From abbb3ff5a7f775fa37aad053d05cfafb9725da11 Mon Sep 17 00:00:00 2001
From: Richie Varghese <ric-v@outlook.com>
Date: Sun, 14 Dec 2025 11:00:37 +0530
Subject: [PATCH] Potential fix for code scanning alert no. 2: Insecure
 randomness

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
---
 src/providers/chat/SessionService.ts | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/providers/chat/SessionService.ts b/src/providers/chat/SessionService.ts
index 2e13a7f..7174c89 100644
--- a/src/providers/chat/SessionService.ts
+++ b/src/providers/chat/SessionService.ts
@@ -2,6 +2,7 @@
  * Session storage service for chat history
  */
 import * as vscode from 'vscode';
+import * as crypto from 'crypto';
 import { ChatSession, ChatSessionSummary, ChatMessage } from './types';
 
 export class SessionService {
@@ -21,7 +22,9 @@ export class SessionService {
     }
 
     generateSessionId(): string {
-        return `session_${Date.now()}_${Math.random().toString(36).substr(2, 9)}`;
+        // Use 9 random bytes as before: base64url-encoding to avoid special chars (or hex for simplicity)
+        const randomPart = crypto.randomBytes(9).toString('base64').replace(/[+/=]/g, '').substr(0, 12);
+        return `session_${Date.now()}_${randomPart}`;
     }
 
     getCurrentSessionId(): string | null {