diff --git a/kong/tools/rand.lua b/kong/tools/rand.lua index cfb4bfbf3409..fde620fedc45 100644 --- a/kong/tools/rand.lua +++ b/kong/tools/rand.lua @@ -106,10 +106,14 @@ _M.get_rand_bytes = get_rand_bytes -- @return string The random string (a chunk of base64ish-encoded random bytes) local random_string do - local char = string.char local rand = math.random + local byte = string.byte local encode_base64 = ngx.encode_base64 + local OUTPUT = require("string.buffer").new(32) + local SLASH_BYTE = byte("/") + local PLUS_BYTE = byte("+") + -- generate a random-looking string by retrieving a chunk of bytes and -- replacing non-alphanumeric characters with random alphanumeric replacements -- (we dont care about deriving these bytes securely) @@ -117,15 +121,28 @@ do -- previous implementation (stripping a UUID of its hyphens), while significantly -- expanding the size of the keyspace. random_string = function() + OUTPUT:reset() + -- get 24 bytes, which will return a 32 char string after encoding -- this is done in attempt to maintain backwards compatibility as -- much as possible while improving the strength of this function - return encode_base64(get_rand_bytes(24, true)) - :gsub("/", char(rand(48, 57))) -- 0 - 10 - :gsub("+", char(rand(65, 90))) -- A - Z - :gsub("=", char(rand(97, 122))) -- a - z - end + local str = encode_base64(get_rand_bytes(24, true), true) + + for i = 1, 32 do + local b = byte(str, i) + if b == SLASH_BYTE then + OUTPUT:putf("%c", rand(48, 57)) + elseif b == PLUS_BYTE then + OUTPUT:putf("%c", rand(65, 90)) + else + OUTPUT:putf("%c", b) + end + end + + str = OUTPUT:get() + return str + end end _M.random_string = random_string diff --git a/t/01-pdk/02-log/05-set_serialize_value.t b/t/01-pdk/02-log/05-set_serialize_value.t index 2776ddf612b7..a808b33c3fcd 100644 --- a/t/01-pdk/02-log/05-set_serialize_value.t +++ b/t/01-pdk/02-log/05-set_serialize_value.t @@ -325,5 +325,3 @@ Proxy-Authorization REDACTED PROXY_AUTHORIZATION REDACTED --- no_error_log [error] - -