feat: Add Grid Lite Angular wrapper #16777
Conversation
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
| const firstName = this.randomElement(this.namesMen.concat(this.namesWomen)).toLowerCase(); | ||
| const lastName = this.randomElement(this.lastNames).toLowerCase(); | ||
| const email = firstName + '.' + lastName + '@example.com'; | ||
| const username = firstName + '.' + lastName + this.randomInt(1, 99); |
Check failure
Code scanning / CodeQL
Insecure randomness High
Copilot Autofix
AI about 21 hours ago
Copilot could not generate an autofix suggestion
Copilot could not generate an autofix suggestion for this alert. Try pushing a new commit or if the problem persists contact support.
| private createUser(): User { | ||
| let imagePath: string = ""; | ||
| let firstName: string = ""; | ||
| const gender = this.randomInt(0, 1); |
Check failure
Code scanning / CodeQL
Insecure randomness High
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI about 21 hours ago
In general, the fix is to ensure that all security‑relevant random values come from a cryptographically secure PRNG instead of Math.random(). For this file, that means changing randomInt so it no longer calls Math.random(), and instead uses window.crypto.getRandomValues, similar to randomFloat and randomBoolean.
The best targeted fix without changing existing functionality is:
- Replace the body of
randomInt(min, max)with a secure, unbiased(ish) integer generator based onwindow.crypto.getRandomValues. - Use rejection sampling so that the mapping from random bytes to the
[min, max]range does not introduce modulo bias. This keeps the distribution close to the previous uniform behaviour while improving security. - No new imports are needed; the code already uses
window.cryptoin the same file.
Concretely, in src/app/grid-lite/data.service.ts, modify the implementation of private randomInt(min: number, max: number): number (lines 45–47) to use Uint32Array and window.crypto.getRandomValues with a loop that discards out‑of‑range values. All calls to randomInt (including the one on line 102) automatically become cryptographically secure.
| @@ -43,7 +43,21 @@ | ||
| private priorities: ('Low' | 'Standard' | 'High')[] = ['Low', 'Standard', 'High']; | ||
|
|
||
| private randomInt(min: number, max: number): number { | ||
| return Math.floor(Math.random() * (max - min + 1)) + min; | ||
| const range = max - min + 1; | ||
| if (range <= 0) { | ||
| throw new Error('Invalid range for randomInt'); | ||
| } | ||
|
|
||
| const array = new Uint32Array(1); | ||
| const maxUnbiased = Math.floor(0xffffffff / range) * range; | ||
|
|
||
| let random32: number; | ||
| do { | ||
| window.crypto.getRandomValues(array); | ||
| random32 = array[0]; | ||
| } while (random32 >= maxUnbiased); | ||
|
|
||
| return min + (random32 % range); | ||
| } | ||
|
|
||
| private randomFloat(min: number, max: number, precision = 2): number { |
![github-code-quality[bot]](https://avatars.githubusercontent.com/u/9919?s=60&v=4){kind=small}
| @@ -0,0 +1,197 @@ | |||
| import { ChangeDetectionStrategy, Component, computed, CUSTOM_ELEMENTS_SCHEMA, Directive, effect, EmbeddedViewRef, inject, input, TemplateRef, ViewContainerRef, untracked, signal } from '@angular/core'; | |||
| @@ -0,0 +1,21 @@ | |||
| import { Component, CUSTOM_ELEMENTS_SCHEMA, inject } from '@angular/core'; | |||
| import { IgxColumnConfiguration, IgxGridLiteColumnComponent, IgxGridLiteComponent } from "igniteui-angular/grids/lite"; | |||
Closes #
Additional information (check all that apply):
Checklist:
feature/README.MDupdates for the feature docsREADME.MDCHANGELOG.MDupdates for newly added functionalityng updatemigrations for the breaking changes (migrations guidelines)