Skip to content

Commit

Permalink
fix(study-search): fix code security issue (Python random is not safe)
Browse files Browse the repository at this point in the history
  • Loading branch information
@mabw-rte
mabw-rte committed Jan 30, 2024
1 parent c97e371 commit a91be07
Showing 1 changed file with 20 additions and 21 deletions.
41 changes: 20 additions & 21 deletions antarest/study/model.py
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
import dataclasses
import enum
import random
import secrets
import string
import typing as t
import uuid
Expand Down Expand Up @@ -32,6 +32,24 @@

DEFAULT_WORKSPACE_NAME = "default"

STUDY_REFERENCE_TEMPLATES: t.Dict[str, str] = {
"600": "empty_study_613.zip",
"610": "empty_study_613.zip",
"640": "empty_study_613.zip",
"700": "empty_study_700.zip",
"710": "empty_study_710.zip",
"720": "empty_study_720.zip",
"800": "empty_study_803.zip",
"810": "empty_study_810.zip",
"820": "empty_study_820.zip",
"830": "empty_study_830.zip",
"840": "empty_study_840.zip",
"850": "empty_study_850.zip",
"860": "empty_study_860.zip",
}

NEW_DEFAULT_STUDY_VERSION: str = "860"

groups_metadata = Table(
"group_metadata",
Base.metadata,
Expand Down Expand Up @@ -74,26 +92,7 @@ def generate_random_color_code() -> str:
"""
Generate a random CSS color code.
"""
return "#" + "".join(random.choice(string.hexdigits) for _ in range(6))


STUDY_REFERENCE_TEMPLATES: t.Dict[str, str] = {
"600": "empty_study_613.zip",
"610": "empty_study_613.zip",
"640": "empty_study_613.zip",
"700": "empty_study_700.zip",
"710": "empty_study_710.zip",
"720": "empty_study_720.zip",
"800": "empty_study_803.zip",
"810": "empty_study_810.zip",
"820": "empty_study_820.zip",
"830": "empty_study_830.zip",
"840": "empty_study_840.zip",
"850": "empty_study_850.zip",
"860": "empty_study_860.zip",
}

NEW_DEFAULT_STUDY_VERSION: str = "860"
return "#" + ("".join(secrets.choice(string.hexdigits[:-6]) for _ in range(6))).upper()


class StudyContentStatus(enum.Enum):
Expand Down

0 comments on commit a91be07

Please sign in to comment.