Update TimingAttackAgainstSensitiveInfo.py

2026-05-01 03:35:13 +02:00 · 2022-07-27 00:25:42 +01:00
parent 11e888f0ac
commit e3340c9345
1 changed files with 3 additions and 3 deletions
--- a/python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-208/TimingAttackAgainstSensitiveInfo.py
@@ -12,13 +12,13 @@ app = Flask(__name__)
 def check_credentials():
    if request.method == 'POST':
        password = request.form['pwd']
-        return password == "token"
+        return password == sec
    
@app.route('/good')
-def check_credentials(password):
+def check_credentials(sec):
    if request.method == 'POST':
        password = request.form['pwd']
-        return constant_time_string_compare(password, "token")
+        return constant_time_string_compare(password, sec)

 def constant_time_string_compare(a, b):
    if len(a) != len(b):