From 25d86840557e7b2e33c78d425131e5c19693e461 Mon Sep 17 00:00:00 2001
From: Oscar Westra van Holthe - Kind <opwvhk@users.noreply.github.com>
Date: Thu, 11 Jul 2024 08:41:10 +0200
Subject: [PATCH] AVRO-4016: Use SecureRandom for file sync markers (#3016)

---
 .../org/apache/avro/file/DataFileWriter.java  | 37 ++++++++-----------
 1 file changed, 16 insertions(+), 21 deletions(-)

diff --git a/lang/java/avro/src/main/java/org/apache/avro/file/DataFileWriter.java b/lang/java/avro/src/main/java/org/apache/avro/file/DataFileWriter.java
index 6c2c45cf184..58235da8848 100644
--- a/lang/java/avro/src/main/java/org/apache/avro/file/DataFileWriter.java
+++ b/lang/java/avro/src/main/java/org/apache/avro/file/DataFileWriter.java
@@ -17,7 +17,15 @@
  */
 package org.apache.avro.file;
 
-import static java.nio.charset.StandardCharsets.UTF_8;
+import org.apache.avro.AvroRuntimeException;
+import org.apache.avro.Schema;
+import org.apache.avro.file.DataFileStream.DataBlock;
+import org.apache.avro.generic.GenericDatumReader;
+import org.apache.avro.io.BinaryEncoder;
+import org.apache.avro.io.DatumWriter;
+import org.apache.avro.io.EncoderFactory;
+import org.apache.avro.util.NonCopyingByteArrayOutputStream;
+import org.apache.commons.compress.utils.IOUtils;
 
 import java.io.BufferedOutputStream;
 import java.io.Closeable;
@@ -29,22 +37,12 @@
 import java.io.OutputStream;
 import java.nio.ByteBuffer;
 import java.nio.charset.StandardCharsets;
-import java.security.MessageDigest;
-import java.security.NoSuchAlgorithmException;
+import java.security.SecureRandom;
 import java.util.HashMap;
 import java.util.Map;
-import java.util.UUID;
 import java.util.function.Function;
 
-import org.apache.avro.AvroRuntimeException;
-import org.apache.avro.Schema;
-import org.apache.avro.file.DataFileStream.DataBlock;
-import org.apache.avro.generic.GenericDatumReader;
-import org.apache.avro.io.BinaryEncoder;
-import org.apache.avro.io.DatumWriter;
-import org.apache.avro.io.EncoderFactory;
-import org.apache.avro.util.NonCopyingByteArrayOutputStream;
-import org.apache.commons.compress.utils.IOUtils;
+import static java.nio.charset.StandardCharsets.UTF_8;
 
 /**
  * Stores in a file a sequence of data conforming to a schema. The schema is
@@ -263,15 +261,12 @@ private void init(OutputStream outs) throws IOException {
     this.isOpen = true;
   }
 
+  private static final SecureRandom RNG = new SecureRandom();
+
   private static byte[] generateSync() {
-    try {
-      MessageDigest digester = MessageDigest.getInstance("MD5");
-      long time = System.currentTimeMillis();
-      digester.update((UUID.randomUUID() + "@" + time).getBytes(UTF_8));
-      return digester.digest();
-    } catch (NoSuchAlgorithmException e) {
-      throw new RuntimeException(e);
-    }
+    byte[] sync = new byte[16];
+    RNG.nextBytes(sync);
+    return sync;
   }
 
   private DataFileWriter<D> setMetaInternal(String key, byte[] value) {