ValidationHash generation should use random.SystemRandom instead of random class

XMLWordPrintable

    • Severity 3 - Minor

      NOTE: This bug report is for Confluence Server. Using Confluence Cloud? See the corresponding bug report.

      ValidationHash generation should use random.SystemRandom instead of the random.Random class when generating a random seed for new hash objects.

      from random import Random
....

class ValidationHashManager( models.Manager ):
    def _generate_md5_hash( self, user, type, hash_data, seed ):
        return md5( "%s%s%s%s" % ( seed, "".join( map( str, hash_data ) ), user.id, type ) ).hexdigest()

    def create_new( self, user, type, hash_data = [], expiration = None ):
        seed = ''.join( Random().sample( string.letters + string.digits, 12 ) )
        hash = self._generate_md5_hash( user, type, hash_data, seed )

        obj = ValidationHash( hash_code = hash, seed = seed, user = user, type = type )

        if expiration is not None:
            obj.expiration = expiration

        try:
            obj.save()

      The impact of this bug is fairly insignificant.

              Assignee:
              David Black
              Reporter:
              David Black
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: