From a91be0769c6717c6ea9e46dcdbdb9a516aac8486 Mon Sep 17 00:00:00 2001
From: Mohamed Abdel Wedoud <mohammed.youssouf@gmail.com>
Date: Tue, 30 Jan 2024 10:23:41 +0100
Subject: [PATCH] fix(study-search): fix code security issue (Python random is
 not safe)

---
 antarest/study/model.py | 41 ++++++++++++++++++++---------------------
 1 file changed, 20 insertions(+), 21 deletions(-)

diff --git a/antarest/study/model.py b/antarest/study/model.py
index 97d2f93535..1bf4292edf 100644
--- a/antarest/study/model.py
+++ b/antarest/study/model.py
@@ -1,6 +1,6 @@
 import dataclasses
 import enum
-import random
+import secrets
 import string
 import typing as t
 import uuid
@@ -32,6 +32,24 @@
 
 DEFAULT_WORKSPACE_NAME = "default"
 
+STUDY_REFERENCE_TEMPLATES: t.Dict[str, str] = {
+    "600": "empty_study_613.zip",
+    "610": "empty_study_613.zip",
+    "640": "empty_study_613.zip",
+    "700": "empty_study_700.zip",
+    "710": "empty_study_710.zip",
+    "720": "empty_study_720.zip",
+    "800": "empty_study_803.zip",
+    "810": "empty_study_810.zip",
+    "820": "empty_study_820.zip",
+    "830": "empty_study_830.zip",
+    "840": "empty_study_840.zip",
+    "850": "empty_study_850.zip",
+    "860": "empty_study_860.zip",
+}
+
+NEW_DEFAULT_STUDY_VERSION: str = "860"
+
 groups_metadata = Table(
     "group_metadata",
     Base.metadata,
@@ -74,26 +92,7 @@ def generate_random_color_code() -> str:
         """
         Generate a random CSS color code.
         """
-        return "#" + "".join(random.choice(string.hexdigits) for _ in range(6))
-
-
-STUDY_REFERENCE_TEMPLATES: t.Dict[str, str] = {
-    "600": "empty_study_613.zip",
-    "610": "empty_study_613.zip",
-    "640": "empty_study_613.zip",
-    "700": "empty_study_700.zip",
-    "710": "empty_study_710.zip",
-    "720": "empty_study_720.zip",
-    "800": "empty_study_803.zip",
-    "810": "empty_study_810.zip",
-    "820": "empty_study_820.zip",
-    "830": "empty_study_830.zip",
-    "840": "empty_study_840.zip",
-    "850": "empty_study_850.zip",
-    "860": "empty_study_860.zip",
-}
-
-NEW_DEFAULT_STUDY_VERSION: str = "860"
+        return "#" + ("".join(secrets.choice(string.hexdigits[:-6]) for _ in range(6))).upper()
 
 
 class StudyContentStatus(enum.Enum):