From 1de7eb2846df7d7e7b2890f06ba722f9fa53e6ee Mon Sep 17 00:00:00 2001
From: Avendra Singh <187728546+Avendra05@users.noreply.github.com>
Date: Mon, 16 Mar 2026 11:27:14 +0530
Subject: [PATCH] Update BackgroundWorker.kt

fix: Replace java.util.Random with SecureRandom (CWE-338)

Replaced insecure PRNG (java.util.Random) with cryptographically secure
SecureRandom to address Weak PRNG vulnerability.

References:
- CWE-338: Use of Cryptographically Weak PRNG
- MSTG-CRYPTO-6: Secure random number generation
- OWASP MASVS-CRYPTO-1: Strong cryptography best practices
---
 .../dev/fluttercommunity/workmanager/BackgroundWorker.kt      | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/workmanager_android/android/src/main/kotlin/dev/fluttercommunity/workmanager/BackgroundWorker.kt b/workmanager_android/android/src/main/kotlin/dev/fluttercommunity/workmanager/BackgroundWorker.kt
index 367b3bd7..e4822034 100644
--- a/workmanager_android/android/src/main/kotlin/dev/fluttercommunity/workmanager/BackgroundWorker.kt
+++ b/workmanager_android/android/src/main/kotlin/dev/fluttercommunity/workmanager/BackgroundWorker.kt
@@ -13,7 +13,7 @@ import io.flutter.embedding.engine.FlutterEngine
 import io.flutter.embedding.engine.dart.DartExecutor
 import io.flutter.embedding.engine.loader.FlutterLoader
 import io.flutter.view.FlutterCallbackInformation
-import java.util.Random
+import java.security.SecureRandom
 
 /**
  * A simple worker that posts your input back to your Flutter application.
@@ -49,7 +49,7 @@ class BackgroundWorker(
         get() = workerParams.inputData.getString(DART_TASK_KEY)
 
     private val runAttemptCount = workerParams.runAttemptCount
-    private val randomThreadIdentifier = Random().nextInt()
+    private val randomThreadIdentifier = SecureRandom().nextInt()
     private var engine: FlutterEngine? = null
 
     private var startTime: Long = 0