Open
Description
[Extracted from a post by @noloader to the ESAPI-Project-Users list on August 22, 2022.]
Describe the bug
It looks like Randomizer.java is providing random UUIDs. The reference
given is dead.[1] I went back to 2007 and the IETF returned 404's.
Nowadays I think you should use RFC 1422 and UUIDv4.[2] From Section
4.1.3 of [2]:
Msb0 Msb1 Msb2 Msb3 Version Description
...
0 1 0 0 4 The randomly or pseudo-
randomly generated version
specified in this document.
[1] http://www.ietf.org/internet-drafts/draft-mealling-uuid-urn-03.txt
[2] https://datatracker.ietf.org/doc/html/rfc4122
Specify what ESAPI version(s) you are experiencing this bug in
ESAPI 2.5.0.
Expected behavior
A random Version-4 type UUID, conformant with RFC 4122, should be produced when calling:
ESAPI.randomizer().getRandomGUID();