Fix for security vulnerability

Fixed the vulnerability - Use of cryptographically weak pseudo-random number generator

Change-Id: I028798f1740dd9eb68398da6ea610f1000848417
Signed-off-by: jegan <jegan.s@tataelxsi.co.in>

diff --git a/osm_nbi/authconn_internal.py b/osm_nbi/authconn_internal.py
index fe86f16..9daa3fd 100644 (file)
--- a/osm_nbi/authconn_internal.py
+++ b/osm_nbi/authconn_internal.py
@@ -33,7 +33,6 @@ __date__ = "$06-jun-2019 11:16:08$"
 import logging
 import re
 import secrets
-
 from osm_nbi.authconn import (
     Authconn,
     AuthException,
@@ -52,7 +51,6 @@ from time import time, sleep
 from http import HTTPStatus
 from uuid import uuid4
 from copy import deepcopy
-from random import choice as random_choice
 import smtplib
 from email.message import EmailMessage
 from email.mime.text import MIMEText
@@ -917,7 +915,7 @@ class AuthconnInternal(Authconn):
         )
 
     def generate_otp(self):
-        otp = "".join(random_choice("0123456789") for i in range(0, 4))
+        otp = "".join(str(secrets.randbelow(10)) for i in range(0, 4))
         return otp
 
     def send_email(self, indata):