Fix secure-random to ignore random.SystemRandom

pixee · Jan 31, 2024 · fe92398 · fe92398
1 parent 26b7379
commit fe92398
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 0 deletions.
diff --git a/src/core_codemods/secure_random.py b/src/core_codemods/secure_random.py
@@ -21,6 +21,7 @@ def rule(cls):
         rules:
           - patterns:
             - pattern: random.$F(...)
+            - pattern-not: random.SystemRandom()
             - pattern-inside: |
                 import random
                 ...

diff --git a/tests/codemods/test_secure_random.py b/tests/codemods/test_secure_random.py
@@ -155,3 +155,27 @@ def test_random_multifunctions(self, tmpdir):
 """
 
         self.run_and_assert(tmpdir, input_code, expected_output)
+
+    def test_random_systemrandom(self, tmpdir):
+        input_code = """
+        import random
+
+        rand = random.SystemRandom()
+        """
+        self.run_and_assert(tmpdir, input_code, input_code)
+
+    def test_random_systemrandom_importfrom(self, tmpdir):
+        input_code = """
+        from random import SystemRandom
+
+        rand = SystemRandom()
+        """
+        self.run_and_assert(tmpdir, input_code, input_code)
+
+    def test_random_systemrandom_import_alias(self, tmpdir):
+        input_code = """
+        import random as domran
+
+        rand = domran.SystemRandom()
+        """
+        self.run_and_assert(tmpdir, input_code, input_code)