import hashlib import random import time try: random = random.SystemRandom() using_sysrandom = True except NotImplementedError: import warnings warnings.warn('A secure pseudo-random number generator is not available ' 'on your system. Falling back to Mersenne Twister.') using_sysrandom = False def get_random_string(length, allowed_chars='abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789', salt=''): """ Returns a securely generated random string. The default length of 12 with the a-z, A-Z, 0-9 character set returns a 71-bit value. log_2((26+26+10)^12) =~ 71 bits """ if not using_sysrandom: # This is ugly, and a hack, but it makes things better than # the alternative of predictability. This re-seeds the PRNG # using a value that is hard for an attacker to predict, every # time a random string is required. This may change the # properties of the chosen random sequence slightly, but this # is better than absolute predictability. random.seed( hashlib.sha256( ("%s%s%s" % ( random.getstate(), time.time(), salt)).encode('utf-8') ).digest()) return ''.join(random.choice(allowed_chars) for i in range(length)) def find_index(list, predicate): for i, value in enumerate(list): if predicate(value, i): return i return None # TODO: Fix non dict list items # TODO: List merge is not universal def merge(destination, source): for key, value in source.items(): if key == 'params': destination[key] = value elif isinstance(value, dict): node = destination.setdefault(key, {}) merge(node, value) elif isinstance(value, list): node = destination.setdefault(key, []) for item in value: index = find_index(node, lambda x, i: x['db_column'] == item['db_column']) if index is None: continue node[index] merge(node[index], item) else: destination[key] = value return destination