document that random.choices() isn't secure either (#728)

taybin · web-flow · commit d4faa78c3988 · 2021-08-23T17:34:15.000-07:00
* document that random.choices() isn't secure either

* add random.choices() to tests
diff --git a/bandit/blacklists/calls.py b/bandit/blacklists/calls.py
@@ -191,6 +191,7 @@
 |      |                     | - random.randrange                 |           |
 |      |                     | - random.randint                   |           |
 |      |                     | - random.choice                    |           |
+|      |                     | - random.choices                   |           |
 |      |                     | - random.uniform                   |           |
 |      |                     | - random.triangular                |           |
 +------+---------------------+------------------------------------+-----------+
@@ -447,6 +448,7 @@ def gen_blacklist():
          'random.randrange',
          'random.randint',
          'random.choice',
+         'random.choices',
          'random.uniform',
          'random.triangular'],
         'Standard pseudo-random generators are not suitable for '
diff --git a/examples/random_module.py b/examples/random_module.py
@@ -6,6 +6,7 @@
 bad = random.randrange()
 bad = random.randint()
 bad = random.choice()
+bad = random.choices()
 bad = random.uniform()
 bad = random.triangular()
 
diff --git a/tests/functional/test_functional.py b/tests/functional/test_functional.py
@@ -355,8 +355,8 @@ def test_popen_wrappers(self):
     def test_random_module(self):
         '''Test for the `random` module.'''
         expect = {
-            'SEVERITY': {'UNDEFINED': 0, 'LOW': 6, 'MEDIUM': 0, 'HIGH': 0},
-            'CONFIDENCE': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 6}
+            'SEVERITY': {'UNDEFINED': 0, 'LOW': 7, 'MEDIUM': 0, 'HIGH': 0},
+            'CONFIDENCE': {'UNDEFINED': 0, 'LOW': 0, 'MEDIUM': 0, 'HIGH': 7}
         }
         self.check_example('random_module.py', expect)
 
