Use cryptographically secure random for new document ids #1162

gemini-code-assist · 2026-02-05T04:40:54Z

The existing unit test test__auto_id in tests/unit/v1/test_base_collection.py mocks random.choice. With this change, the test will likely fail as the code now primarily calls system_random.choice. The tests need to be updated to cover both the primary path (using system_random.choice) and the fallback path (using random.choice when NotImplementedError is raised).

gemini-code-assist · 2026-02-05T04:40:55Z

While the current implementation is correct, it contains duplicated code for generating the random string. To improve maintainability, you could refactor this to select the appropriate random function first, and then use it to generate the string.

try: # Use a cryptographically secure random number generator if available. # The .random() method will raise NotImplementedError on systems without os.urandom(). system_random.random() choice_func = system_random.choice except NotImplementedError: # Fallback to the default pseudo-random generator on very old systems. choice_func = random.choice return "".join(choice_func(_AUTO_ID_CHARS) for _ in range(20))

this is slower

I agree, this is slower

-Original file line number
+Diff line change
@@ Expand Up / @@ -60,6 +60,7 @@ @@
         import datetime
     _AUTO_ID_CHARS = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789"
+    system_random = random.SystemRandom()
     class BaseCollectionReference(Generic[QueryType]):
@@ Expand Down Expand Up / @@ -623,8 +624,11 @@ def _auto_id() -> str: @@
             str: A 20 character string composed of digits, uppercase and
             lowercase and letters.
         """
-        return "".join(random.choice(_AUTO_ID_CHARS) for _ in range(20))
+        try:
+            return "".join(system_random.choice(_AUTO_ID_CHARS) for _ in range(20))
+        # Very old Unix systems don't have os.urandom (/dev/urandom), in which case use random.choice
+        except NotImplementedError:
+            return "".join(random.choice(_AUTO_ID_CHARS) for _ in range(20))
     def _item_to_document_ref(collection_reference, item):
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -437,7 +437,7 @@ def test_basecollectionreference_pipeline(mock_query): @@
             assert pipeline == mock_query._build_pipeline.return_value
-    @mock.patch("random.choice")
+    @mock.patch("random.SystemRandom.choice")
     def test__auto_id(mock_rand_choice):
         from google.cloud.firestore_v1.base_collection import _AUTO_ID_CHARS, _auto_id
@@ Expand Down @@

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use cryptographically secure random for new document ids #1162

Uh oh!

Diff view

Diff view

There are no files selected for viewing

gemini-code-assist bot Feb 5, 2026

Uh oh!

probicheaux Feb 5, 2026

Uh oh!

gemini-code-assist bot Feb 5, 2026

Uh oh!

probicheaux Feb 5, 2026

Uh oh!

PranavMin Feb 5, 2026

Uh oh!

Uh oh!

Use cryptographically secure random for new document ids #1162

Are you sure you want to change the base?

Uh oh!

Use cryptographically secure random for new document ids #1162

Uh oh!

Uh oh!

Diff view

Diff view

There are no files selected for viewing

gemini-code-assist bot Feb 5, 2026

Choose a reason for hiding this comment

Uh oh!

probicheaux Feb 5, 2026

Choose a reason for hiding this comment

Uh oh!

gemini-code-assist bot Feb 5, 2026

Choose a reason for hiding this comment

Uh oh!

probicheaux Feb 5, 2026

Choose a reason for hiding this comment

Uh oh!

PranavMin Feb 5, 2026

Choose a reason for hiding this comment

Uh oh!

Uh oh!