From 6e2b0f7799b27a47b9be467d3d322a8272f9e7e7 Mon Sep 17 00:00:00 2001
From: Joshua Harlow <harlowja@yahoo-inc.com>
Date: Mon, 14 Sep 2015 12:23:33 -0700
Subject: [PATCH] Use system random where applicable

One of the bandit checks is to attempt to use the system random
library (which is better at producing randomness) vs using the
default random class, this change uses the system random where
applicable.

See: https://wiki.openstack.org/wiki/Security/Projects/Bandit

Change-Id: I15ae3c99267b2dd9dc9ceccd427f6c0aef6ae8da
---
 ironic_python_agent/backoff.py                 | 3 ++-
 ironic_python_agent/tests/unit/test_backoff.py | 8 ++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/ironic_python_agent/backoff.py b/ironic_python_agent/backoff.py
index e64b82689..f0e47054a 100644
--- a/ironic_python_agent/backoff.py
+++ b/ironic_python_agent/backoff.py
@@ -75,6 +75,7 @@ class BackOffLoopingCall(loopingcall.LoopingCallBase):
              timeout.
     """
 
+    _RNG = random.SystemRandom()
     _KIND = 'Dynamic backoff interval looping call'
     _RUN_ONLY_ONE_MESSAGE = ("A dynamic backoff interval looping call can"
                              " only run one function at a time")
@@ -94,7 +95,7 @@ class BackOffLoopingCall(loopingcall.LoopingCallBase):
         self._interval = starting_interval
 
         def _idle_for(success, _elapsed):
-            random_jitter = random.gauss(jitter, 0.1)
+            random_jitter = self._RNG.gauss(jitter, 0.1)
             if success:
                 # Reset error state now that it didn't error...
                 self._interval = starting_interval
diff --git a/ironic_python_agent/tests/unit/test_backoff.py b/ironic_python_agent/tests/unit/test_backoff.py
index 8f6c9a7a8..bed034ca8 100644
--- a/ironic_python_agent/tests/unit/test_backoff.py
+++ b/ironic_python_agent/tests/unit/test_backoff.py
@@ -21,7 +21,7 @@ from ironic_python_agent import backoff
 
 
 class TestBackOffLoopingCall(unittest.TestCase):
-    @mock.patch('random.gauss')
+    @mock.patch('random.SystemRandom.gauss')
     @mock.patch('eventlet.greenthread.sleep')
     def test_exponential_backoff(self, sleep_mock, random_mock):
         def false():
@@ -45,7 +45,7 @@ class TestBackOffLoopingCall(unittest.TestCase):
                           mock.call(109.95116277760006)]
         self.assertEqual(expected_times, sleep_mock.call_args_list)
 
-    @mock.patch('random.gauss')
+    @mock.patch('random.SystemRandom.gauss')
     @mock.patch('eventlet.greenthread.sleep')
     def test_no_backoff(self, sleep_mock, random_mock):
         random_mock.return_value = 1
@@ -60,7 +60,7 @@ class TestBackOffLoopingCall(unittest.TestCase):
         self.assertEqual(expected_times, sleep_mock.call_args_list)
         self.assertTrue(retvalue, 'return value')
 
-    @mock.patch('random.gauss')
+    @mock.patch('random.SystemRandom.gauss')
     @mock.patch('eventlet.greenthread.sleep')
     def test_no_sleep(self, sleep_mock, random_mock):
         # Any call that executes properly the first time shouldn't sleep
@@ -73,7 +73,7 @@ class TestBackOffLoopingCall(unittest.TestCase):
         self.assertFalse(sleep_mock.called)
         self.assertTrue(retvalue, 'return value')
 
-    @mock.patch('random.gauss')
+    @mock.patch('random.SystemRandom.gauss')
     @mock.patch('eventlet.greenthread.sleep')
     def test_max_interval(self, sleep_mock, random_mock):
         def false():