随机数Random和SecureRandom
Creating a new Random object each time a random value is needed is inefficient and may produce numbers which are not random depending on the JDK. For better efficiency and randomness, create a single Random, then store, and reuse it.
The Random() constructor tries to set the seed with a distinct value every time. However there is no guarantee that the seed will be random or even uniformly distributed. Some JDK will use the current time as seed, which makes the generated numbers not random at all.
This rule finds cases where a new Random is created each time a method is invoked and assigned to a local random variable.
Noncompliant Code Example
public void doSomethingCommon() {
Random rand = new Random(); // Noncompliant; new instance created with each invocation
int rValue = rand.nextInt();
//...
Compliant Solution
private Random rand = SecureRandom.getInstanceStrong(); // SecureRandom is preferred to Random
public void doSomethingCommon() {
int rValue = this.rand.nextInt();
//...
Exceptions
A class which uses a Random in its constructor or in a static main function and nowhere else will be ignored by this rule.
要修改的代码:
Random ran = new Random(); int num = ran.nextInt(99999);
修改为:
private Random rand; // SecureRandom is preferred to Random { try { rand = SecureRandom.getInstanceStrong(); } catch (NoSuchAlgorithmException e) { e.printStackTrace(); } }
int num = this.rand.nextInt(99999);
以上是sonarqube的修改建议,但是发布后遇到了阻塞问题,参考文章如下
于是,我改成了
private static final Random rand = new Random();
不再阻塞
posted on 2022-02-17 14:43 rachelgarden 阅读(725) 评论(0) 编辑 收藏 举报
