From 373863f96b80eea6b2222c6ebf8f5611c897aa0b Mon Sep 17 00:00:00 2001
From: kairat_kushaev <kkushaev@mirantis.com>
Date: Mon, 22 Jan 2018 13:00:10 +0400
Subject: [PATCH] Use secure random to generate transfer key

python random() is not suitable for generating random keys.
We better use SystemRandom for these purposes.

Change-Id: Icceaf56e67e60e3cd07af6415df5bae2fa76ba17
---
 designate/central/service.py | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/designate/central/service.py b/designate/central/service.py
index f938a6500..96d7c44a9 100644
--- a/designate/central/service.py
+++ b/designate/central/service.py
@@ -23,6 +23,7 @@ import itertools
 import string
 import signal
 import random
+from random import SystemRandom
 import time
 
 import six
@@ -2425,7 +2426,8 @@ class Service(service.RPCService, service.Service):
     # Zone Transfers
     def _transfer_key_generator(self, size=8):
         chars = string.ascii_uppercase + string.digits
-        return ''.join(random.choice(chars) for _ in range(size))
+        sysrand = SystemRandom()
+        return ''.join(sysrand.choice(chars) for _ in range(size))
 
     @notification('dns.zone_transfer_request.create')
     @transaction