hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 11:16:30 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
9afdab917e2cb1e5db42f4880cdbe10b29c6dcf1
codeql/java/ql/test/experimental/query-tests/security/CWE-208/TimingAttackAgainstHeader/Test.java
Ahmed Farid 0d278f6d61 Create Test.java
2022-02-25 17:33:08 +00:00

20 lines
632 B
Java
Raw Blame History

import javax.servlet.http.HttpServletRequest;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.lang.String;
public class Test {
private boolean UnsafeComparison(HttpServletRequest request) {
String Key = "secret";
return Key.equals(request.getHeader("X-Auth-Token"));
}
private boolean safeComparison(HttpServletRequest request) {
String token = request.getHeader("X-Auth-Token");
String Key = "secret";
return MessageDigest.isEqual(Key.getBytes(StandardCharsets.UTF_8), token.getBytes(StandardCharsets.UTF_8));
}
}
Reference in New Issue View Git Blame Copy Permalink