Secure Source of Randomness

pixee · Jan 25, 2025 · 4fe3472 · 4fe3472
1 parent 0f03acb
commit 4fe3472
Showing 1 changed file with 3 additions and 4 deletions.
diff --git a/introduction/views.py b/introduction/views.py
@@ -5,15 +5,13 @@
 import logging
 import os
 import pickle
-import random
 import re
 import string
 import subprocess
 import uuid
 from dataclasses import dataclass
 from hashlib import md5
 from io import BytesIO
-from random import randint
 from xml.dom.pulldom import START_ELEMENT, parseString
 from xml.sax import make_parser
 from xml.sax.handler import feature_external_ges
@@ -38,6 +36,7 @@
 from .models import (FAANG, AF_admin, AF_session_id, Blogs, CF_user, authLogin,
                      comments, info, login, otp, sql_lab_table, tickits)
 from .utility import customHash, filter_blog
+import secrets
 
 #*****************************************Lab Requirements****************************************************#
 
@@ -486,7 +485,7 @@ def login_otp(request):
 def Otp(request):
     if request.method=="GET":
         email=request.GET.get('email')
-        otpN=randint(100,999)
+        otpN=secrets.SystemRandom().randint(100,999)
         if email and otpN:
             if email=="admin@pygoat.com":
                 otp.objects.filter(id=2).update(otp=otpN)
@@ -670,7 +669,7 @@ def a10_lab2(request):
 #*********************************************************A11*************************************************#
 
 def gentckt():
-    return (''.join(random.choices(string.ascii_uppercase + string.ascii_lowercase, k=10)))
+    return (''.join(secrets.SystemRandom().choices(string.ascii_uppercase + string.ascii_lowercase, k=10)))
 
 def insec_desgine(request):
     if request.user.is_authenticated: