Merge pull request from GHSA-82vr-5769-6358

* replace random.choice with secrets.choice for generating id verification code * update changelog
ethyca · Nov 14, 2023 · 36fc5e7 · 36fc5e7
1 parent 2a8cc01
commit 36fc5e7
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -51,6 +51,9 @@ The types of changes are:
 - User preferences from cookie should always override experience preferences [#4405](https://github.com/ethyca/fides/pull/4405)
 - Allow fides_consent cookie to be set from a subdirectory [#4426](https://github.com/ethyca/fides/pull/4426)
 
+### Security
+-- Use a more cryptographically secure random function for security code generation
+
 ## [2.23.3](https://github.com/ethyca/fides/compare/2.23.2...2.23.3)
 
 ### Fixed

diff --git a/src/fides/api/service/privacy_request/request_runner_service.py b/src/fides/api/service/privacy_request/request_runner_service.py
@@ -1,4 +1,4 @@
-import random
+import secrets
 from datetime import datetime, timedelta
 from typing import Any, Dict, List, Optional, Set, Tuple
 
@@ -627,7 +627,7 @@ def generate_id_verification_code() -> str:
     """
     Generate one-time identity verification code
     """
-    return str(random.choice(range(100000, 999999)))
+    return str(secrets.choice(range(100000, 999999)))
 
 
 def _retrieve_child_results(  # pylint: disable=R0911