Create SafeComparisonOfSensitiveInfo.py

2026-04-25 16:55:19 +02:00 · 2022-08-05 12:46:46 +01:00
parent 5eef14a0a9
commit dd61383469
1 changed files with 17 additions and 0 deletions
--- a/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo/SafeComparisonOfSensitiveInfo.py
+++ b/python/ql/src/experimental/Security/CWE-208/TimingAttackAgainstSensitiveInfo/SafeComparisonOfSensitiveInfo.py
@@ -0,0 +1,17 @@
+#!/usr/bin/env python
+# -*- coding: UTF-8 -*-
+
+"""
+@Desc   ：preventing timing attack sensitive info
+"""
+import hmac
+from flask import Flask
+from flask import request
+
+@app.route('/good')
+def check_credentials(password):
+    return hmac.compare_digest(password, "token")
+  
+if __name__ == '__main__':
+    app.debug = True
+    app.run()