Fix security hotspots reported by Sonarqube.

2025-01-24 07:16:52 -06:00 · 2023-07-10 12:42:48 +05:30 · 2023-07-10 12:42:48 +05:30 · 115d4afd9e
commit 115d4afd9e
parent a6b8b7bfa9
2 changed files with 7 additions and 7 deletions
--- a/docs/en_US/release_notes_7_5.rst
+++ b/docs/en_US/release_notes_7_5.rst
@ -28,9 +28,9 @@ Housekeeping
 ************

  | `Issue #6295 <https://github.com/pgadmin-org/pgadmin4/issues/6295>`_ -  Remove Bootstrap and jQuery from authentication pages and rewrite them in ReactJS.
+  | `Issue #6323 <https://github.com/pgadmin-org/pgadmin4/issues/6323>`_ -  Enable cluster deployment with gp3 volume for AWS & BigAnimal cloud providers.
  | `Issue #6423 <https://github.com/pgadmin-org/pgadmin4/issues/6423>`_ -  Clarify the LICENSE file to indicate that it is the PostgreSQL Licence.
  | `Issue #6532 <https://github.com/pgadmin-org/pgadmin4/issues/6532>`_ -  Remove unsupported PostgreSQL versions from the container.
-  | `Issue #6323 <https://github.com/pgadmin-org/pgadmin4/issues/6323>`_ -  Enable cluster deployment with gp3 volume for AWS & BigAnimal cloud providers.

 Bug fixes
 *********
--- a/web/pgadmin/utils/driver/psycopg3/connection.py
+++ b/web/pgadmin/utils/driver/psycopg3/connection.py
@ -14,7 +14,7 @@ object.
 """

 import os
-import random
+import secrets
 import datetime
 import asyncio
 from collections import deque
@ -961,7 +961,7 @@ WHERE db.datname = current_database()""")

        if not status:
            return False, str(cur)
-        query_id = random.randint(1, 9999999)
+        query_id = str(secrets.choice(range(1, 9999999)))

        current_app.logger.log(
            25,
@ -1039,7 +1039,7 @@ WHERE db.datname = current_database()""")

        if not status:
            return False, str(cur)
-        query_id = random.randint(1, 9999999)
+        query_id = str(secrets.choice(range(1, 9999999)))

        encoding = self.python_encoding

@ -1107,7 +1107,7 @@ WHERE db.datname = current_database()""")

        if not status:
            return False, str(cur)
-        query_id = random.randint(1, 9999999)
+        query_id = str(secrets.choice(range(1, 9999999)))

        current_app.logger.log(
            25,
@ -1194,7 +1194,7 @@ WHERE db.datname = current_database()""")
        if not status:
            return False, str(cur)

-        query_id = random.randint(1, 9999999)
+        query_id = str(secrets.choice(range(1, 9999999)))
        current_app.logger.log(
            25,
            "Execute (2darray) by {pga_user} on "
@ -1251,7 +1251,7 @@ WHERE db.datname = current_database()""")

        if not status:
            return False, str(cur)
-        query_id = random.randint(1, 9999999)
+        query_id = str(secrets.choice(range(1, 9999999)))
        current_app.logger.log(
            25,
            "Execute (dict) by {pga_user} on "