new function for rand

internal/kubernetes/domain/domain.go

@@ -3,11 +3,11 @@ package domain
 import (
 	"context"
 	"fmt"
-	"math/rand"
 	"net"
 	"strings"
 
 	"github.com/porter-dev/porter/internal/models"
+	"github.com/porter-dev/porter/internal/repository"
 	v1 "k8s.io/api/core/v1"
 	"k8s.io/api/extensions/v1beta1"
 	"k8s.io/client-go/kubernetes"
@@ -68,13 +68,9 @@ type CreateDNSRecordConfig struct {
 // NewDNSRecordForEndpoint generates a random subdomain and returns a DNSRecord
 // model
 func (c *CreateDNSRecordConfig) NewDNSRecordForEndpoint() *models.DNSRecord {
-	const allowed = "123456789abcdefghijklmnopqrstuvwxyz"
-	suffix := make([]byte, 8)
-	for i := range suffix {
-		suffix[i] = allowed[rand.Intn(len(allowed))]
-	}
+	suffix, _ := repository.GenerateRandomBytes(16)
 
-	subdomain := fmt.Sprintf("%s-%s", c.ReleaseName, string(suffix))
+	subdomain := fmt.Sprintf("%s-%s", c.ReleaseName, suffix)
 
 	return &models.DNSRecord{
 		SubdomainPrefix: subdomain,

internal/repository/encrypt.go

@@ -4,6 +4,7 @@ import (
 	"crypto/aes"
 	"crypto/cipher"
 	"crypto/rand"
+	"encoding/base64"
 	"errors"
 	"io"
 )
@@ -21,6 +22,19 @@ func NewEncryptionKey() *[32]byte {
 	return &key
 }
 
+// NewRandomString generates a random string.
+// It panics if the source of randomness fails.
+func GenerateRandomBytes(n int) (string, error) {
+	b := make([]byte, n)
+	_, err := rand.Read(b)
+
+	if err != nil {
+		return "", err
+	}
+
+	return base64.URLEncoding.EncodeToString(b), nil
+}
+
 // Encrypt encrypts data using 256-bit AES-GCM.  This both hides the content of
 // the data and provides a check that it hasn't been altered. Output takes the
 // form nonce|ciphertext|tag where '|' indicates concatenation.

server/api/deploy_handler.go

@@ -2,7 +2,6 @@ package api
 
 import (
 	"encoding/json"
-	"math/rand"
 	"net/http"
 	"net/url"
 	"strconv"
@@ -14,6 +13,7 @@ import (
 	"github.com/porter-dev/porter/internal/helm/loader"
 	"github.com/porter-dev/porter/internal/integrations/ci/actions"
 	"github.com/porter-dev/porter/internal/models"
+	"github.com/porter-dev/porter/internal/repository"
 	"gopkg.in/yaml.v2"
 )
 
@@ -116,11 +116,11 @@ func (app *App) HandleDeployTemplate(w http.ResponseWriter, r *http.Request) {
 		return
 	}
 
-	// generate 8 characters long webhook token.
-	const letters = "abcdefghijklmnopqrstuvwxyz"
-	token := make([]byte, 8)
-	for i := range token {
-		token[i] = letters[rand.Intn(len(letters))]
+	token, err := repository.GenerateRandomBytes(16)
+
+	if err != nil {
+		app.handleErrorInternal(err, w)
+		return
 	}
 
 	// create release with webhook token in db
@@ -129,7 +129,7 @@ func (app *App) HandleDeployTemplate(w http.ResponseWriter, r *http.Request) {
 		ProjectID:    form.ReleaseForm.Form.Cluster.ProjectID,
 		Namespace:    form.ReleaseForm.Form.Namespace,
 		Name:         form.ChartTemplateForm.Name,
-		WebhookToken: string(token),
+		WebhookToken: token,
 	}
 
 	_, err = app.Repo.Release.CreateRelease(release)

server/api/user_handler.go

@@ -4,7 +4,6 @@ import (
 	"encoding/json"
 	"errors"
 	"fmt"
-	"math/rand"
 	"net/http"
 	"net/url"
 	"strconv"
@@ -171,11 +170,11 @@ func (app *App) HandleCLILoginUser(w http.ResponseWriter, r *http.Request) {
 	}
 
 	// generate 64 characters long authorization code
-	const letters = "abcdefghijklmnopqrstuvwxyz123456789"
-	code := make([]byte, 64)
+	code, err := repository.GenerateRandomBytes(64)
 
-	for i := range code {
-		code[i] = letters[rand.Intn(len(letters))]
+	if err != nil {
+		app.handleErrorInternal(err, w)
+		return
 	}
 
 	expiry := time.Now().Add(30 * time.Second)
@@ -183,7 +182,7 @@ func (app *App) HandleCLILoginUser(w http.ResponseWriter, r *http.Request) {
 	// create auth code object and send back authorization code
 	authCode := &models.AuthCode{
 		Token:             encoded,
-		AuthorizationCode: string(code),
+		AuthorizationCode: code,
 		Expiry:            &expiry,
 	}