Mercurial > p > roundup > code

annotate roundup/anypy/random_.py @ 8356:63390dcfcfe9

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
bug: fix template use of structure with untrusted data Looks like an xSS bug with an early version of the template that was fixed in the code but never in the deployed tracker. It has been a while since this particular construct has been in the classic template which is the base for the tracker. This has been fixed on the deployed tracker as well. reported by 4bug of ChaMd5 Security Team H1 Group
author John Rouillard <rouilj@ieee.org>
date Tue, 08 Jul 2025 10:23:09 -0400
parents f002747b6773
children
Ignore whitespace changes - Everywhere: Within whitespace: At end of lines:
rev   line source
7770
f002747b6773 chore: ruff linkn
John Rouillard <rouilj@ieee.org>
parents: 7228
diff changeset
1 # ruff: noqa: ARG001
5488
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
2 try:
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
3 from secrets import choice, randbelow, token_bytes
6029
adf54478cdaf flake8 cleanup: whitspeace format changes.
John Rouillard <rouilj@ieee.org>
parents: 5488
diff changeset
4
adf54478cdaf flake8 cleanup: whitspeace format changes.
John Rouillard <rouilj@ieee.org>
parents: 5488
diff changeset
5 def seed(v=None):
5488
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
6 pass
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
7
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
8 is_weak = False
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
9 except ImportError:
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
10 import os as _os
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
11 import random as _random
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
12
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
13 # prefer to use SystemRandom if it is available
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
14 if hasattr(_random, 'SystemRandom'):
6029
adf54478cdaf flake8 cleanup: whitspeace format changes.
John Rouillard <rouilj@ieee.org>
parents: 5488
diff changeset
15 def seed(v=None):
5488
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
16 pass
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
17
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
18 _r = _random.SystemRandom()
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
19 is_weak = False
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
20 else:
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
21 # don't completely throw away the existing state, but add some
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
22 # more random state to the existing state
6029
adf54478cdaf flake8 cleanup: whitspeace format changes.
John Rouillard <rouilj@ieee.org>
parents: 5488
diff changeset
23 def seed(v=None):
7770
f002747b6773 chore: ruff linkn
John Rouillard <rouilj@ieee.org>
parents: 7228
diff changeset
24 # ruff: noqa: PLC0415
7228
07ce4e4110f5 flake8 fixes: whitespace, remove unused imports
John Rouillard <rouilj@ieee.org>
parents: 6029
diff changeset
25 import os
07ce4e4110f5 flake8 fixes: whitespace, remove unused imports
John Rouillard <rouilj@ieee.org>
parents: 6029
diff changeset
26 import time
5488
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
27 _r.seed((_r.getstate(),
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
28 v,
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
29 hasattr(os, 'getpid') and os.getpid(),
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
30 time.time()))
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
31
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
32 # create our own instance so we don't mess with the global
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
33 # random number generator
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
34 _r = _random.Random()
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
35 seed()
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
36 is_weak = True
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
37
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
38 choice = _r.choice
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
39
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
40 def randbelow(i):
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
41 return _r.randint(0, i - 1)
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
42
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
43 if hasattr(_os, 'urandom'):
7770
f002747b6773 chore: ruff linkn
John Rouillard <rouilj@ieee.org>
parents: 7228
diff changeset
44 def token_bytes(size):
f002747b6773 chore: ruff linkn
John Rouillard <rouilj@ieee.org>
parents: 7228
diff changeset
45 return _os.urandom(size)
5488
52cb53eedf77 reworked random number use
Christof Meerwald <cmeerw@cmeerw.org>
parents:
diff changeset
46 else:
7770
f002747b6773 chore: ruff linkn
John Rouillard <rouilj@ieee.org>
parents: 7228
diff changeset
47 def token_bytes(size):
f002747b6773 chore: ruff linkn
John Rouillard <rouilj@ieee.org>
parents: 7228
diff changeset
48 _bchr = chr if str is bytes else lambda x: bytes((x,))
f002747b6773 chore: ruff linkn
John Rouillard <rouilj@ieee.org>
parents: 7228
diff changeset
49 return b''.join([_bchr(_r.getrandbits(8)) for i in range(size)])
Roundup Issue Tracker: http://roundup-tracker.org/