Use more secure random generation in Python code #10338
Conversation
meaksh
force-pushed
the
master-more-secure-randomness
branch
from
8ff07bb to
77fe52f
Compare
There was a problem hiding this comment.
LGTM, but I have two questions.
-
Do we need to invalidate caches for the Proxy or will this work automatically on updade + service restart?
-
Do we make sure that all Salt event queues are empty before updating the queues that events go into?
The reason we use a checksum for the event queues is just this: We want to have all events from the same minion in the same queue. This approach distributes the minions across the available queues. I suspect that the first 4 chars of a hex-sha256sum is generally different from the first 4 chars of a hex-md5sum of the same input. When this patch is installed, we can have a race condition if old events are still queued. For example, let's say minion "foo"'s queue changes from 1 to 3. If 1 still has event data for "foo" (but other event data ahead in the queue), new event data added to queue 3 could be processed before the old data in queue 1.
proxy/proxy/rhnProxyAuth.py
Outdated
| @@ -27,7 +27,7 @@ | |||
| import xmlrpc.client as xmlrpclib | |||
| import sys | |||
| # pylint: disable=E0611 | |||
There was a problem hiding this comment.
Can we check if this comment can be removed?
~uyuni/uy-work[pylint-everything]
% bb pylint --help-msg=E0611
:no-name-in-module (E0611): *No name %r in module %r*
Used when a name cannot be found in a module. This message belongs to the
variables checker.
Not really, this cache is actually persisted on the filesystem. We might end up with some stale cache files.
We should not really make the |
So we need to invalidate caches?
The point is that we're changing the logic and we know this is a race condition. If you think the likelihood of this affecting anything negatively is too low to worry about it, then proceed as planned. I just wanted to raise this point and make sure this is a conscious decision and we're prepared if this goes wrong for someone. |
|
@agraul this should be now performing the invalidation/deletion of possible old stale proxy auth cache files. About the race condition, as mentioned, I think we should be good. In case the old events are unrelated to the new events, and the new events are processed before the old ones, then we would just have the new action results shown first in the event history. If the old and new events are somehow related, for instance, because we are in the middle of a registration/action chain execution, then I would expect that the action could fail, but I'd also expect that anyway (as you are restarting the "spacewalk-services" in the middle of the execution of those actions). |
|
|
What does this PR change?
This PR makes random generation more secure in certain parts of Python code, as warned by SonarQube analysis:
GUI diff
No difference.
Documentation
No documentation needed: only internal and user invisible changes
DONE
Test coverage
ℹ️ If a major new functionality is added, it is strongly recommended that tests for the new functionality are added to the Cucumber test suite
No tests: no tests around randomness
DONE
Links
Changelogs
Make sure the changelogs entries you are adding are compliant with https://github.com/uyuni-project/uyuni/wiki/Contributing#changelogs and https://github.com/uyuni-project/uyuni/wiki/Contributing#uyuni-projectuyuni-repository
If you don't need a changelog check, please mark this checkbox:
If you uncheck the checkbox after the PR is created, you will need to re-run
changelog_test(see below)Re-run a test
If you need to re-run a test, please mark the related checkbox, it will be unchecked automatically once it has re-run:
Before you merge
Check How to branch and merge properly!