diff --git a/app/__init__.py b/app/__init__.py index 16c13bb45..2fffe2673 100644 --- a/app/__init__.py +++ b/app/__init__.py @@ -1,5 +1,5 @@ import os -import random +import secrets import string import time import uuid @@ -353,7 +353,7 @@ def create_uuid(): def create_random_identifier(): - return ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(16)) + return ''.join(secrets.choice(string.ascii_uppercase + string.digits) for _ in range(16)) def setup_sqlalchemy_events(app): diff --git a/app/celery/research_mode_tasks.py b/app/celery/research_mode_tasks.py index e937739f5..ac99bc842 100644 --- a/app/celery/research_mode_tasks.py +++ b/app/celery/research_mode_tasks.py @@ -124,7 +124,7 @@ def create_fake_letter_response_file(self, reference): dvla_response_data = '{}|Sent|0|Sorted'.format(reference) # try and find a filename that hasn't been taken yet - from a random time within the last 30 seconds - for i in sorted(range(30), key=lambda _: random.random()): + for i in sorted(range(30), key=lambda _: random.random()): # nosec B311 - not security related upload_file_name = 'NOTIFY-{}-RSP.TXT'.format((now - timedelta(seconds=i)).strftime('%Y%m%d%H%M%S')) if not file_exists(current_app.config['DVLA_RESPONSE_BUCKET_NAME'], upload_file_name): break diff --git a/app/delivery/send_to_providers.py b/app/delivery/send_to_providers.py index 84e3f0f04..d546cbc0c 100644 --- a/app/delivery/send_to_providers.py +++ b/app/delivery/send_to_providers.py @@ -188,7 +188,7 @@ def provider_to_use(notification_type, international=True): chosen_provider = active_providers[0] else: weights = [p.priority for p in active_providers] - chosen_provider = random.choices(active_providers, weights=weights)[0] + chosen_provider = random.choices(active_providers, weights=weights)[0] # nosec B311 - this is not security/cryptography related return notification_provider_clients.get_client_by_name_and_type(chosen_provider.identifier, notification_type)