Maintenance: Replace rand() where possible

.rubocop/cop/zammad/forbid_rand.rb

@@ -0,0 +1,20 @@
+# Copyright (C) 2012-2021 Zammad Foundation, http://zammad-foundation.org/
+
+module RuboCop
+  module Cop
+    module Zammad
+      class ForbidRand < Base
+        MSG = <<~ERROR_MESSAGE.freeze
+          Please avoid 'rand' if possible. It does not guarantee uniqueness which means that there is a risk of collisions. Possible alternatives:
+          - If you need unique values, consider using 'SecureRandom.uuid'.
+          - To randomly select a value from a list, use [].sample.
+          - To generate random test data that does not need to be unique, you can use 'Faker::*'.
+        ERROR_MESSAGE
+
+        def on_send(node)
+          add_offense(node) if node.method_name.eql? :rand
+        end
+      end
+    end
+  end
+end

.rubocop/rubocop_zammad.rb

@@ -9,3 +9,4 @@ require_relative 'cop/zammad/have_no_over_not_to'
 require_relative 'cop/zammad/no_to_sym_on_string'
 require_relative 'cop/zammad/prefer_negated_if_over_unless'
 require_relative 'cop/zammad/update_copyright'
+require_relative 'cop/zammad/forbid_rand'

app/controllers/long_polling_controller.rb

@@ -97,7 +97,7 @@ class LongPollingController < ApplicationController
   private
 
   def client_id_gen
-    rand(9_999_999_999).to_s
+    SecureRandom.uuid
   end
 
   def client_id_verify

app/models/channel/driver/sms/message_bird.rb

@@ -89,7 +89,7 @@ class Channel::Driver::Sms::MessageBird < Channel::Driver::Sms::Base
       name:         'message_bird',
       adapter:      'sms/message_bird',
       account:      [
-        { name: 'options::webhook_token', display: 'Webhook Token', tag: 'input', type: 'text', limit: 200, null: false, default: Digest::MD5.hexdigest(rand(999_999_999_999).to_s), disabled: true, readonly: true },
+        { name: 'options::webhook_token', display: 'Webhook Token', tag: 'input', type: 'text', limit: 200, null: false, default: Digest::MD5.hexdigest(SecureRandom.uuid), disabled: true, readonly: true },
         { name: 'options::token', display: 'Token', tag: 'input', type: 'text', limit: 255, null: false },
         { name: 'options::sender', display: 'Sender', tag: 'input', type: 'text', limit: 200, null: false, placeholder: '+491710000000' },
         { name: 'group_id', display: 'Destination Group', tag: 'select', null: false, relation: 'Group', nulloption: true, filter: { active: true } },

app/models/channel/driver/sms/twilio.rb

@@ -100,7 +100,7 @@ class Channel::Driver::Sms::Twilio < Channel::Driver::Sms::Base
       name:         'twilio',
       adapter:      'sms/twilio',
       account:      [
-        { name: 'options::webhook_token', display: 'Webhook Token', tag: 'input', type: 'text', limit: 200, null: false, default: Digest::MD5.hexdigest(rand(999_999_999_999).to_s), disabled: true, readonly: true },
+        { name: 'options::webhook_token', display: 'Webhook Token', tag: 'input', type: 'text', limit: 200, null: false, default: Digest::MD5.hexdigest(SecureRandom.uuid), disabled: true, readonly: true },
         { name: 'options::account_id', display: 'Account SID', tag: 'input', type: 'text', limit: 200, null: false, placeholder: 'XXXXXX' },
         { name: 'options::token', display: 'Token', tag: 'input', type: 'text', limit: 200, null: false },
         { name: 'options::sender', display: 'Sender', tag: 'input', type: 'text', limit: 200, null: false, placeholder: '+491710000000' },

app/models/chat/session.rb

@@ -40,7 +40,7 @@ class Chat::Session < ApplicationModel
   end
 
   def generate_session_id
-    self.session_id = Digest::MD5.hexdigest(Time.zone.now.to_s + rand(99_999_999_999_999).to_s)
+    self.session_id = Digest::MD5.hexdigest(SecureRandom.uuid)
   end
 
   def add_recipient(client_id, store = false)

app/models/cti/driver/base.rb

@@ -156,7 +156,7 @@ class Cti::Driver::Base
       end
     end
 
-    id = rand(999_999_999)
+    id = SecureRandom.uuid
     PushMessages.send_to(user.id, {
                            event: 'remote_task',
                            data:  {

app/models/cti/log.rb

@@ -93,7 +93,7 @@ example data, can be used for demo
     from_comment: 'Franz Bauer',
     to: '4930609811111',
     to_comment: 'Bob Smith',
-    call_id: rand(999_999_999),
+    call_id: SecureRandom.uuid,
     comment: '',
     state: 'newCall',
     done: true,
@@ -118,7 +118,7 @@ example data, can be used for demo
     from_comment: 'Franz Bauer',
     to: '4930609811111',
     to_comment: 'Bob Smith',
-    call_id: rand(999_999_999),
+    call_id: SecureRandom.uuid,
     comment: '',
     state: 'answer',
     done: true,
@@ -146,7 +146,7 @@ example data, can be used for demo
     from_comment: 'Franz Bauer',
     to: '4930609811111',
     to_comment: 'Bob Smith',
-    call_id: rand(999_999_999),
+    call_id: SecureRandom.uuid,
     comment: '',
     state: 'hangup',
     comment: 'normalClearing',
@@ -177,7 +177,7 @@ example data, can be used for demo
     from_comment: 'Franz Bauer',
     to: '4930609811111',
     to_comment: 'Bob Smith',
-    call_id: rand(999_999_999),
+    call_id: SecureRandom.uuid,
     comment: '',
     state: 'hangup',
     done: true,
@@ -209,7 +209,7 @@ example data, can be used for demo
     from_comment: 'Franz Bauer',
     to: '4930609811111',
     to_comment: '',
-    call_id: rand(999_999_999),
+    call_id: SecureRandom.uuid,
     comment: '',
     state: 'hangup',
     done: true,
@@ -241,7 +241,7 @@ example data, can be used for demo
     from_comment: 'Franz Bauer',
     to: '4930609811111',
     to_comment: 'Bob Smith',
-    call_id: rand(999_999_999),
+    call_id: SecureRandom.uuid,
     comment: '',
     state: 'hangup',
     done: true,
@@ -271,7 +271,7 @@ example data, can be used for demo
     direction: 'in',
     from: '4930609854180',
     to: '4930609811112',
-    call_id: rand(999_999_999),
+    call_id: SecureRandom.uuid,
     comment: '',
     state: 'hangup',
     done: true,

app/models/overview.rb

@@ -102,7 +102,7 @@ class Overview < ApplicationModel
     local_link.squeeze!('_')
     local_link = CGI.escape(local_link)
     if local_link.blank?
-      local_link = id || rand(999)
+      local_link = id || SecureRandom.uuid
     end
     check = true
     count = 0

app/models/setting.rb

@@ -140,7 +140,7 @@ reload config settings
 
   def reset_change_id
     @@current[name] = state_current[:value]
-    change_id = rand(999_999_999).to_s
+    change_id = SecureRandom.uuid
     logger.debug { "Setting.reset_change_id: set new cache, #{change_id}" }
     Cache.write('Setting::ChangeId', change_id, { expires_in: 24.hours })
     @@lookup_at = nil # rubocop:disable Style/ClassVars