The secrets module provides cryptographically strong random values suitable for managing authentication tokens. Use secrets instead of the random module for session IDs, tokens, and CSRF nonces.
.token_bytes()Sanitizersecrets.token_bytes(nbytes: int | None = None) -> bytes
Cryptographically secure random bytes. Safe source for tokens.
return.token_hex()Sanitizersecrets.token_hex(nbytes: int | None = None) -> str
Hex-encoded secure random token. Safe.
return.token_urlsafe()Sanitizersecrets.token_urlsafe(nbytes: int | None = None) -> str
URL-safe base64 secure random token. Safe.
return.compare_digest()Sanitizersecrets.compare_digest(a, b) -> bool
Constant-time comparison. Sanitizer for secret comparison.
return.choice()Sanitizersecrets.choice(seq)
Cryptographically secure random choice from a non-empty sequence.
return| FQN | Field | |
|---|---|---|
| secrets | fqns[0] |
Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.
from codepathfinder.go_rule import PySecrets