nextAlphanumeric(4); getUtil().gotoPage(getTestClassName(), getTestMethodName(), "save", "title=" + title); ViewPage vp = new ViewPage(); Assert.assertEquals(title, vp.getDocumentTitle()); @@ -134,8 +134,8 @@ public void testInlineEditPreservesParent() @IgnoreBrowser(value = "internet.*", version = "9\\.*", reason="See https://jira.xwiki.org/browse/XE-1177") public void testInlineEditPreservesTags() { - String tag1 = insecure().nextAlphanumeric(4); - String tag2 = insecure().nextAlphanumeric(4); + String tag1 = secure().nextAlphanumeric(4); + String tag2 = secure().nextAlphanumeric(4); getUtil().gotoPage(getTestClassName(), getTestMethodName(), "save", "tags=" + tag1 + "%7C" + tag2); TaggablePage taggablePage = new TaggablePage(); Assert.assertTrue(taggablePage.hasTag(tag1)); diff --git a/xwiki-platform-distribution/xwiki-platform-distribution-flavor/xwiki-platform-distribution-flavor-test/xwiki-platform-distribution-flavor-test-ui/src/test/it/org/xwiki/test/ui/EditWikiTest.java b/xwiki-platform-distribution/xwiki-platform-distribution-flavor/xwiki-platform-distribution-flavor-test/xwiki-platform-distribution-flavor-test-ui/src/test/it/org/xwiki/test/ui/EditWikiTest.java index f630526be507..5b03e301cd0e 100644 --- a/xwiki-platform-distribution/xwiki-platform-distribution-flavor/xwiki-platform-distribution-flavor-test/xwiki-platform-distribution-flavor-test-ui/src/test/it/org/xwiki/test/ui/EditWikiTest.java +++ b/xwiki-platform-distribution/xwiki-platform-distribution-flavor/xwiki-platform-distribution-flavor-test/xwiki-platform-distribution-flavor-test-ui/src/test/it/org/xwiki/test/ui/EditWikiTest.java @@ -101,7 +101,7 @@ public void testSwitchToWysiwygWithAdvancedContent() @IgnoreBrowser(value = "internet.*", version = "8\\.*", reason="See https://jira.xwiki.org/browse/XE-1146") public void testPreviewDisplaysPageTitle() { - String title = insecure().nextAlphanumeric(3); + String title = secure().nextAlphanumeric(3); this.editPage.setTitle(title); this.editPage.clickPreview(); // The preview page has the action buttons but otherwise it is similar to a view page.