feat(api): use Python's secrets module for obtaining randomness

api/desecapi/models.py

@@ -9,7 +9,6 @@ import uuid
 from base64 import urlsafe_b64encode
 from datetime import timedelta
 from hashlib import sha256
-from os import urandom
 
 import psl_dns
 import rest_framework.authtoken.models
@@ -183,7 +182,7 @@ class Token(ExportModelOperationsMixin('Token'), rest_framework.authtoken.models
     plain = None
 
     def generate_key(self):
-        self.plain = urlsafe_b64encode(urandom(21)).decode()
+        self.plain = secrets.token_urlsafe(21)
         self.key = Token.make_hash(self.plain)
         return self.key
 

api/desecapi/pdns_change_tracker.py

@@ -1,4 +1,4 @@
-import random
+import secrets
 import socket
 
 from django.conf import settings
@@ -85,7 +85,7 @@ class PDNSChangeTracker:
             return True
 
         def pdns_do(self):
-            salt = '%016x' % random.randrange(16 ** 16)
+            salt = secrets.token_hex(nbytes=8)
             _pdns_post(
                 NSLORD, '/zones?rrsets=false',
                 {