From ec32ac4fc0f8bfef1eac32a74ae3a8c313ff05da Mon Sep 17 00:00:00 2001
From: "pixeebot[bot]" <104101892+pixeebot[bot]@users.noreply.github.com>
Date: Mon, 23 Jun 2025 04:08:26 +0000
Subject: [PATCH] Secure Source of Randomness

---
 src/astroidapi/attachment_processor.py | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/src/astroidapi/attachment_processor.py b/src/astroidapi/attachment_processor.py
index 9ff6876..4dd02b5 100644
--- a/src/astroidapi/attachment_processor.py
+++ b/src/astroidapi/attachment_processor.py
@@ -2,9 +2,9 @@
 import astroidapi.errors as errors
 import astroidapi.surrealdb_handler as surrealdb_handler
 import pathlib
-import random
 import pathlib
 import string
+import secrets
 
 async def download_attachment(attachment_url, registeredPlatforms):
     try: 
@@ -20,7 +20,7 @@ async def download_attachment(attachment_url, registeredPlatforms):
                     raise errors.AttachmentProcessError.AttachmentDownloadError.AttachmentTooLarge("Attachment is too large. Maximum size is 50MB.")
             print(f"Downloading attachment from {attachment_url}. Size: {int(content_length) / 1024 }KB")
             id_chars = string.ascii_lowercase + string.digits
-            attachment_id = "".join(random.choices(id_chars, k=16))
+            attachment_id = "".join(secrets.SystemRandom().choices(id_chars, k=16))
             attachment_name = attachment_url.split('/')[-1]
             attachment_type = attachment_name.split('.')[-1]
             if "?" in attachment_type:
@@ -90,4 +90,4 @@ async def force_clear_temporary_attachments():
             await surrealdb_handler.AttachmentProcessor.delete_attachment(file.name.split('.')[0])
             file.unlink()
     except Exception as e:
-        raise errors.AttachmentProcessError.AttachmentClearError.DeletionError(f"Error deleting temporary attachments. Error: {e}")
\ No newline at end of file
+        raise errors.AttachmentProcessError.AttachmentClearError.DeletionError(f"Error deleting temporary attachments. Error: {e}")