From: Victor Stinner <victor.stinner@gmail.com>
Date: Tue, 13 Aug 2013 23:28:28 +0000 (+0200)
Subject: Close #12015: The tempfile module now uses a suffix of 8 random characters
X-Git-Tag: v3.4.0a2~230
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=97869103ba09fb6a468312d303193902ff13160a;p=thirdparty%2FPython%2Fcpython.git

Close #12015: The tempfile module now uses a suffix of 8 random characters
instead of 6, to reduce the risk of filename collision. The entropy was reduced
when uppercase letters were removed from the charset used to generate random
characters.
---

diff --git a/Lib/tempfile.py b/Lib/tempfile.py
index 10b6a1b334ed..7df881b7d3b4 100644
--- a/Lib/tempfile.py
+++ b/Lib/tempfile.py
@@ -125,7 +125,7 @@ class _RandomNameSequence:
     def __next__(self):
         c = self.characters
         choose = self.rng.choice
-        letters = [choose(c) for dummy in "123456"]
+        letters = [choose(c) for dummy in range(8)]
         return ''.join(letters)
 
 def _candidate_tempdir_list():
diff --git a/Lib/test/test_tempfile.py b/Lib/test/test_tempfile.py
index 437b02b49efe..6b146d23c9fd 100644
--- a/Lib/test/test_tempfile.py
+++ b/Lib/test/test_tempfile.py
@@ -35,7 +35,7 @@ else:
 # Common functionality.
 class BaseTestCase(unittest.TestCase):
 
-    str_check = re.compile(r"[a-zA-Z0-9_-]{6}$")
+    str_check = re.compile(r"^[a-z0-9_-]{8}$")
 
     def setUp(self):
         self._warnings_manager = support.check_warnings()
@@ -62,7 +62,7 @@ class BaseTestCase(unittest.TestCase):
 
         nbase = nbase[len(pre):len(nbase)-len(suf)]
         self.assertTrue(self.str_check.match(nbase),
-                     "random string '%s' does not match /^[a-zA-Z0-9_-]{6}$/"
+                     "random string '%s' does not match ^[a-z0-9_-]{8}$"
                      % nbase)
 
 
diff --git a/Misc/NEWS b/Misc/NEWS
index 150a5fec0ea1..2c7938bf04ff 100644
--- a/Misc/NEWS
+++ b/Misc/NEWS
@@ -28,6 +28,11 @@ Core and Builtins
 Library
 -------
 
+- Issue #12015: The tempfile module now uses a suffix of 8 random characters
+  instead of 6, to reduce the risk of filename collision. The entropy was
+  reduced when uppercase letters were removed from the charset used to generate
+  random characters.
+
 - Issue #18585: Add :func:`textwrap.shorten` to collapse and truncate a
   piece of text to a given length.