Skip to content

Files

Latest commit

 

History

History
40 lines (26 loc) · 901 Bytes

B311.md

File metadata and controls

40 lines (26 loc) · 901 Bytes

Pattern: Use of insecure random module

Issue: -

Description

The pseudo-random generators of random module should not be used for security purposes. Use os.urandom() or SystemRandom if you require a cryptographically secure pseudo-random number generator.

This rule checks for the following calls:

  • random.random
  • random.randrange
  • random.randint
  • random.choice
  • random.uniform
  • random.triangular

Example of insecure code:

import random
import os

number = random.random()

Example of secure code:

import random
import os

number = random.SystemRandom()

Further Reading