Fix DUO102 warnings

Added comments to ignore some because:

"Python uses the Mersenne Twister as the core generator. However, being completely
deterministic, it is not suitable for all purposes, and is completely unsuitable for
cryptographic purposes. Because the generator is deterministic this means attackers
can predict future values given a sufficient amount of previous values.

Normal random use is acceptable if the relevant code is not used for security or
cryptographic purposes."
This commit is contained in:
Shreya 2021-04-21 19:11:13 +05:30 committed by Mike Salvatore
parent d8c1bf5cbe
commit a3fa4663cb
5 changed files with 10 additions and 8 deletions

View File

@ -7,8 +7,8 @@
import json
import logging
import posixpath
import random
import string
from random import SystemRandom
import requests
@ -69,8 +69,9 @@ class HadoopExploiter(WebRCE):
resp = json.loads(resp.content)
app_id = resp["application-id"]
# Create a random name for our application in YARN
safe_random = SystemRandom()
rand_name = ID_STRING + "".join(
[random.choice(string.ascii_lowercase) for _ in range(self.RAN_STR_LEN)]
[safe_random.choice(string.ascii_lowercase) for _ in range(self.RAN_STR_LEN)]
)
payload = self.build_payload(app_id, rand_name, command)
resp = requests.post(

View File

@ -3,7 +3,7 @@
import logging
import string
from random import choice
from random import SystemRandom
import requests
@ -37,8 +37,9 @@ class ShellShockExploiter(HostExploiter):
def __init__(self, host):
super(ShellShockExploiter, self).__init__(host)
self.HTTP = [str(port) for port in self._config.HTTP_PORTS]
safe_random = SystemRandom()
self.success_flag = "".join(
choice(string.ascii_uppercase + string.digits) for _ in range(20)
safe_random.choice(string.ascii_uppercase + string.digits) for _ in range(20)
)
self.skip_exist = self._config.skip_exploit_if_file_exist

View File

@ -1,7 +1,7 @@
import itertools
import socket
import struct
from random import randint
from random import randint # noqa: DUO102
from subprocess import check_output
import netifaces

View File

@ -1,5 +1,5 @@
from itertools import zip_longest
from random import shuffle
from random import shuffle # noqa: DUO102
import infection_monkey.config
from infection_monkey.network.HostFinger import HostFinger

View File

@ -52,8 +52,8 @@ class CommunicateAsNewUser(PBA):
@staticmethod
def get_random_new_user_name():
return USERNAME_PREFIX + "".join(
random.choice(string.ascii_lowercase) for _ in range(5)
) # noqa: DUO102
random.choice(string.ascii_lowercase) for _ in range(5) # noqa: DUO102
)
@staticmethod
def get_commandline_for_http_request(url, is_windows=is_windows_os()):