Are these suggested fixation for Jicofo component's applicable in code for better performance?

Hi everyone.
We are using Jitsi in our conferencing system. we’ve analyzed Jicofo, jvb component with a coding review tool and there some fixations are suggested.

I am puting some of these here to identify if these fixations are needed in Jitsi’s components or that will break any Jicofo logics in actual conference.

Point-1: Weak Library Usage (Category: Sensitive Data Exposure):


This text will be hidden

In jicofo file:, class: Utils, method: generateSessionId uses a Random object but it may not be truly random. It should be replaced with SecureRandom as this class provides a [cryptographically strong random number generator]

Question: why Jitsi is using Random class instead of more secured SecureRandom class?

Point-2: Possible null pointer Dereference

And in, Line 117:

ColibriConferenceIQ.Channel channel
                = result.getContent("video").getChannel(0);

result object is referenced in method invocation.

is there any chances of getting null for result object and null pointer exception here?

Thank you.

Because that usage does not need to be cryptographically safe.

Not sure, have you seen any?

We haven’t check details jicofo log if there is null pointer error.

I’d apply the “if it ain’t broke don’t fix it” rule then :stuck_out_tongue:

okay. we also not intending to change anything :grinning:. just getting update of those reviews notes