def random_multipart_boundary()

in http/get_multipart/python/server/server.py [0:0]

• 2 lines of code
• 3 McCabe index (conditional complexity)

def random_multipart_boundary():
    """
    Generate a random boundary string for a multipart response.

    Uses a cryptographically secure random number generator to generate a
    random boundary string for a multipart response. The boundary string has
    enough entropy to make it impossible that it will be repeated in the
    response body.

    Use a new boundary string for each multipart response so that once the
    secret is revealed to the client, it won't be possible to exploit it to
    create a malicious response.
    """
    # 28 bytes (224 bits) of entropy is enough to make a collision impossible.
    # See [1] for a mathematical discussion.
    #
    # The 28 bytes are encoded into URL-safe characters (alphanumeric, -, and _)
    # so the string ends up longer than 28 characters. RFC1341 [2] recommends a
    # maximum boundary length of 70 characters, so we're well within that limit.
    #
    # [1] https://preshing.com/20110504/hash-collision-probabilities/
    # [2] https://www.w3.org/Protocols/rfc1341/7_2_Multipart.html
    return secrets.token_urlsafe(28)