From 83da55dbd3fbbfa81aea0e2b48f405d0a65f8757 Mon Sep 17 00:00:00 2001 From: YuviPanda <yuvipanda@gmail.com> Date: Sat, 14 Dec 2024 08:45:52 -0800 Subject: [PATCH] Switch to using secrets module from os.urandom --- binderhub/app.py | 2 +- binderhub/tests/conftest.py | 4 ++-- binderhub/tests/test_registry.py | 6 ++---- 3 files changed, 5 insertions(+), 7 deletions(-) diff --git a/binderhub/app.py b/binderhub/app.py index 430162314..dd14e1dd4 100644 --- a/binderhub/app.py +++ b/binderhub/app.py @@ -950,7 +950,7 @@ def initialize(self, *args, **kwargs): "enable_api_only_mode": self.enable_api_only_mode, } ) - self.tornado_settings["cookie_secret"] = os.urandom(32) + self.tornado_settings["cookie_secret"] = secrets.token_bytes(32) if self.cors_allow_origin: self.tornado_settings.setdefault("headers", {})[ "Access-Control-Allow-Origin" diff --git a/binderhub/tests/conftest.py b/binderhub/tests/conftest.py index 48faa3e74..4cd80b284 100644 --- a/binderhub/tests/conftest.py +++ b/binderhub/tests/conftest.py @@ -3,9 +3,9 @@ import inspect import json import os +import secrets import subprocess import time -from binascii import b2a_hex from collections import defaultdict from unittest import mock from urllib.parse import urlparse @@ -379,7 +379,7 @@ def always_build(app, request): if REMOTE_BINDER: return # make it long to ensure we run into max build slug length - session_id = b2a_hex(os.urandom(16)).decode("ascii") + session_id = secrets.token_hex(16) def patch_provider(Provider): original_slug = Provider.get_build_slug diff --git a/binderhub/tests/test_registry.py b/binderhub/tests/test_registry.py index 774fa08c1..8168448ba 100644 --- a/binderhub/tests/test_registry.py +++ b/binderhub/tests/test_registry.py @@ -2,7 +2,7 @@ import base64 import json -import os +import secrets from random import randint import pytest @@ -129,9 +129,7 @@ def get(self): raise HTTPError(403, "Bad username %r" % username) if password != self.test_handle["password"]: raise HTTPError(403, "Bad password %r" % password) - self.test_handle["token"] = token = ( - base64.encodebytes(os.urandom(5)).decode("ascii").rstrip() - ) + self.test_handle["token"] = token = secrets.token_hex(8) self.set_header("Content-Type", "application/json") self.write(json.dumps({"token": token}))