This project is archived. Its data is read-only.

Use secure compare to prevent timing attacks

This line of code https://gitlab.com/gitlab-org/quality/triage-serverless/blob/e0940502f1576a863a1f733666579cf57301dedb/triage/triage.rb#L26 should not use == but should instead use a #secure_compare from https://api.rubyonrails.org/classes/ActiveSupport/SecurityUtils.html#method-c-secure_compare

Edited Jul 11, 2019 by Dylan Griffith