lib/active_support/security_utils.rb
# frozen_string_literal: true module ActiveSupport module SecurityUtils # Constant time string comparison, for fixed length strings. # # The values compared should be of fixed length, such as strings # that have already been processed by HMAC. Raises in case of length mismatch. if defined?(OpenSSL.fixed_length_secure_compare) def fixed_length_secure_compare(a, b) OpenSSL.fixed_length_secure_compare(a, b) end else def fixed_length_secure_compare(a, b) raise ArgumentError, "string length mismatch." unless a.bytesize == b.bytesize l = a.unpack "C#{a.bytesize}" res = 0 b.each_byte { |byte| res |= byte ^ l.shift } res == 0 end end module_function :fixed_length_secure_compare # Secure string comparison for strings of variable length. # # While a timing attack would not be able to discern the content of # a secret compared via secure_compare, it is possible to determine # the secret length. This should be considered when using secure_compare # to compare weak, short secrets to user input. def secure_compare(a, b) a.bytesize == b.bytesize && fixed_length_secure_compare(a, b) end module_function :secure_compare end end
Source Files
- lib/active_support.rb
- lib/active_support/actionable_error.rb
- lib/active_support/all.rb
- lib/active_support/array_inquirer.rb
- lib/active_support/backtrace_cleaner.rb
- lib/active_support/benchmarkable.rb
- lib/active_support/broadcast_logger.rb
- lib/active_support/builder.rb
- lib/active_support/cache.rb
- lib/active_support/cache/coder.rb
- lib/active_support/cache/entry.rb
- lib/active_support/cache/file_store.rb
- lib/active_support/cache/mem_cache_store.rb
- lib/active_support/cache/memory_store.rb
- lib/active_support/cache/null_store.rb
- lib/active_support/cache/redis_cache_store.rb
- lib/active_support/cache/serializer_with_fallback.rb
- lib/active_support/cache/strategy/local_cache.rb
- lib/active_support/cache/strategy/local_cache_middleware.rb
- lib/active_support/callbacks.rb
- lib/active_support/code_generator.rb
- lib/active_support/concern.rb
- lib/active_support/concurrency/load_interlock_aware_monitor.rb
- lib/active_support/concurrency/null_lock.rb
- lib/active_support/concurrency/share_lock.rb
- lib/active_support/configurable.rb
- lib/active_support/configuration_file.rb
- lib/active_support/core_ext.rb
- lib/active_support/core_ext/array.rb
- lib/active_support/core_ext/array/access.rb
- lib/active_support/core_ext/array/conversions.rb
- lib/active_support/core_ext/array/extract.rb
- lib/active_support/core_ext/array/extract_options.rb
- lib/active_support/core_ext/array/grouping.rb
- lib/active_support/core_ext/array/inquiry.rb
- lib/active_support/core_ext/array/wrap.rb
- lib/active_support/core_ext/benchmark.rb
- lib/active_support/core_ext/big_decimal.rb
- lib/active_support/core_ext/big_decimal/conversions.rb
- lib/active_support/core_ext/class.rb
- lib/active_support/core_ext/class/attribute.rb
- lib/active_support/core_ext/class/attribute_accessors.rb
- lib/active_support/core_ext/class/subclasses.rb
- lib/active_support/core_ext/date.rb
- lib/active_support/core_ext/date/acts_like.rb
- lib/active_support/core_ext/date/blank.rb
- lib/active_support/core_ext/date/calculations.rb
- lib/active_support/core_ext/date/conversions.rb
- lib/active_support/core_ext/date/zones.rb
- lib/active_support/core_ext/date_and_time/calculations.rb
- lib/active_support/core_ext/date_and_time/compatibility.rb
- lib/active_support/core_ext/date_and_time/zones.rb
