sheyman/gist:6cdedb51276dab77f348

## gistfile1.txt
>> Consider possible security implications associated with Crypto module.
 - /Users/step6927/barbican/barbican/openstack/common/crypto/utils.py::20
	 20  from Crypto import Random
>> Random library should not be used for any security or cryptographic purposes
 - /Users/step6927/barbican/barbican/openstack/common/processutils.py::23
	 23  import random
>> Use of random is not suitable for security/cryptographic purposes.
 - /Users/step6927/barbican/barbican/openstack/common/processutils.py::130
	130                      greenthread.sleep(random.randint(20, 200) / 100.0)
>> Random library should not be used for any security or cryptographic purposes
 - /Users/step6927/barbican/barbican/openstack/common/service.py::24
	 24  import random
>> Use of random is not suitable for security/cryptographic purposes.
 - /Users/step6927/barbican/barbican/openstack/common/service.py::243
	243          random.seed()
>> ssl.wrap_socket call with no SSL/TLS protocol version specified, the default SSLv23 could be insecure, possible security issue.
 - /Users/step6927/barbican/barbican/openstack/common/sslutils.py::80
	 80      return ssl.wrap_socket(sock, **ssl_kwargs)
>> Possible SQL injection vector through string-based query construction, without SQLALCHEMY use
 - /Users/step6927/barbican/barbican/plugin/interface/certificate_manager.py::242
	242          """
>> Possible SQL injection vector through string-based query construction, without SQLALCHEMY use
 - /Users/step6927/barbican/barbican/plugin/simple_certificate_manager.py::55
	 55          """
>> Possible SQL injection vector through string-based query construction, without SQLALCHEMY use
 - /Users/step6927/barbican/barbican/plugin/symantec.py::96
	 96          """
>> Probable insecure usage of temp file/directory
 - /Users/step6927/barbican/barbican/tests/plugin/test_dogtag.py::93
	 93          m.dogtag_plugin = mock.MagicMock(pem_path=None, nss_db_path='/tmp')
	>> Consider possible security implications associated with Crypto module.
	- /Users/step6927/barbican/barbican/openstack/common/crypto/utils.py::20
	20 from Crypto import Random
	>> Random library should not be used for any security or cryptographic purposes
	- /Users/step6927/barbican/barbican/openstack/common/processutils.py::23
	23 import random
	>> Use of random is not suitable for security/cryptographic purposes.
	- /Users/step6927/barbican/barbican/openstack/common/processutils.py::130
	130 greenthread.sleep(random.randint(20, 200) / 100.0)
	>> Random library should not be used for any security or cryptographic purposes
	- /Users/step6927/barbican/barbican/openstack/common/service.py::24
	24 import random
	>> Use of random is not suitable for security/cryptographic purposes.
	- /Users/step6927/barbican/barbican/openstack/common/service.py::243
	243 random.seed()
	>> ssl.wrap_socket call with no SSL/TLS protocol version specified, the default SSLv23 could be insecure, possible security issue.
	- /Users/step6927/barbican/barbican/openstack/common/sslutils.py::80
	80 return ssl.wrap_socket(sock, **ssl_kwargs)
	>> Possible SQL injection vector through string-based query construction, without SQLALCHEMY use
	- /Users/step6927/barbican/barbican/plugin/interface/certificate_manager.py::242
	242 """
	>> Possible SQL injection vector through string-based query construction, without SQLALCHEMY use
	- /Users/step6927/barbican/barbican/plugin/simple_certificate_manager.py::55
	55 """
	>> Possible SQL injection vector through string-based query construction, without SQLALCHEMY use
	- /Users/step6927/barbican/barbican/plugin/symantec.py::96
	96 """
	>> Probable insecure usage of temp file/directory
	- /Users/step6927/barbican/barbican/tests/plugin/test_dogtag.py::93
	93 m.dogtag_plugin = mock.MagicMock(pem_path=None, nss_db_path='/tmp')