From 8d8612df55ac3cc6ae733903a807bd8da5df4f7d Mon Sep 17 00:00:00 2001
From: "google-labs-jules[bot]"
 <161369871+google-labs-jules[bot]@users.noreply.github.com>
Date: Sat, 16 May 2026 09:07:26 +0000
Subject: [PATCH] Replace random with secrets for secure ID generation

Switch from random.choices to the cryptographically secure secrets.choice
in helpers/guids.py to prevent generation of predictable unique identifiers.

Co-authored-by: thirdeyenation <133812267+thirdeyenation@users.noreply.github.com>
---
 .jules/sentinel.md | 4 ++++
 helpers/guids.py   | 4 ++--
 2 files changed, 6 insertions(+), 2 deletions(-)
 create mode 100644 .jules/sentinel.md

diff --git a/.jules/sentinel.md b/.jules/sentinel.md
new file mode 100644
index 0000000000..67e4248278
--- /dev/null
+++ b/.jules/sentinel.md
@@ -0,0 +1,4 @@
+## 2024-05-18 - Weak Random Generation in IDs
+**Vulnerability:** The codebase was using the standard `random` module for generating session tokens and identifiers (`helpers/guids.py`).
+**Learning:** The `random` module is not cryptographically secure and predictable, which could compromise generated IDs.
+**Prevention:** Always use the `secrets` module (e.g., `secrets.choice`) for generating random strings where security or unpredictability is needed.
diff --git a/helpers/guids.py b/helpers/guids.py
index f0def4b4c6..aa5fd9b56a 100644
--- a/helpers/guids.py
+++ b/helpers/guids.py
@@ -1,4 +1,4 @@
-import random, string
+import secrets, string
 
 def generate_id(length: int = 8) -> str:
-    return "".join(random.choices(string.ascii_letters + string.digits, k=length))
+    return "".join(secrets.choice(string.ascii_letters + string.digits) for _ in range(length))