Merge pull request #96 from AuthorizeNet/security-fix

Fix code scanning alert no. 2: Insecure randomness

Author: gnongsie

test/test-transactionreporting.js

@@ -135,7 +135,7 @@ describe('Transaction Reporting', function() {
 
 			var getRequest = new ApiContracts.GetTransactionListForCustomerRequest();
 			getRequest.setMerchantAuthentication(testData.merchantAuthenticationType);
-			getRequest.setCustomerProfileId('922287204');
+			getRequest.setCustomerProfileId('39931060');
 
 			//console.log(JSON.stringify(getRequest.getJSON(), null, 2));
 

test/utils.js

@@ -1,15 +1,19 @@
 'use strict';
 
+const crypto = require('crypto');
+
 function getRandomString(text){
-	return text + Math.floor((Math.random() * 100000) + 1);
+	const randomInt = crypto.randomBytes(4).readUInt32BE(0);
+	return text + randomInt;
 }
 
 function getRandomInt(){
-	return Math.floor((Math.random() * 100000) + 1);
+	return crypto.randomBytes(4).readUInt32BE(0);
 }
 
 function getRandomAmount(){
-	return ((Math.random() * 1000) + 1).toFixed(2);
+	const randomFloat = crypto.randomBytes(4).readUInt32BE(0) / 0xFFFFFFFF;
+	return ((randomFloat * 1000) + 1).toFixed(2);
 }
 
 function getDate(){