🩹(backend) fix identity hash randomness
'hash' built-in function is randomly seed by Python process. In staging or production, our backend runs over 3 pods, thus 3 Python processes. For a given identity, it was not prompting the same hash across all pods. Why 'hash' is randomly seed? For security reasons, there was a vulnerability disclosure exploiting key collision. Since Python 3.2, 'hash' is by default randomly seed. Fixed it! Thx @jonathanperret for your help.
This commit is contained in:
lebaudantoine
committed by
aleb_the_flash
aleb_the_flash
parent
53d732d802
commit
053c4a40e9
@@ -4,6 +4,7 @@ Utils functions used in the core app
|
|||||||
|
|
||||||
# ruff: noqa:S311
|
# ruff: noqa:S311
|
||||||
|
|
||||||
|
import hashlib
|
||||||
import json
|
import json
|
||||||
import random
|
import random
|
||||||
from typing import Optional
|
from typing import Optional
|
||||||
@@ -24,7 +25,11 @@ def generate_color(identity: str) -> str:
|
|||||||
range and ensure predictability.
|
range and ensure predictability.
|
||||||
"""
|
"""
|
||||||
|
|
||||||
random.seed(hash(identity))
|
# ruff: noqa:S324
|
||||||
|
identity_hash = hashlib.sha1(identity.encode("utf-8"))
|
||||||
|
# Keep only hash's last 16 bits, collisions are not a concern
|
||||||
|
seed = int(identity_hash.hexdigest(), 16) & 0xFFFF
|
||||||
|
random.seed(seed)
|
||||||
hue = random.randint(0, 360)
|
hue = random.randint(0, 360)
|
||||||
saturation = random.randint(50, 75)
|
saturation = random.randint(50, 75)
|
||||||
lightness = random.randint(25, 60)
|
lightness = random.randint(25, 60)
|
||||||
|
|||||||
Reference in New Issue
Block a user