j3d1/webvirtcloud
1
0
Fork 0
mirror of https://github.com/retspen/webvirtcloud synced 2024-10-31 19:44:16 +00:00
Code Issues Projects Releases Wiki Activity

Merge pull request #514 from sianciou/security_issue

Browse source 
fix insecure randomness
This commit is contained in:
catborise 2022-07-08 23:11:44 +03:00 committed by GitHub
commit f6915ac51f
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
vrtManager/util.py
View file

@ -1,4 +1,5 @@
import random
import secrets
import re
import string
@ -25,7 +26,7 @@ def randomMAC():
def randomUUID():
"""Generate a random UUID."""
u = [random.randint(0, 255) for ignore in range(0, 16)]
u = [secrets.randbelow(256) for ignore in range(0, 16)]
u[6] = (u[6] & 0x0F) | (4 << 4)
u[8] = (u[8] & 0x3F) | (2 << 6)
return "-".join(["%02x" * 4, "%02x" * 2, "%02x" * 2, "%02x" * 2, "%02x" * 6]) % tuple(u)
@ -33,7 +34,7 @@ def randomUUID():
def randomPasswd(length=12, alphabet=string.ascii_letters + string.digits):
"""Generate a random password"""
return "".join([random.choice(alphabet) for i in range(length)])
return "".join([secrets.choice(alphabet) for i in range(length)])
def get_max_vcpus(conn, type=None):