Add secure string generator

kanor1306 · kanor1306 · commit 34223b9d3c6a · 2024-01-15T15:23:12.000Z
diff --git a/pkg/controller/postgresuser/postgresuser_controller.go b/pkg/controller/postgresuser/postgresuser_controller.go
@@ -162,7 +162,11 @@ func (r *ReconcilePostgresUser) Reconcile(request reconcile.Request) (reconcile.
 
 	// Creation logic
 	var role, login string
-	password := utils.GetRandomString(15)
+	password, err := utils.GetSecureRandomString(15)
+
+	if err != nil {
+		return r.requeue(instance, err)
+	}
 
 	if instance.Status.PostgresRole == "" {
 		// We need to get the Postgres CR to get the group role name
@@ -172,6 +176,7 @@ func (r *ReconcilePostgresUser) Reconcile(request reconcile.Request) (reconcile.
 		}
 		// Create user role
 		suffix := utils.GetRandomString(6)
+		
 		role = fmt.Sprintf("%s-%s", instance.Spec.Role, suffix)
 		login, err = r.pg.CreateUserRole(role, password)
 		if err != nil {
diff --git a/pkg/utils/random.go b/pkg/utils/random.go
@@ -1,5 +1,6 @@
 package utils
 
+import cryptorand "crypto/rand"
 import "math/rand"
 
 var letterRunes = []rune("abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890")
@@ -11,3 +12,17 @@ func GetRandomString(length int) string {
 	}
 	return string(b)
 }
+
+// If the secure random number generator malfunctions it will return an error
+func GetSecureRandomString(length int) (string, error) {
+	b := make([]rune, length)
+	for i := 0; i < length; i++ {
+		num, err := cryptorand.Int(cryptorand.Reader, big.NewInt(int64(len(letterRunes))))
+		if err != nil {
+			return "", err
+		}
+		b[i] = letterRunes[num.Int64()]
+	}
+
+	return string(b), nil
+}