- lib/active_support/core_ext/date_time.rb
- lib/active_support/core_ext/date_time/acts_like.rb
- lib/active_support/core_ext/date_time/blank.rb
- lib/active_support/core_ext/date_time/calculations.rb
- lib/active_support/core_ext/date_time/compatibility.rb
- lib/active_support/core_ext/date_time/conversions.rb
- lib/active_support/core_ext/digest.rb
- lib/active_support/core_ext/digest/uuid.rb
- lib/active_support/core_ext/enumerable.rb
- lib/active_support/core_ext/erb/util.rb
- lib/active_support/core_ext/file.rb
- lib/active_support/core_ext/file/atomic.rb
- lib/active_support/core_ext/hash.rb
- lib/active_support/core_ext/hash/conversions.rb
- lib/active_support/core_ext/hash/deep_merge.rb
- lib/active_support/core_ext/hash/deep_transform_values.rb
- lib/active_support/core_ext/hash/except.rb
- lib/active_support/core_ext/hash/indifferent_access.rb
- lib/active_support/core_ext/hash/keys.rb
- lib/active_support/core_ext/hash/reverse_merge.rb
- lib/active_support/core_ext/hash/slice.rb
- lib/active_support/core_ext/integer.rb
- lib/active_support/core_ext/integer/inflections.rb
- lib/active_support/core_ext/integer/multiple.rb
- lib/active_support/core_ext/integer/time.rb
- lib/active_support/core_ext/kernel.rb
- lib/active_support/core_ext/kernel/concern.rb
- lib/active_support/core_ext/kernel/reporting.rb
- lib/active_support/core_ext/kernel/singleton_class.rb
- lib/active_support/core_ext/load_error.rb
- lib/active_support/core_ext/module.rb
- lib/active_support/core_ext/module/aliasing.rb
- lib/active_support/core_ext/module/anonymous.rb
- lib/active_support/core_ext/module/attr_internal.rb
- lib/active_support/core_ext/module/attribute_accessors.rb
- lib/active_support/core_ext/module/attribute_accessors_per_thread.rb
- lib/active_support/core_ext/module/concerning.rb
- lib/active_support/core_ext/module/delegation.rb
- lib/active_support/core_ext/module/deprecation.rb
- lib/active_support/core_ext/module/introspection.rb
- lib/active_support/core_ext/module/redefine_method.rb
- lib/active_support/core_ext/module/remove_method.rb
- lib/active_support/core_ext/name_error.rb
- lib/active_support/core_ext/numeric.rb
- lib/active_support/core_ext/numeric/bytes.rb
- lib/active_support/core_ext/numeric/conversions.rb
- lib/active_support/core_ext/numeric/time.rb
- lib/active_support/core_ext/object.rb
- lib/active_support/core_ext/object/acts_like.rb
- lib/active_support/core_ext/object/blank.rb
- lib/active_support/core_ext/object/conversions.rb
- lib/active_support/core_ext/object/deep_dup.rb
- lib/active_support/core_ext/object/duplicable.rb
- lib/active_support/core_ext/object/inclusion.rb
- lib/active_support/core_ext/object/instance_variables.rb
- lib/active_support/core_ext/object/json.rb
- lib/active_support/core_ext/object/to_param.rb
- lib/active_support/core_ext/object/to_query.rb
- lib/active_support/core_ext/object/try.rb
- lib/active_support/core_ext/object/with.rb
- lib/active_support/core_ext/object/with_options.rb
- lib/active_support/core_ext/pathname.rb
- lib/active_support/core_ext/pathname/blank.rb
- lib/active_support/core_ext/pathname/existence.rb
- lib/active_support/core_ext/range.rb
- lib/active_support/core_ext/range/compare_range.rb
- lib/active_support/core_ext/range/conversions.rb
- lib/active_support/core_ext/range/each.rb
- lib/active_support/core_ext/range/overlap.rb
- lib/active_support/core_ext/regexp.rb
- lib/active_support/core_ext/securerandom.rb
- lib/active_support/core_ext/string.rb
- lib/active_support/core_ext/string/access.rb
