openstack/deb-keystone
Code Issues Proposed changes

Change use of random to random.SystemRandom

Browse Source 
There's no reason to use random directly unless the code really
requires a pseudo-random number generator. This is for security
hardening.

SecImpact
Closes-Bug: 1424089

Change-Id: I2eb0c78af230026de9139363bc05e453d581a700
This commit is contained in:
Brant Knudson
2015-02-20 16:50:08 -06:00
parent b5abd5e242
commit 2990953cd6
2 changed files with 6 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
keystone/common/kvs/backends/memcached.py
View File

@@ -16,7 +16,7 @@
Keystone Memcached dogpile.cache backend implementation. Keystone Memcached dogpile.cache backend implementation.
""" """
import random import random as _random
import time import time
from dogpile.cache import api from dogpile.cache import api
@@ -33,7 +33,7 @@ from keystone.i18n import _
CONF = cfg.CONF CONF = cfg.CONF
LOG = log.getLogger(__name__) LOG = log.getLogger(__name__)
NO_VALUE = api.NO_VALUE NO_VALUE = api.NO_VALUE
random = _random.SystemRandom()
VALID_DOGPILE_BACKENDS = dict( VALID_DOGPILE_BACKENDS = dict(
pylibmc=memcached.PylibmcBackend, pylibmc=memcached.PylibmcBackend,

5
keystone/contrib/oauth1/backends/sql.py
View File

@@ -13,7 +13,7 @@
# under the License. # under the License.
import datetime import datetime
import random import random as _random
import uuid import uuid
from oslo_serialization import jsonutils from oslo_serialization import jsonutils
@@ -26,6 +26,9 @@ from keystone import exception
from keystone.i18n import _ from keystone.i18n import _
random = _random.SystemRandom()
class Consumer(sql.ModelBase, sql.DictBase): class Consumer(sql.ModelBase, sql.DictBase):
__tablename__ = 'consumer' __tablename__ = 'consumer'
attributes = ['id', 'description', 'secret'] attributes = ['id', 'description', 'secret']