Replace random with SystemRandom for RandomString
it might be theoretically possible to infer the state of standard Python's RNG in a long-running heat-engine service from multiple created RandomString resources. Let's use the random.SystemRandom (and os.urandom) for OS::Heat::RandomString instead. Change-Id: Iac5c03176fc8bae95ada883621196bd9cb453be3 Closes-Bug: #1745931
This commit is contained in:
parent
9e4cda46e6
commit
41605aaac1
@ -11,7 +11,7 @@
|
|||||||
# License for the specific language governing permissions and limitations
|
# License for the specific language governing permissions and limitations
|
||||||
# under the License.
|
# under the License.
|
||||||
|
|
||||||
import random
|
import random as random_module
|
||||||
import string
|
import string
|
||||||
|
|
||||||
import six
|
import six
|
||||||
@ -25,6 +25,10 @@ from heat.engine import resource
|
|||||||
from heat.engine import support
|
from heat.engine import support
|
||||||
from heat.engine import translation
|
from heat.engine import translation
|
||||||
|
|
||||||
|
# NOTE(pas-ha) Heat officially supports only POSIX::Linux platform
|
||||||
|
# where os.urandom() and random.SystemRandom() are available
|
||||||
|
random = random_module.SystemRandom()
|
||||||
|
|
||||||
|
|
||||||
class RandomString(resource.Resource):
|
class RandomString(resource.Resource):
|
||||||
"""A resource which generates a random string.
|
"""A resource which generates a random string.
|
||||||
|
@ -0,0 +1,6 @@
|
|||||||
|
---
|
||||||
|
security:
|
||||||
|
- |
|
||||||
|
Heat no longer uses standard Python RNG when generating values for
|
||||||
|
OS::Heat::RandomString resource, and instead relies on system's RNG
|
||||||
|
for that.
|
Loading…
Reference in New Issue
Block a user