Change use of random to random.SystemRandom

There's no reason to use random directly unless the code really requires a pseudo-random number generator. This is for security hardening. SecImpact Closes-Bug: 1424089 Change-Id: I2eb0c78af230026de9139363bc05e453d581a700
2015-02-20 16:50:08 -06:00 · 2015-02-20 16:50:08 -06:00 · 2990953cd6
parent b5abd5e242
commit 2990953cd6
2 changed files with 6 additions and 3 deletions
--- a/keystone/common/kvs/backends/memcached.py
+++ b/keystone/common/kvs/backends/memcached.py
@ -16,7 +16,7 @@
 Keystone Memcached dogpile.cache backend implementation.
 """

-import random
+import random as _random
 import time

 from dogpile.cache import api
@ -33,7 +33,7 @@ from keystone.i18n import _
 CONF = cfg.CONF
 LOG = log.getLogger(__name__)
 NO_VALUE = api.NO_VALUE
-
+random = _random.SystemRandom()

 VALID_DOGPILE_BACKENDS = dict(
    pylibmc=memcached.PylibmcBackend,
--- a/keystone/contrib/oauth1/backends/sql.py
+++ b/keystone/contrib/oauth1/backends/sql.py
@ -13,7 +13,7 @@
 # under the License.

 import datetime
-import random
+import random as _random
 import uuid

 from oslo_serialization import jsonutils
@ -26,6 +26,9 @@ from keystone import exception
 from keystone.i18n import _


+random = _random.SystemRandom()
+
+
 class Consumer(sql.ModelBase, sql.DictBase):
    __tablename__ = 'consumer'
    attributes = ['id', 'description', 'secret']