From 2990953cd65b7deccfa48b54e4bb4c65480eb25e Mon Sep 17 00:00:00 2001
From: Brant Knudson <bknudson@us.ibm.com>
Date: Fri, 20 Feb 2015 16:50:08 -0600
Subject: [PATCH] Change use of random to random.SystemRandom

There's no reason to use random directly unless the code really
requires a pseudo-random number generator. This is for security
hardening.

SecImpact
Closes-Bug: 1424089

Change-Id: I2eb0c78af230026de9139363bc05e453d581a700
---
 keystone/common/kvs/backends/memcached.py | 4 ++--
 keystone/contrib/oauth1/backends/sql.py   | 5 ++++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/keystone/common/kvs/backends/memcached.py b/keystone/common/kvs/backends/memcached.py
index e8c374b34..7159da1b6 100644
--- a/keystone/common/kvs/backends/memcached.py
+++ b/keystone/common/kvs/backends/memcached.py
@@ -16,7 +16,7 @@
 Keystone Memcached dogpile.cache backend implementation.
 """
 
-import random
+import random as _random
 import time
 
 from dogpile.cache import api
@@ -33,7 +33,7 @@ from keystone.i18n import _
 CONF = cfg.CONF
 LOG = log.getLogger(__name__)
 NO_VALUE = api.NO_VALUE
-
+random = _random.SystemRandom()
 
 VALID_DOGPILE_BACKENDS = dict(
     pylibmc=memcached.PylibmcBackend,
diff --git a/keystone/contrib/oauth1/backends/sql.py b/keystone/contrib/oauth1/backends/sql.py
index a187c63f5..c6ab6e5a2 100644
--- a/keystone/contrib/oauth1/backends/sql.py
+++ b/keystone/contrib/oauth1/backends/sql.py
@@ -13,7 +13,7 @@
 # under the License.
 
 import datetime
-import random
+import random as _random
 import uuid
 
 from oslo_serialization import jsonutils
@@ -26,6 +26,9 @@ from keystone import exception
 from keystone.i18n import _
 
 
+random = _random.SystemRandom()
+
+
 class Consumer(sql.ModelBase, sql.DictBase):
     __tablename__ = 'consumer'
     attributes = ['id', 'description', 'secret']