Module: StandardWebhooks

Defined in:: lib/standardwebhooks/util.rb,
lib/standardwebhooks/errors.rb,
lib/standardwebhooks/webhooks.rb

Defined Under Namespace

Classes: StandardWebhooksError, Webhook, WebhookSigningError, WebhookVerificationError

Class Method Summary collapse

.secure_compare(a, b) ⇒ Object

Secure string comparison for strings of fixed length.

Class Method Details

.secure_compare(a, b) ⇒ `Object`

Secure string comparison for strings of fixed length

While a timing attack would not be able to discern the content of a secret compared via secure_compare, it is possible to determine the secret length. This should be considered when using secure_compare to compare weak, short secrets to user input.

# File 'lib/standardwebhooks/util.rb', line 10

def secure_compare(a, b)
  return false unless a.bytesize == b.bytesize

  OpenSSL.fixed_length_secure_compare(a, b)
end

Module: StandardWebhooks

Defined Under Namespace

Class Method Summary collapse

Class Method Details

.secure_compare(a, b) ⇒ Object

.secure_compare(a, b) ⇒ `Object`