- lib/active_support/core_ext/string/behavior.rb
- lib/active_support/core_ext/string/conversions.rb
- lib/active_support/core_ext/string/exclude.rb
- lib/active_support/core_ext/string/filters.rb
- lib/active_support/core_ext/string/indent.rb
- lib/active_support/core_ext/string/inflections.rb
- lib/active_support/core_ext/string/inquiry.rb
- lib/active_support/core_ext/string/multibyte.rb
- lib/active_support/core_ext/string/output_safety.rb
- lib/active_support/core_ext/string/starts_ends_with.rb
- lib/active_support/core_ext/string/strip.rb
- lib/active_support/core_ext/string/zones.rb
- lib/active_support/core_ext/symbol.rb
- lib/active_support/core_ext/symbol/starts_ends_with.rb
- lib/active_support/core_ext/thread/backtrace/location.rb
- lib/active_support/core_ext/time.rb
- lib/active_support/core_ext/time/acts_like.rb
- lib/active_support/core_ext/time/calculations.rb
- lib/active_support/core_ext/time/compatibility.rb
- lib/active_support/core_ext/time/conversions.rb
- lib/active_support/core_ext/time/zones.rb
- lib/active_support/current_attributes.rb
- lib/active_support/current_attributes/test_helper.rb
- lib/active_support/deep_mergeable.rb
- lib/active_support/dependencies.rb
- lib/active_support/dependencies/autoload.rb
- lib/active_support/dependencies/interlock.rb
- lib/active_support/dependencies/require_dependency.rb
- lib/active_support/deprecation.rb
- lib/active_support/deprecation/behaviors.rb
- lib/active_support/deprecation/constant_accessor.rb
- lib/active_support/deprecation/deprecators.rb
- lib/active_support/deprecation/disallowed.rb
- lib/active_support/deprecation/instance_delegator.rb
- lib/active_support/deprecation/method_wrappers.rb
- lib/active_support/deprecation/proxy_wrappers.rb
- lib/active_support/deprecation/reporting.rb
- lib/active_support/deprecator.rb
- lib/active_support/descendants_tracker.rb
- lib/active_support/digest.rb
- lib/active_support/duration.rb
- lib/active_support/duration/iso8601_parser.rb
- lib/active_support/duration/iso8601_serializer.rb
- lib/active_support/encrypted_configuration.rb
- lib/active_support/encrypted_file.rb
- lib/active_support/environment_inquirer.rb
- lib/active_support/error_reporter.rb
- lib/active_support/error_reporter/test_helper.rb
- lib/active_support/evented_file_update_checker.rb
- lib/active_support/execution_context.rb
- lib/active_support/execution_context/test_helper.rb
- lib/active_support/execution_wrapper.rb
- lib/active_support/executor.rb
- lib/active_support/executor/test_helper.rb
- lib/active_support/file_update_checker.rb
- lib/active_support/fork_tracker.rb
- lib/active_support/gem_version.rb
- lib/active_support/gzip.rb
- lib/active_support/hash_with_indifferent_access.rb
- lib/active_support/html_safe_translation.rb
- lib/active_support/i18n.rb
- lib/active_support/i18n_railtie.rb
- lib/active_support/inflections.rb
- lib/active_support/inflector.rb
- lib/active_support/inflector/inflections.rb
- lib/active_support/inflector/methods.rb
- lib/active_support/inflector/transliterate.rb
- lib/active_support/isolated_execution_state.rb
- lib/active_support/json.rb
- lib/active_support/json/decoding.rb
- lib/active_support/json/encoding.rb
- lib/active_support/key_generator.rb
- lib/active_support/lazy_load_hooks.rb
- lib/active_support/locale/en.rb
- lib/active_support/log_subscriber.rb
- lib/active_support/log_subscriber/test_helper.rb
- lib/active_support/logger.rb
- lib/active_support/logger_silence.rb
