Skip to content

Commit

Permalink
Add random.randbytes to blacklist calls
Browse files Browse the repository at this point in the history
In Python 3.9, the random module added new function randbytes(n).
This function shouldn't be used for any cryptographic operations.
As the doc recommends, use secrets.token_bytes() instead.

https://docs.python.org/3/library/random.html#random.randbytes

Signed-off-by: Eric Brown <[email protected]>
  • Loading branch information
ericwb committed Jan 18, 2024
1 parent 7129108 commit 3afaf3f
Show file tree
Hide file tree
Showing 3 changed files with 5 additions and 2 deletions.
2 changes: 2 additions & 0 deletions bandit/blacklists/calls.py
Original file line number Diff line number Diff line change
Expand Up @@ -198,6 +198,7 @@
| | | - random.choices | |
| | | - random.uniform | |
| | | - random.triangular | |
| | | - random.randbytes | |
+------+---------------------+------------------------------------+-----------+
B312: telnetlib
Expand Down Expand Up @@ -523,6 +524,7 @@ def gen_blacklist():
"random.choices",
"random.uniform",
"random.triangular",
"random.randbytes",
],
"Standard pseudo-random generators are not suitable for "
"security/cryptographic purposes.",
Expand Down
1 change: 1 addition & 0 deletions examples/random_module.py
Original file line number Diff line number Diff line change
Expand Up @@ -10,6 +10,7 @@
bad = random.choices()
bad = random.uniform()
bad = random.triangular()
bad = random.randbytes()

good = os.urandom()
good = random.SystemRandom()
Expand Down
4 changes: 2 additions & 2 deletions tests/functional/test_functional.py
Original file line number Diff line number Diff line change
Expand Up @@ -396,8 +396,8 @@ def test_popen_wrappers(self):
def test_random_module(self):
"""Test for the `random` module."""
expect = {
"SEVERITY": {"UNDEFINED": 0, "LOW": 8, "MEDIUM": 0, "HIGH": 0},
"CONFIDENCE": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 0, "HIGH": 8},
"SEVERITY": {"UNDEFINED": 0, "LOW": 9, "MEDIUM": 0, "HIGH": 0},
"CONFIDENCE": {"UNDEFINED": 0, "LOW": 0, "MEDIUM": 0, "HIGH": 9},
}
self.check_example("random_module.py", expect)

Expand Down

0 comments on commit 3afaf3f

Please sign in to comment.