Create SafeComparisonOfHeaderValue.py

2026-04-25 08:45:14 +02:00 · 2022-08-04 12:48:19 +01:00
parent e1435afea9
commit a98a77ad40
1 changed files with 20 additions and 0 deletions
--- a/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue/SafeComparisonOfHeaderValue.py
+++ b/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstHeaderValue/SafeComparisonOfHeaderValue.py
@@ -0,0 +1,20 @@
+#!/usr/bin/env python
+# -*- coding: UTF-8 -*-
+
+"""
+@Desc   ：preventing timing attack against header value
+"""
+
+from flask import Flask
+from flask import request
+
+@app.route('/good1')
+def good1():
+    Secret = request.headers.get('X-Auth-Token')    
+    if not hmac.compare_digest("secret", "token"):
+        raise Exception('bad token')
+    return 'good'
+
+if __name__ == '__main__':
+    app.debug = True
+    app.run()