mattia / pagure

Forked from pagure 3 years ago
Clone
Source Code
GIT

f92d52c Don't generate API keys with random.choice

1 file Authored by jcline 5 years ago, Committed by pingou 5 years ago,
raw patch tree parent
1 file changed. 9 lines added. 2 lines removed.
pagure/lib/login.py
file modified
+9 -2 
    Don't generate API keys with random.choice
    
    Pagure uses pagure.lib.login.id_generator to generate API tokens, hook
    tokens, etc, which is backed by random.choice. random.choice is backed
    by the Mersenne Twister PRNG, which is *not* a CSPRNG and should never
    be used for any security-related purposes[0].
    
    Use the secrets API if it's available, and fall back to random backed by
    /dev/urandom.
    
    [0] https://docs.python.org/3/library/random.html
    
    Signed-off-by: Jeremy Cline <jcline@redhat.com>
file modified
+9 -2
Powered by Pagure 5.13.3
DocumentationFile an IssueAboutSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.