Secure Source of Randomness

accounts/models.py

@@ -2,22 +2,22 @@ from django.contrib.auth.models import AbstractUser
 from django.db import models
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
-import random
 from PIL import Image, ImageDraw, ImageFont
 from io import BytesIO
 import base64
 import os
+import secrets
 
 def generate_random_id(model_class, id_field):
     """Generate a random ID starting at 4 digits, expanding to 5 if needed"""
     while True:
         # Try to get a 4-digit number first
-        new_id = str(random.randint(1000, 9999))
+        new_id = str(secrets.SystemRandom().randint(1000, 9999))
         if not model_class.objects.filter(**{id_field: new_id}).exists():
             return new_id
         
         # If all 4-digit numbers are taken, try 5 digits
-        new_id = str(random.randint(10000, 99999))
+        new_id = str(secrets.SystemRandom().randint(10000, 99999))
         if not model_class.objects.filter(**{id_field: new_id}).exists():
             return new_id
 

parks/management/commands/seed_data.py

@@ -13,8 +13,8 @@ from companies.models import Company, Manufacturer
 from reviews.models import Review
 from media.models import Photo
 from django.contrib.auth.models import Permission
-import random
 from datetime import datetime, timedelta
+import secrets
 
 User = get_user_model()
 
@@ -287,19 +287,19 @@ class Command(BaseCommand):
 
         for park in parks:
             # Create 3-5 reviews per park
-            num_reviews = random.randint(3, 5)
+            num_reviews = secrets.SystemRandom().randint(3, 5)
             for _ in range(num_reviews):
                 # Generate random visit date
-                days_offset = random.randint(0, 365)
+                days_offset = secrets.SystemRandom().randint(0, 365)
                 visit_date = one_year_ago + timedelta(days=days_offset)
 
                 Review.objects.create(
-                    user=random.choice(users),
+                    user=secrets.choice(users),
                     content_type=ContentType.objects.get_for_model(park),
                     object_id=park.id,
                     title=f"Great experience at {park.name}",
                     content="Lorem ipsum dolor sit amet, consectetur adipiscing elit.",
-                    rating=random.randint(7, 10),
+                    rating=secrets.SystemRandom().randint(7, 10),
                     visit_date=visit_date,
                 )
             self.stdout.write(f"Created reviews for {park.name}")

thrillwiki/views.py

@@ -8,8 +8,8 @@ from rides.models import Ride
 from companies.models import Company, Manufacturer
 from analytics.models import PageView
 from django.conf import settings
-import random
 import os
+import secrets
 
 
 def handler404(request, exception):
@@ -79,7 +79,7 @@ class HomeView(TemplateView):
 
         # Combine and shuffle highest rated items
         all_highest_rated = highest_rated_parks + highest_rated_rides
-        random.shuffle(all_highest_rated)
+        secrets.SystemRandom().shuffle(all_highest_rated)
         
         # Keep the same context variable names for template compatibility
         context['popular_parks'] = trending_parks