Review and update uses of PRNG

app/__init__.py

@@ -1,5 +1,5 @@
 import os
-import random
+import secrets
 import string
 import time
 import uuid
@@ -353,7 +353,7 @@ def create_uuid():
 
 
 def create_random_identifier():
-    return ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(16))
+    return ''.join(secrets.choice(string.ascii_uppercase + string.digits) for _ in range(16))
 
 
 def setup_sqlalchemy_events(app):

app/celery/research_mode_tasks.py

@@ -124,7 +124,7 @@ def create_fake_letter_response_file(self, reference):
     dvla_response_data = '{}|Sent|0|Sorted'.format(reference)
 
     # try and find a filename that hasn't been taken yet - from a random time within the last 30 seconds
-    for i in sorted(range(30), key=lambda _: random.random()):
+    for i in sorted(range(30), key=lambda _: random.random()): # nosec B311 - not security related
         upload_file_name = 'NOTIFY-{}-RSP.TXT'.format((now - timedelta(seconds=i)).strftime('%Y%m%d%H%M%S'))
         if not file_exists(current_app.config['DVLA_RESPONSE_BUCKET_NAME'], upload_file_name):
             break

app/delivery/send_to_providers.py

@@ -188,7 +188,7 @@ def provider_to_use(notification_type, international=True):
         chosen_provider = active_providers[0]
     else:
         weights = [p.priority for p in active_providers]
-        chosen_provider = random.choices(active_providers, weights=weights)[0]
+        chosen_provider = random.choices(active_providers, weights=weights)[0] # nosec B311 - this is not security/cryptography related
 
     return notification_provider_clients.get_client_by_name_and_type(chosen_provider.identifier, notification_type)