cqrenet/relay
4
0
Fork 0
mirror of https://github.com/chatmail/relay.git synced 2026-05-19 04:18:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): use secrets.choice instead of random.choices for username

Browse Source 
Per Python docs, secrets module should be used for security-sensitive
data. random.choices uses Mersenne Twister PRNG which is predictable.
secrets.choice was already used for password generation in the same file.
This commit is contained in:
Alex V.
2026-02-07 16:50:24 +03:00
committed by missytake
parent 78a4e28408
commit d0c396538b
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
chatmaild/src/chatmaild/newemail.py
View File

@@ -3,7 +3,6 @@
"""CGI script for creating new accounts.""" """CGI script for creating new accounts."""
import json import json
import random
import secrets import secrets
import string import string
from urllib.parse import quote from urllib.parse import quote
@@ -16,7 +15,9 @@ ALPHANUMERIC_PUNCT = string.ascii_letters + string.digits + string.punctuation
def create_newemail_dict(config: Config): def create_newemail_dict(config: Config):
user = "".join(random.choices(ALPHANUMERIC, k=config.username_max_length)) user = "".join(
secrets.choice(ALPHANUMERIC) for _ in range(config.username_max_length)
)
password = "".join( password = "".join(
secrets.choice(ALPHANUMERIC_PUNCT) secrets.choice(ALPHANUMERIC_PUNCT)
for _ in range(config.password_min_length + 3) for _ in range(config.password_min_length + 3)