Use secure random to generate transfer key

python random() is not suitable for generating random keys. We better use SystemRandom for these purposes. Change-Id: Icceaf56e67e60e3cd07af6415df5bae2fa76ba17
author: kairat_kushaev <kkushaev@mirantis.com> 2018-01-22 13:00:10 +0400
committer: kairat_kushaev <kkushaev@mirantis.com> 2018-01-22 13:00:10 +0400
commit: 373863f96b80eea6b2222c6ebf8f5611c897aa0b (patch)
tree: fb1e065e69524067904e4cb2ac982cffd3e6fd3e
parent: 4c9bd48d5431480233278d97c10642c355006f47 (diff)
download: designate-373863f96b80eea6b2222c6ebf8f5611c897aa0b.tar.gz
1 files changed, 3 insertions, 1 deletions
diff --git a/designate/central/service.py b/designate/central/service.py
index f938a650..96d7c44a 100644
--- a/designate/central/service.py
+++ b/designate/central/service.py
@@ -23,6 +23,7 @@ import itertools
 import string
 import signal
 import random
+from random import SystemRandom
 import time
 
 import six
@@ -2425,7 +2426,8 @@ class Service(service.RPCService, service.Service):
     # Zone Transfers
     def _transfer_key_generator(self, size=8):
         chars = string.ascii_uppercase + string.digits
-        return ''.join(random.choice(chars) for _ in range(size))
+        sysrand = SystemRandom()
+        return ''.join(sysrand.choice(chars) for _ in range(size))
 
     @notification('dns.zone_transfer_request.create')
     @transaction
author	kairat_kushaev <kkushaev@mirantis.com>	2018-01-22 13:00:10 +0400
committer	kairat_kushaev <kkushaev@mirantis.com>	2018-01-22 13:00:10 +0400
commit	373863f96b80eea6b2222c6ebf8f5611c897aa0b (patch)
tree	fb1e065e69524067904e4cb2ac982cffd3e6fd3e
parent	4c9bd48d5431480233278d97c10642c355006f47 (diff)
download	designate-373863f96b80eea6b2222c6ebf8f5611c897aa0b.tar.gz