suspicious-non-cryptographic-random-usage (S311)
Derived from the flake8-bandit linter.
What it does
Checks for uses of cryptographically weak pseudo-random number generators.
Why is this bad?
Cryptographically weak pseudo-random number generators are insecure, as they are easily predictable. This can allow an attacker to guess the generated numbers and compromise the security of the system.
Instead, use a cryptographically secure pseudo-random number generator
(such as using the secrets module)
when generating random numbers for security purposes.
Example
Use instead: