There are currently two uses of random.randrange() and one of
random.choice() for non-security/non-crypto purposes. Mark them as
whitelisted for bandit checks and add comments explaining why.
"""Generic error for an unrecognized command word."""
# 90% of the time use a generic error
"""Generic error for an unrecognized command word."""
# 90% of the time use a generic error
- if random.randrange(10):
+ # Whitelist the random.randrange() call in bandit since it's not used for
+ # security/cryptographic purposes
+ if random.randrange(10): # nosec
message = '''I'm not sure what "''' + input_data + '''" means...'''
# 10% of the time use the classic diku error
message = '''I'm not sure what "''' + input_data + '''" means...'''
# 10% of the time use the classic diku error
expanded.append(key)
# return one at random
expanded.append(key)
# return one at random
- return random.choice(expanded)
+ # Whitelist the random.randrange() call in bandit since it's not used for
+ # security/cryptographic purposes
+ return random.choice(expanded) # nosec
name = ""
# create a name of random length from the syllables
name = ""
# create a name of random length from the syllables
- for _syllable in range(random.randrange(2, 6)):
+ # Whitelist the random.randrange() call in bandit since it's not used for
+ # security/cryptographic purposes
+ for _syllable in range(random.randrange(2, 6)): # nosec
name += weighted_choice(syllables)
# strip any leading quotemark, capitalize and return the name
name += weighted_choice(syllables)
# strip any leading quotemark, capitalize and return the name
projects / mudpy.git / commitdiff