Investigate possible vulnerabilities when using pseudo-random generators in framework/

[mcarmona99]

Description

With the test created in the issue wazuh/wazuh-qa#1615, some possible code flaws were found by Bandit.

In this issue we specify flaws when using pseudo-random generators.

Issue text: Standard pseudo-random generators are not suitable for security/cryptographic purposes

framework/wazuh/core/cluster/cluster.py line 306

This random number is used to set the name of the compressed data for the integrity synchronization process in cluster. The temporary file is created using the node name, so we can guaranteee that the files will never be overwritten. Despite that, we need to investigate this flaw.

More info.: https://bandit.readthedocs.io/en/latest/blacklists/blacklist_calls.html#b311-random

We should investigate this result and see if it is a real vulnerability.

Checks

wazuh/wazuh

• Unit tests without failures. Updated and/or expanded if there are new functions/methods/outputs:
  • Cluster (framework/wazuh/core/cluster/tests/ & framework/wazuh/core/cluster/dapi/tests/)
  • Core (framework/wazuh/core/tests/)
  • SDK (framework/wazuh/tests/)
  • RBAC (framework/wazuh/rbac/tests/)
  • API (api/api/tests/)
• API tavern integration tests without failures. Updated and/or expanded if needed (api/test/integration/):
  • Affected tests
  • Affected RBAC (black and white) tests
• Review integration test mapping using the script (api/test/integration/mapping/integration_test_api_endpoints.json)
• Review of spec.yaml examples and schemas (api/api/spec/spec.yaml)
• Review exceptions remediation when any endpoint path changes or is removed (framework/wazuh/core/exception.py)
• Changelog (CHANGELOG.md)

wazuh/wazuh-documentation

• Migration from 3.X for changed endpoints (source/user-manual/api/equivalence.rst)
• Update RBAC reference with new/modified actions/resources/relationships (source/user-manual/api/rbac/reference.rst)