1
0
Fork 0
mirror of https://github.com/retspen/webvirtcloud synced 2024-12-25 15:45:23 +00:00

fix insecure randomness

This commit is contained in:
sianciou 2022-07-05 16:13:04 +08:00
parent 89ca8010f4
commit 8699575e6f

View file

@ -1,4 +1,5 @@
import random import random
import secrets
import re import re
import string import string
@ -25,7 +26,7 @@ def randomMAC():
def randomUUID(): def randomUUID():
"""Generate a random UUID.""" """Generate a random UUID."""
u = [random.randint(0, 255) for ignore in range(0, 16)] u = [secrets.randbelow(256) for ignore in range(0, 16)]
u[6] = (u[6] & 0x0F) | (4 << 4) u[6] = (u[6] & 0x0F) | (4 << 4)
u[8] = (u[8] & 0x3F) | (2 << 6) u[8] = (u[8] & 0x3F) | (2 << 6)
return "-".join(["%02x" * 4, "%02x" * 2, "%02x" * 2, "%02x" * 2, "%02x" * 6]) % tuple(u) return "-".join(["%02x" * 4, "%02x" * 2, "%02x" * 2, "%02x" * 2, "%02x" * 6]) % tuple(u)
@ -33,7 +34,7 @@ def randomUUID():
def randomPasswd(length=12, alphabet=string.ascii_letters + string.digits): def randomPasswd(length=12, alphabet=string.ascii_letters + string.digits):
"""Generate a random password""" """Generate a random password"""
return "".join([random.choice(alphabet) for i in range(length)]) return "".join([secrets.choice(alphabet) for i in range(length)])
def get_max_vcpus(conn, type=None): def get_max_vcpus(conn, type=None):