diff --git a/monkey/infection_monkey/exploit/hadoop.py b/monkey/infection_monkey/exploit/hadoop.py index a30112cce..7a0264380 100644 --- a/monkey/infection_monkey/exploit/hadoop.py +++ b/monkey/infection_monkey/exploit/hadoop.py @@ -7,8 +7,8 @@ import json import logging import posixpath -import random import string +from random import SystemRandom import requests @@ -69,8 +69,9 @@ class HadoopExploiter(WebRCE): resp = json.loads(resp.content) app_id = resp["application-id"] # Create a random name for our application in YARN + safe_random = SystemRandom() rand_name = ID_STRING + "".join( - [random.choice(string.ascii_lowercase) for _ in range(self.RAN_STR_LEN)] + [safe_random.choice(string.ascii_lowercase) for _ in range(self.RAN_STR_LEN)] ) payload = self.build_payload(app_id, rand_name, command) resp = requests.post( diff --git a/monkey/infection_monkey/exploit/shellshock.py b/monkey/infection_monkey/exploit/shellshock.py index 7854483a0..f83eb9a15 100644 --- a/monkey/infection_monkey/exploit/shellshock.py +++ b/monkey/infection_monkey/exploit/shellshock.py @@ -3,7 +3,7 @@ import logging import string -from random import choice +from random import SystemRandom import requests @@ -37,8 +37,9 @@ class ShellShockExploiter(HostExploiter): def __init__(self, host): super(ShellShockExploiter, self).__init__(host) self.HTTP = [str(port) for port in self._config.HTTP_PORTS] + safe_random = SystemRandom() self.success_flag = "".join( - choice(string.ascii_uppercase + string.digits) for _ in range(20) + safe_random.choice(string.ascii_uppercase + string.digits) for _ in range(20) ) self.skip_exist = self._config.skip_exploit_if_file_exist diff --git a/monkey/infection_monkey/network/info.py b/monkey/infection_monkey/network/info.py index c30f3d436..5ada2e29f 100644 --- a/monkey/infection_monkey/network/info.py +++ b/monkey/infection_monkey/network/info.py @@ -1,7 +1,7 @@ import itertools import socket import struct -from random import randint +from random import randint # noqa: DUO102 from subprocess import check_output import netifaces diff --git a/monkey/infection_monkey/network/tcp_scanner.py b/monkey/infection_monkey/network/tcp_scanner.py index 1260a590d..93e30ccad 100644 --- a/monkey/infection_monkey/network/tcp_scanner.py +++ b/monkey/infection_monkey/network/tcp_scanner.py @@ -1,5 +1,5 @@ from itertools import zip_longest -from random import shuffle +from random import shuffle # noqa: DUO102 import infection_monkey.config from infection_monkey.network.HostFinger import HostFinger diff --git a/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py b/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py index ecbebd4d0..d82b412d3 100644 --- a/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py +++ b/monkey/infection_monkey/post_breach/actions/communicate_as_new_user.py @@ -52,8 +52,8 @@ class CommunicateAsNewUser(PBA): @staticmethod def get_random_new_user_name(): return USERNAME_PREFIX + "".join( - random.choice(string.ascii_lowercase) for _ in range(5) - ) # noqa: DUO102 + random.choice(string.ascii_lowercase) for _ in range(5) # noqa: DUO102 + ) @staticmethod def get_commandline_for_http_request(url, is_windows=is_windows_os()):