From a597b7bf5f8cae025e881e3afb1b1eba3f140752 Mon Sep 17 00:00:00 2001
From: ReturnFI <151555003+ReturnFI@users.noreply.github.com>
Date: Fri, 12 Dec 2025 09:16:26 +0000
Subject: [PATCH] fix(password_generation): replace pwgen with secrets module
 for secure password generation

---
 core/cli_api.py | 15 +++++++--------
 1 file changed, 7 insertions(+), 8 deletions(-)

diff --git a/core/cli_api.py b/core/cli_api.py
index 301fce7..71583b1 100644
--- a/core/cli_api.py
+++ b/core/cli_api.py
@@ -6,6 +6,8 @@ import json
 from typing import Any, Optional
 from dotenv import dotenv_values
 import re
+import secrets
+import string
 
 import traffic
 
@@ -121,16 +123,13 @@ def run_cmd(command: list[str]) -> str:
 
 def generate_password() -> str:
     '''
-    Generates a random password using pwgen for user.
-    Could raise subprocess.CalledProcessError
+    Generates a secure, random alphanumeric password.
     '''
     try:
-        return subprocess.check_output(['pwgen', '-s', '32', '1'], shell=False).decode().strip()
-    except (subprocess.CalledProcessError, FileNotFoundError):
-        try:
-            return subprocess.check_output(['cat', '/proc/sys/kernel/random/uuid'], shell=False).decode().strip()
-        except Exception as e:
-            raise PasswordGenerationError(f"Failed to generate password: {e}")
+        alphabet = string.ascii_letters + string.digits
+        return ''.join(secrets.choice(alphabet) for _ in range(32))
+    except Exception as e:
+        raise PasswordGenerationError(f"Failed to generate password using secrets module: {e}")
 
 # endregion