- lib/active_support/logger_thread_safe_level.rb
- lib/active_support/message_encryptor.rb
- lib/active_support/message_encryptors.rb
- lib/active_support/message_pack.rb
- lib/active_support/message_pack/cache_serializer.rb
- lib/active_support/message_pack/extensions.rb
- lib/active_support/message_pack/serializer.rb
- lib/active_support/message_verifier.rb
- lib/active_support/message_verifiers.rb
- lib/active_support/messages/codec.rb
- lib/active_support/messages/metadata.rb
- lib/active_support/messages/rotation_configuration.rb
- lib/active_support/messages/rotation_coordinator.rb
- lib/active_support/messages/rotator.rb
- lib/active_support/messages/serializer_with_fallback.rb
- lib/active_support/multibyte.rb
- lib/active_support/multibyte/chars.rb
- lib/active_support/multibyte/unicode.rb
- lib/active_support/notifications.rb
- lib/active_support/notifications/fanout.rb
- lib/active_support/notifications/instrumenter.rb
- lib/active_support/number_helper.rb
- lib/active_support/number_helper/number_converter.rb
- lib/active_support/number_helper/number_to_currency_converter.rb
- lib/active_support/number_helper/number_to_delimited_converter.rb
- lib/active_support/number_helper/number_to_human_converter.rb
- lib/active_support/number_helper/number_to_human_size_converter.rb
- lib/active_support/number_helper/number_to_percentage_converter.rb
- lib/active_support/number_helper/number_to_phone_converter.rb
- lib/active_support/number_helper/number_to_rounded_converter.rb
- lib/active_support/number_helper/rounding_helper.rb
- lib/active_support/option_merger.rb
- lib/active_support/ordered_hash.rb
- lib/active_support/ordered_options.rb
- lib/active_support/parameter_filter.rb
- lib/active_support/proxy_object.rb
- lib/active_support/rails.rb
- lib/active_support/railtie.rb
- lib/active_support/reloader.rb
- lib/active_support/rescuable.rb
- lib/active_support/ruby_features.rb
- lib/active_support/secure_compare_rotator.rb
- lib/active_support/security_utils.rb
- lib/active_support/string_inquirer.rb
- lib/active_support/subscriber.rb
- lib/active_support/syntax_error_proxy.rb
- lib/active_support/tagged_logging.rb
- lib/active_support/test_case.rb
- lib/active_support/testing/assertions.rb
- lib/active_support/testing/autorun.rb
- lib/active_support/testing/constant_lookup.rb
- lib/active_support/testing/constant_stubbing.rb
- lib/active_support/testing/declarative.rb
- lib/active_support/testing/deprecation.rb
- lib/active_support/testing/error_reporter_assertions.rb
- lib/active_support/testing/file_fixtures.rb
- lib/active_support/testing/isolation.rb
- lib/active_support/testing/method_call_assertions.rb
- lib/active_support/testing/parallelization.rb
- lib/active_support/testing/parallelization/server.rb
- lib/active_support/testing/parallelization/worker.rb
- lib/active_support/testing/parallelize_executor.rb
- lib/active_support/testing/setup_and_teardown.rb
- lib/active_support/testing/stream.rb
- lib/active_support/testing/strict_warnings.rb
- lib/active_support/testing/tagged_logging.rb
- lib/active_support/testing/time_helpers.rb
- lib/active_support/time.rb
- lib/active_support/time_with_zone.rb
- lib/active_support/values/time_zone.rb
- lib/active_support/version.rb
- lib/active_support/xml_mini.rb
- lib/active_support/xml_mini/jdom.rb
- lib/active_support/xml_mini/libxml.rb
- lib/active_support/xml_mini/libxmlsax.rb
- lib/active_support/xml_mini/nokogiri.rb
- lib/active_support/xml_mini/nokogirisax.rb
- lib/active_support/xml_mini/rexml.rb