Welcome to mirror list, hosted at ThFree Co, Russian Federation.

gitlab.com/gitlab-org/gitlab-foss.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/app/models/project_services/ci_service.rb
diff options
context:
space:
mode:
authorJames Lopez <james@jameslopez.es>2016-03-02 14:18:43 +0300
committerJames Lopez <james@jameslopez.es>2016-03-02 14:18:43 +0300
commit70623cd423b0c7e26e56422bf25c413d9921ee88 (patch)
treef977ca35d156db2d7a75fce165dd704f59818edb /app/models/project_services/ci_service.rb
parent8cba0612e16268ea12904e40ce7dad293998a875 (diff)
fix token issue - timing attack
Diffstat (limited to 'app/models/project_services/ci_service.rb')
-rw-r--r--app/models/project_services/ci_service.rb2
1 files changed, 1 insertions, 1 deletions
diff --git a/app/models/project_services/ci_service.rb b/app/models/project_services/ci_service.rb
index e10b5529b42..f328deda354 100644
--- a/app/models/project_services/ci_service.rb
+++ b/app/models/project_services/ci_service.rb
@@ -26,7 +26,7 @@ class CiService < Service
default_value_for :category, 'ci'
def valid_token?(token)
- self.respond_to?(:token) && self.token.present? && self.token == token
+ self.respond_to?(:token) && self.token.present? && ActiveSupport::SecurityUtils.secure_compare(token, self.token)
end
def supported_events
generated by cgit v1.2.3 (git 2.25.1) at 2024-09-11 10:49:18 +0300