diff options
author | linjiang <linjiangbieji@qq.com> | 2021-12-23 01:23:39 +0800 |
---|---|---|
committer | linjiang <linjiangbieji@qq.com> | 2022-01-03 19:16:29 +0800 |
commit | 0b64050e6b3daeed0aee4496d6cba2c31eeb7d83 (patch) | |
tree | 9266ee576d1718fd5444e55c277d3060f1cc1597 /keystone | |
parent | a9fa5131cda296743e4916577ed968b488a414d6 (diff) | |
download | keystone-0b64050e6b3daeed0aee4496d6cba2c31eeb7d83.tar.gz |
using standard library secrets function token_bytes to replace os.urandom
token_bytes is an standard library secrets function ,we can get the information from link https://www.python.org/dev/peps/pep-0506/
Change-Id: I7e6b1df5eac59bac33674934d7b3e8cdd16cea27
Diffstat (limited to 'keystone')
-rw-r--r-- | keystone/api/users.py | 4 | ||||
-rw-r--r-- | keystone/common/cache/core.py | 4 | ||||
-rw-r--r-- | keystone/tests/unit/core.py | 6 |
3 files changed, 8 insertions, 6 deletions
diff --git a/keystone/api/users.py b/keystone/api/users.py index 10f26bd42..3fd4e4190 100644 --- a/keystone/api/users.py +++ b/keystone/api/users.py @@ -13,7 +13,7 @@ # This file handles all flask-restful resources for /v3/users import base64 -import os +import secrets import uuid import flask @@ -577,7 +577,7 @@ class UserAppCredListCreateResource(ks_flask.ResourceBase): @staticmethod def _generate_secret(): length = 64 - secret = os.urandom(length) + secret = secrets.token_bytes(length) secret = base64.urlsafe_b64encode(secret) secret = secret.rstrip(b'=') secret = secret.decode('utf-8') diff --git a/keystone/common/cache/core.py b/keystone/common/cache/core.py index de0d8a023..fb9fc1ca8 100644 --- a/keystone/common/cache/core.py +++ b/keystone/common/cache/core.py @@ -14,7 +14,7 @@ """Keystone Caching Layer Implementation.""" -import os +import secrets from dogpile.cache import region from dogpile.cache import util @@ -36,7 +36,7 @@ class RegionInvalidationManager(object): self._region_key = self.REGION_KEY_PREFIX + region_name def _generate_new_id(self): - return os.urandom(10) + return secrets.token_bytes(10) @property def region_id(self): diff --git a/keystone/tests/unit/core.py b/keystone/tests/unit/core.py index 5e93b842f..92adbfb22 100644 --- a/keystone/tests/unit/core.py +++ b/keystone/tests/unit/core.py @@ -18,6 +18,8 @@ import datetime import functools import hashlib import json +import secrets + import ldap import os import shutil @@ -422,9 +424,9 @@ def new_ec2_credential(user_id, project_id=None, blob=None, **kwargs): def new_totp_credential(user_id, project_id=None, blob=None): if not blob: - # NOTE(notmorgan): 20 bytes of data from os.urandom for + # NOTE(notmorgan): 20 bytes of data from secrets.token_bytes for # a totp secret. - blob = base64.b32encode(os.urandom(20)).decode('utf-8') + blob = base64.b32encode(secrets.token_bytes(20)).decode('utf-8') credential = new_credential_ref(user_id=user_id, project_id=project_id, blob=blob, |