Mercurial > p > roundup > code
comparison roundup/cgi/client.py @ 5356:91954be46a66
A real fix for the problem where:
import random
would result in every call to random() returning the same value
in the web interface.
While cgi/client.py:Client::__init.py__ was calling random.seed(),
on most systems random was SystemRandom and not the default random.
As a result the random as you would get from:
import random
was never being seeded. I added a function to access and seed the
random bound instance of random.Random that is called during init.
This fixes all three places where I saw the broken randomness.
It should also fix:
http://psf.upfronthosting.co.za/roundup/meta/issue644
I also removed the prior code that would bail if systemRandom was not
available.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Sun, 08 Jul 2018 11:34:42 -0400 |
| parents | 66a17c80e035 |
| children | 35ea9b1efc14 8e3df461d316 |
comparison
equal
deleted
inserted
replaced
| 5355:f3446541e72b | 5356:91954be46a66 |
|---|---|
| 15 # Use the cryptographic source of randomness if available | 15 # Use the cryptographic source of randomness if available |
| 16 from random import SystemRandom | 16 from random import SystemRandom |
| 17 random=SystemRandom() | 17 random=SystemRandom() |
| 18 logger.debug("Importing good random generator") | 18 logger.debug("Importing good random generator") |
| 19 except ImportError: | 19 except ImportError: |
| 20 raise | 20 from random import random |
| 21 from random import Random | |
| 22 random=Random() | |
| 23 logger.warning("**SystemRandom not available. Using poor random generator") | 21 logger.warning("**SystemRandom not available. Using poor random generator") |
| 24 | 22 |
| 25 try: | 23 try: |
| 26 from OpenSSL.SSL import SysCallError | 24 from OpenSSL.SSL import SysCallError |
| 27 except ImportError: | 25 except ImportError: |
| 79 <body><h1>An error has occurred</h1> | 77 <body><h1>An error has occurred</h1> |
| 80 <p>A problem was encountered processing your request. | 78 <p>A problem was encountered processing your request. |
| 81 The tracker maintainers have been notified of the problem.</p> | 79 The tracker maintainers have been notified of the problem.</p> |
| 82 </body></html>""" | 80 </body></html>""" |
| 83 | 81 |
| 82 def seed_pseudorandom(): | |
| 83 '''A function to seed the default pseudorandom random number generator | |
| 84 which is used to (at minimum): | |
| 85 * generate part of email message-id | |
| 86 * generate OTK for password reset | |
| 87 * generate the temp recovery password | |
| 88 | |
| 89 This function limits the scope of the 'import random' call | |
| 90 as the random identifier is used throughout the code and | |
| 91 can refer to SystemRandom. | |
| 92 ''' | |
| 93 import random | |
| 94 random.seed() | |
| 84 | 95 |
| 85 class LiberalCookie(SimpleCookie): | 96 class LiberalCookie(SimpleCookie): |
| 86 """ Python's SimpleCookie throws an exception if the cookie uses invalid | 97 """ Python's SimpleCookie throws an exception if the cookie uses invalid |
| 87 syntax. Other applications on the same server may have done precisely | 98 syntax. Other applications on the same server may have done precisely |
| 88 this, preventing roundup from working through no fault of roundup. | 99 this, preventing roundup from working through no fault of roundup. |
| 305 # did not properly respond after a period of time. | 316 # did not properly respond after a period of time. |
| 306 errno.ETIMEDOUT, | 317 errno.ETIMEDOUT, |
| 307 ) | 318 ) |
| 308 | 319 |
| 309 def __init__(self, instance, request, env, form=None, translator=None): | 320 def __init__(self, instance, request, env, form=None, translator=None): |
| 310 # re-seed the random number generator | 321 # re-seed the random number generator. Is this is an instance of |
| 322 # random.SystemRandom it has no effect. | |
| 311 random.seed() | 323 random.seed() |
| 324 # So we also seed the pseudorandom random source obtained from | |
| 325 # import random | |
| 326 # to make sure that every forked copy of the client will return | |
| 327 # new random numbers. | |
| 328 seed_pseudorandom() | |
| 312 self.start = time.time() | 329 self.start = time.time() |
| 313 self.instance = instance | 330 self.instance = instance |
| 314 self.request = request | 331 self.request = request |
| 315 self.env = env | 332 self.env = env |
| 316 self.setTranslator(translator) | 333 self.setTranslator(translator) |