Fix DUO102 warnings
Added comments to ignore some because: "Python uses the Mersenne Twister as the core generator. However, being completely deterministic, it is not suitable for all purposes, and is completely unsuitable for cryptographic purposes. Because the generator is deterministic this means attackers can predict future values given a sufficient amount of previous values. Normal random use is acceptable if the relevant code is not used for security or cryptographic purposes."
This commit is contained in:
parent
d8c1bf5cbe
commit
a3fa4663cb
|
@ -7,8 +7,8 @@
|
|||
import json
|
||||
import logging
|
||||
import posixpath
|
||||
import random
|
||||
import string
|
||||
from random import SystemRandom
|
||||
|
||||
import requests
|
||||
|
||||
|
@ -69,8 +69,9 @@ class HadoopExploiter(WebRCE):
|
|||
resp = json.loads(resp.content)
|
||||
app_id = resp["application-id"]
|
||||
# Create a random name for our application in YARN
|
||||
safe_random = SystemRandom()
|
||||
rand_name = ID_STRING + "".join(
|
||||
[random.choice(string.ascii_lowercase) for _ in range(self.RAN_STR_LEN)]
|
||||
[safe_random.choice(string.ascii_lowercase) for _ in range(self.RAN_STR_LEN)]
|
||||
)
|
||||
payload = self.build_payload(app_id, rand_name, command)
|
||||
resp = requests.post(
|
||||
|
|
|
@ -3,7 +3,7 @@
|
|||
|
||||
import logging
|
||||
import string
|
||||
from random import choice
|
||||
from random import SystemRandom
|
||||
|
||||
import requests
|
||||
|
||||
|
@ -37,8 +37,9 @@ class ShellShockExploiter(HostExploiter):
|
|||
def __init__(self, host):
|
||||
super(ShellShockExploiter, self).__init__(host)
|
||||
self.HTTP = [str(port) for port in self._config.HTTP_PORTS]
|
||||
safe_random = SystemRandom()
|
||||
self.success_flag = "".join(
|
||||
choice(string.ascii_uppercase + string.digits) for _ in range(20)
|
||||
safe_random.choice(string.ascii_uppercase + string.digits) for _ in range(20)
|
||||
)
|
||||
self.skip_exist = self._config.skip_exploit_if_file_exist
|
||||
|
||||
|
|
|
@ -1,7 +1,7 @@
|
|||
import itertools
|
||||
import socket
|
||||
import struct
|
||||
from random import randint
|
||||
from random import randint # noqa: DUO102
|
||||
from subprocess import check_output
|
||||
|
||||
import netifaces
|
||||
|
|
|
@ -1,5 +1,5 @@
|
|||
from itertools import zip_longest
|
||||
from random import shuffle
|
||||
from random import shuffle # noqa: DUO102
|
||||
|
||||
import infection_monkey.config
|
||||
from infection_monkey.network.HostFinger import HostFinger
|
||||
|
|
|
@ -52,8 +52,8 @@ class CommunicateAsNewUser(PBA):
|
|||
@staticmethod
|
||||
def get_random_new_user_name():
|
||||
return USERNAME_PREFIX + "".join(
|
||||
random.choice(string.ascii_lowercase) for _ in range(5)
|
||||
) # noqa: DUO102
|
||||
random.choice(string.ascii_lowercase) for _ in range(5) # noqa: DUO102
|
||||
)
|
||||
|
||||
@staticmethod
|
||||
def get_commandline_for_http_request(url, is_windows=is_windows_os()):
|
||||
|
|
Loading…
Reference in New Issue