From: elumalai Date: Fri, 28 Apr 2023 14:11:49 +0000 (+0530) Subject: Coverity CWE 330: Use of Insufficiently Random Values X-Git-Tag: release-v14.0-start~14 X-Git-Url: https://osm.etsi.org/gitweb/?a=commitdiff_plain;h=51e72a0f7479b3064b4b11891eb524d42f4738b0;p=osm%2FRO.git Coverity CWE 330: Use of Insufficiently Random Values Added support to fix CWE 330: Use of Insufficiently Random Values Coverity issue Change-Id: Ib12ebeeb9b0cc10af9980fe8661eb6230c2f6d6d Signed-off-by: elumalai --- diff --git a/RO-VIM-openstack/osm_rovim_openstack/vimconn_openstack.py b/RO-VIM-openstack/osm_rovim_openstack/vimconn_openstack.py index 6d167c69..f118cf1b 100644 --- a/RO-VIM-openstack/osm_rovim_openstack/vimconn_openstack.py +++ b/RO-VIM-openstack/osm_rovim_openstack/vimconn_openstack.py @@ -889,7 +889,7 @@ class vimconnector(vimconn.VimConnector): if not ip_profile.get("subnet_address"): # Fake subnet is required - subnet_rand = random.randint(0, 255) + subnet_rand = random.SystemRandom().randint(0, 255) ip_profile["subnet_address"] = "192.168.{}.0/24".format(subnet_rand) if "ip_version" not in ip_profile: diff --git a/RO-plugin/osm_ro_plugin/vim_dummy.py b/RO-plugin/osm_ro_plugin/vim_dummy.py index fbc6bfe6..dc0e00e9 100644 --- a/RO-plugin/osm_ro_plugin/vim_dummy.py +++ b/RO-plugin/osm_ro_plugin/vim_dummy.py @@ -22,7 +22,7 @@ Implements a Dummy vim plugin. from copy import deepcopy import logging -from random import randrange +from random import SystemRandom from uuid import uuid4 from osm_ro_plugin import vimconn @@ -379,8 +379,10 @@ class VimDummyConnector(vimconn.VimConnector): if iface.get("type") in ("SR-IOV", "PCI-PASSTHROUGH") and self.config.get( "sdn-port-mapping" ): - compute_index = randrange(len(self.config["sdn-port-mapping"])) - port_index = randrange( + compute_index = SystemRandom().randrange( + len(self.config["sdn-port-mapping"]) + ) + port_index = SystemRandom().randrange( len(self.config["sdn-port-mapping"][compute_index]["ports"]) ) interface["compute_node"] = self.config["sdn-port-mapping"][ diff --git a/releasenotes/notes/Coverity_CWE_330_Use_of_Insufficiently_Random_Values-ca6e70f753e5560d.yaml b/releasenotes/notes/Coverity_CWE_330_Use_of_Insufficiently_Random_Values-ca6e70f753e5560d.yaml new file mode 100644 index 00000000..f0e76a5b --- /dev/null +++ b/releasenotes/notes/Coverity_CWE_330_Use_of_Insufficiently_Random_Values-ca6e70f753e5560d.yaml @@ -0,0 +1,20 @@ +####################################################################################### +# Copyright ETSI Contributors and Others. +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or +# implied. +# See the License for the specific language governing permissions and +# limitations under the License. +####################################################################################### +--- +security: + - | + Coverity fix for CWE 330: Use of Insufficiently Random Values