3 files changed, 23 insertions, 9 deletions

diff --git a/migrations/csrfToken/main.go b/migrations/csrfToken/main.go
index fcd49f2..f2326df 100644
--- a/migrations/csrfToken/main.go
+++ b/migrations/csrfToken/main.go
@@ -69,7 +69,10 @@ func main() {
 		if err != nil {
 			log.Fatal(err)
 		}
-		s.CSRFToken = util.NewCSRFToken()
+		s.CSRFToken, err = util.NewCSRFToken()
+		if err != nil {
+			log.Fatal(err)
+		}
 		err = sessionRepo.Add(s)
 		if err != nil {
 			log.Fatal(err)
diff --git a/service/service.go b/service/service.go
index db851f7..c9fccb4 100644
--- a/service/service.go
+++ b/service/service.go
@@ -106,8 +106,14 @@ func (svc *service) GetAuthUrl(ctx context.Context, instance string) (
 		instanceURL = "https://" + instance
 	}
 
-	sessionID = util.NewSessionId()
-	csrfToken := util.NewCSRFToken()
+	sessionID, err = util.NewSessionId()
+	if err != nil {
+		return
+	}
+	csrfToken, err := util.NewCSRFToken()
+	if err != nil {
+		return
+	}
 	session := model.Session{
 		ID:             sessionID,
 		InstanceDomain: instance,
diff --git a/util/rand.go b/util/rand.go
index 212d6d3..ffe97a0 100644
--- a/util/rand.go
+++ b/util/rand.go
@@ -1,7 +1,8 @@
 package util
 
 import (
-	"math/rand"
+	"crypto/rand"
+	"math/big"
 )
 
 var (
@@ -9,18 +10,22 @@ var (
 	runes_length = len(runes)
 )
 
-func NewRandId(n int) string {
+func NewRandId(n int) (string, error) {
 	data := make([]rune, n)
 	for i := range data {
-		data[i] = runes[rand.Intn(runes_length)]
+		num, err := rand.Int(rand.Reader, big.NewInt(int64(runes_length)))
+		if err != nil {
+			return "", err
+		}
+		data[i] = runes[num.Int64()]
 	}
-	return string(data)
+	return string(data), nil
 }
 
-func NewSessionId() string {
+func NewSessionId() (string, error) {
 	return NewRandId(24)
 }
 
-func NewCSRFToken() string {
+func NewCSRFToken() (string, error) {
 	return NewRandId(24)
 }