Skip to content

Commit

Permalink
Fix Bandit: Standard pseudo-random generators are not suitable for se…
Browse files Browse the repository at this point in the history 
…curity/cryptographic purposes
  • Loading branch information
@sbrunner @renovate
sbrunner authored and renovate[bot] committed Jan 9, 2024
1 parent f2703e8 commit 2d18d2a
Showing 1 changed file with 3 additions and 4 deletions.
7 changes: 3 additions & 4 deletions geoportal/c2cgeoportal_geoportal/views/login.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,9 +28,9 @@

import json
import logging
import secrets
import sys
import urllib.parse
from random import Random
from typing import Any, Dict, List, Optional, Tuple, Union

import pyotp
Expand Down Expand Up @@ -341,12 +341,11 @@ def change_password(self) -> pyramid.response.Response:

@staticmethod
def generate_password() -> str:
allchars = "123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"
rand = Random()
all_chars = "123456789abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ"

password = "" # nosec
for _ in range(8):
password += rand.choice(allchars)
password += secrets.choice(all_chars)

return password

Expand Down

0 comments on commit 2d18d2a

Please sign in to comment.