Secure Source of Randomness

2025-12-20 15:51:08 -05:00 · 2024-12-26 03:11:52 +00:00
parent 4dad19c86f
commit ea396b6f50
3 changed files with 10 additions and 10 deletions
--- a/accounts/models.py
+++ b/accounts/models.py
@@ -2,22 +2,22 @@ from django.contrib.auth.models import AbstractUser
 from django.db import models
 from django.urls import reverse
 from django.utils.translation import gettext_lazy as _
-import random
 from PIL import Image, ImageDraw, ImageFont
 from io import BytesIO
 import base64
 import os
+import secrets

 def generate_random_id(model_class, id_field):
    """Generate a random ID starting at 4 digits, expanding to 5 if needed"""
    while True:
        # Try to get a 4-digit number first
-        new_id = str(random.randint(1000, 9999))
+        new_id = str(secrets.SystemRandom().randint(1000, 9999))
        if not model_class.objects.filter(**{id_field: new_id}).exists():
            return new_id
        
        # If all 4-digit numbers are taken, try 5 digits
-        new_id = str(random.randint(10000, 99999))
+        new_id = str(secrets.SystemRandom().randint(10000, 99999))
        if not model_class.objects.filter(**{id_field: new_id}).exists():
            return new_id

--- a/parks/management/commands/seed_data.py
+++ b/parks/management/commands/seed_data.py
@@ -13,8 +13,8 @@ from companies.models import Company, Manufacturer
 from reviews.models import Review
 from media.models import Photo
 from django.contrib.auth.models import Permission
-import random
 from datetime import datetime, timedelta
+import secrets

 User = get_user_model()

@@ -287,19 +287,19 @@ class Command(BaseCommand):

        for park in parks:
            # Create 3-5 reviews per park
-            num_reviews = random.randint(3, 5)
+            num_reviews = secrets.SystemRandom().randint(3, 5)
            for _ in range(num_reviews):
                # Generate random visit date
-                days_offset = random.randint(0, 365)
+                days_offset = secrets.SystemRandom().randint(0, 365)
                visit_date = one_year_ago + timedelta(days=days_offset)

                Review.objects.create(
-                    user=random.choice(users),
+                    user=secrets.choice(users),
                    content_type=ContentType.objects.get_for_model(park),
                    object_id=park.id,
                    title=f"Great experience at {park.name}",
                    content="Lorem ipsum dolor sit amet, consectetur adipiscing elit.",
-                    rating=random.randint(7, 10),
+                    rating=secrets.SystemRandom().randint(7, 10),
                    visit_date=visit_date,
                )
            self.stdout.write(f"Created reviews for {park.name}")
--- a/thrillwiki/views.py
+++ b/thrillwiki/views.py
@@ -8,8 +8,8 @@ from rides.models import Ride
 from companies.models import Company, Manufacturer
 from analytics.models import PageView
 from django.conf import settings
-import random
 import os
+import secrets


 def handler404(request, exception):
@@ -79,7 +79,7 @@ class HomeView(TemplateView):

        # Combine and shuffle highest rated items
        all_highest_rated = highest_rated_parks + highest_rated_rides
-        random.shuffle(all_highest_rated)
+        secrets.SystemRandom().shuffle(all_highest_rated)
        
        # Keep the same context variable names for template compatibility
        context['popular_parks'] = trending_parks