Update TimingAttackAgainstHeader.py

2026-05-03 12:45:27 +02:00 · 2022-08-12 12:25:31 +01:00
parent 21f9ee449a
commit 01490414e8
1 changed files with 2 additions and 2 deletions
--- a/python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeader.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstHeader.py
@@ -5,7 +5,7 @@
 """
 from flask import Flask
 from flask import request
-from django.utils.crypto import constant_time_compare
+import hmac

 app = Flask(__name__)

@@ -17,7 +17,7 @@ def bad1():

@app.route('/good')
 def good1(): 
-    if not constant_time_compare(Secret, "token"):
+    if not hmac.compare_digest(Secret, "token"):
        raise Exception('bad token')
    return 'good1'