{"title":"Insecure Randomness via random.choice() for Session Token Generation","language":"Python","severity":"High","cwe":"CWE-338","source_lines":[9],"flow_lines":[9],"sink_lines":[9],"vulnerable_code":"import random\nimport string\nfrom flask import Flask, request, jsonify\n\napp = Flask(__name__)\niot_device_sessions = {}\n\n@app.route('/iot/provision', methods=['POST'])\ndef provision_device():\n    device_id = request.json.get('device_id')\n    auth_token = ''.join(random.choice(string.ascii_letters + string.digits) for _ in range(32))\n    iot_device_sessions[device_id] = {'token': auth_token, 'provisioned': True}\n    return jsonify({'device_id': device_id, 'auth_token': auth_token, 'status': 'provisioned'})","explanation":"The code uses Python's random.choice() from the random module to generate authentication tokens, which relies on the Mersenne Twister PRNG that is cryptographically insecure and predictable. An attacker can predict future tokens by observing previous tokens, allowing device impersonation and unauthorized access to the IoT provisioning system.","remediation":"The fix replaces the insecure `random.choice()` with `secrets.token_urlsafe(32)`, which uses a cryptographically secure random number generator (CSPRNG) suitable for generating authentication tokens. The `secrets` module is specifically designed for generating cryptographically strong random values for security-sensitive operations like token generation, making the output unpredictable to attackers.","secure_code":"import secrets\nimport string\nfrom flask import Flask, request, jsonify\n\napp = Flask(__name__)\niot_device_sessions = {}\n\n@app.route('/iot/provision', methods=['POST'])\ndef provision_device():\n    device_id = request.json.get('device_id')\n    auth_token = secrets.token_urlsafe(32)\n    iot_device_sessions[device_id] = {'token': auth_token, 'provisioned': True}\n    return jsonify({'device_id': device_id, 'auth_token': auth_token, 'status': 'provisioned'})"}