Skip to content

Commit

Permalink
feat: default session id
Browse files Browse the repository at this point in the history
  • Loading branch information
kwasniew committed Oct 18, 2023
1 parent 3eb505b commit 8ac6707
Showing 1 changed file with 14 additions and 4 deletions.
18 changes: 14 additions & 4 deletions src/client.ts
Original file line number Diff line number Diff line change
Expand Up @@ -100,9 +100,13 @@ class Client extends EventEmitter implements IClient {

const definitions = this.unleash.getFeatureToggleDefinitions() || [];
return definitions.map((d) => {
const enabled = this.unleash.isEnabled(d.name, context);
const sessionId = context.sessionId || String(Math.random());

Check failure

Code scanning / CodeQL

Insecure randomness High

This uses a cryptographically insecure random number generated at
Math.random()
in a security context.
const enabled = this.unleash.isEnabled(d.name, {
...context,
sessionId,
});
const variant = enabled
? this.unleash.forceGetVariant(d.name, context)
? this.unleash.getVariant(d.name, { ...context, sessionId })
: getDefaultVariant();

return {
Expand All @@ -121,13 +125,19 @@ class Client extends EventEmitter implements IClient {
);
const context = this.fixContext(inContext);

const sessionId = context.sessionId || String(Math.random());

Check failure

Code scanning / CodeQL

Insecure randomness High

This uses a cryptographically insecure random number generated at
Math.random()
in a security context.
const definitions = this.unleash.getFeatureToggleDefinitions() || [];
return definitions
.filter((d) => this.unleash.isEnabled(d.name, context))
.filter((d) =>
this.unleash.isEnabled(d.name, { ...context, sessionId }),
)
.map((d) => ({
name: d.name,
enabled: true,
variant: this.unleash.forceGetVariant(d.name, context),
variant: this.unleash.getVariant(d.name, {
...context,
sessionId,
}),
impressionData: d.impressionData,
}));
}
Expand Down

0 comments on commit 8ac6707

Please sign in to comment.