From e73cb4a614560a6b368349553c516aa5704d0e50 Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Fri, 2 Aug 2024 05:44:31 +0000
Subject: [PATCH] Secure Source of Randomness

---
 vulnerability_fix_engine.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/vulnerability_fix_engine.py b/vulnerability_fix_engine.py
index 46c28568..830c259e 100644
--- a/vulnerability_fix_engine.py
+++ b/vulnerability_fix_engine.py
@@ -7,7 +7,6 @@
 import string
 from collections import Counter
 from dataclasses import dataclass, asdict, field
-from random import random
 from typing import List, Optional, Dict, Generator
 
 import aiofiles
@@ -15,6 +14,7 @@
 import time
 
 import github_util
+import secrets
 
 git_hub = github_util.load_github()
 
@@ -218,7 +218,7 @@ async def do_call(wait_time, previous_wait_time=0) -> Optional[str]:
                 # way to slow down this script reasonably
                 github_util.print_current_rate_limit()
                 await asyncio.sleep(wait_time)
-                return await do_call(wait_time * 2 + random(), previous_wait_time=wait_time)
+                return await do_call(wait_time * 2 + secrets.SystemRandom().random(), previous_wait_time=wait_time)
 
         return await do_call(1)
 
@@ -354,7 +354,7 @@ async def do_push_changes(self, retry_count: int = 5):
                 raise e
             else:
                 # Forking is an async operation, so we may need to wait a bit for it
-                await asyncio.sleep((5 - retry_count) * 2 + random())
+                await asyncio.sleep((5 - retry_count) * 2 + secrets.SystemRandom().random())
                 await self.do_push_changes(retry_count - 1)
 
     async def do_create_pull_request(self, lock) -> str: