Merge pull request #15841 from thatch45/random_audit

Add some calls to systemrandom where it might be good to have a
2024-11-08 09:23:56 +00:00 · 2014-09-16 13:55:49 -06:00 · 2014-09-16 13:55:49 -06:00 · 9849bf3dee
commit 9849bf3dee
parent 8168230eab 12b9b52dcb
7 changed files with 7 additions and 7 deletions
--- a/salt/auth/init.py
+++ b/salt/auth/init.py
@ -93,7 +93,7 @@ class LoadAuth(object):
        if f_time > self.max_fail:
            self.max_fail = f_time
        deviation = self.max_fail / 4
-        r_time = random.uniform(
+        r_time = random.SystemRandom().uniform(
                self.max_fail - deviation,
                self.max_fail + deviation
                )
--- a/salt/modules/grains.py
+++ b/salt/modules/grains.py
@ -486,7 +486,7 @@ def get_or_set_hash(name,
    ret = get(name, None)

    if ret is None:
-        val = ''.join([random.choice(chars) for _ in range(length)])
+        val = ''.join([random.SystemRandom().choice(chars) for _ in range(length)])

        if ':' in name:
            name, rest = name.split(':', 1)
--- a/salt/modules/mac_user.py
+++ b/salt/modules/mac_user.py
@ -116,7 +116,7 @@ def add(name,
    # Set random password, since without a password the account will not be
    # available. TODO: add shadow module
    randpass = ''.join(
-        random.choice(string.letters + string.digits) for x in xrange(20)
+        random.SystemRandom().choice(string.letters + string.digits) for x in xrange(20)
    )
    _dscl('/Users/{0} {1!r}'.format(name, randpass), ctype='passwd')

--- a/salt/modules/rabbitmq.py
+++ b/salt/modules/rabbitmq.py
@ -139,7 +139,7 @@ def add_user(name, password=None, runas=None):
    if password is None:
        # Generate a random, temporary password. RabbitMQ requires one.
        clear_pw = True
-        password = ''.join(random.choice(
+        password = ''.join(random.SystemRandom().choice(
            string.ascii_uppercase + string.digits) for x in range(15))

    res = __salt__['cmd.run'](
--- a/salt/modules/test.py
+++ b/salt/modules/test.py
@ -404,7 +404,7 @@ def rand_str(size=9999999999):
        salt '*' test.rand_str
    '''
    hasher = getattr(hashlib, __opts__.get('hash_type', 'md5'))
-    return hasher(str(random.randint(0, size))).hexdigest()
+    return hasher(str(random.SystemRandom().randint(0, size))).hexdigest()


 def exception(message='Test Exception'):
--- a/salt/modules/znc.py
+++ b/salt/modules/znc.py
@ -46,7 +46,7 @@ def _makepass(password, hasher='sha256'):
        "0123456789!?.,:;/*-+_()"
    r = {
        'Method': h.name,
-        'Salt': ''.join(random.choice(c) for x in xrange(20)),
+        'Salt': ''.join(random.SystemRandom().choice(c) for x in xrange(20)),
    }

    # Salt the password hash
--- a/salt/wheel/key.py
+++ b/salt/wheel/key.py
@ -79,7 +79,7 @@ def gen(id_=None, keysize=2048):
    returned as a dict containing pub and priv keys
    '''
    if id_ is None:
-        id_ = hashlib.sha512(str(random.randint(0, 99999999))).hexdigest()
+        id_ = hashlib.sha512(str(random.SystemRandom().randint(0, 99999999))).hexdigest()
    ret = {'priv': '',
           'pub': ''}
    priv = salt.crypt.gen_keys(__opts__['pki_dir'], id_, keysize)