{"title":"Insecure Random Token Generation via `random` for Session IDs","language":"Python","severity":"High","cwe":"CWE-338","source_lines":[9],"flow_lines":[9,11],"sink_lines":[11],"vulnerable_code":"import random\nimport string\nfrom flask import Flask, request, jsonify\n\napp = Flask(__name__)\niot_device_sessions = {}\n\n@app.route('/iot/provision', methods=['POST'])\ndef provision_device():\n    device_id = request.json.get('device_id')\n    auth_token = ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(32))\n    iot_device_sessions[device_id] = {'token': auth_token, 'provisioned': True}\n    return jsonify({'device_id': device_id, 'auth_token': auth_token, 'status': 'provisioned'})","explanation":"The code uses Python's `random` module to generate authentication tokens for IoT devices. The `random` module uses a Mersenne Twister PRNG that is cryptographically weak and predictable, allowing attackers to predict future tokens by observing previous ones, enabling device impersonation and unauthorized access.","remediation":"The fix replaces the insecure `random` module with Python's `secrets` module, which is specifically designed for generating cryptographically strong random values suitable for security-sensitive applications like token generation. The `secrets.token_urlsafe(32)` function generates a URL-safe base64-encoded token with 32 bytes of randomness, providing sufficient entropy to prevent prediction attacks.","secure_code":"import secrets\nimport string\nfrom flask import Flask, request, jsonify\n\napp = Flask(__name__)\niot_device_sessions = {}\n\n@app.route('/iot/provision', methods=['POST'])\ndef provision_device():\n    device_id = request.json.get('device_id')\n    auth_token = secrets.token_urlsafe(32)\n    iot_device_sessions[device_id] = {'token': auth_token, 'provisioned': True}\n    return jsonify({'device_id': device_id, 'auth_token': auth_token, 'status': 'provisioned'})"}