flake8
passed.
JSHint
passed.
Add checksum checking when validating VendorChecksum API tokens.
Review Request #12663 — Created Oct. 3, 2022 and submitted
This change makes the
VendorChecksumTokenGeneratorcheck the token's checksum
when validating tokens. This makes the token validation more precise and is
useful for weeding out any false positives during secret scanning.This also fixes the character set that we're using for base62-encoding the
token checksums. The previous one had incorrectly swapped the placement of the
capital and lowercase characters in the set. Tokens that were generated using
the old character set are still considered valid.
Ran unit tests.
| Summary | ID |
|---|---|
| 666361c32af88feb525657abd59c032cb7b6f4eb |
| Description | From | Last Updated |
|---|---|---|
|
We might just want to compare against checksum.swapcase() in the conditional directly, so that we don't perform this operation unless … |
 chipx86
|
- Change Summary:
-
Fixes the base62-encoding character set and still validates tokens that use our previous faulty base62-encoding.
- Description:
-
This change makes the
VendorChecksumTokenGeneratorcheck the token's checksumwhen validating tokens. This makes the token validation more precise and is useful for weeding out any false positives during secret scanning. + + This also fixes the character set that we're using for base62-encoding the
+ token checksums. The previous one had incorrectly swapped the placement of the + capital and lowercase characters in the set. Tokens that were generated using + the old character set are still considered valid. - Commits:
-
Summary ID d5aba73281ff2d7d415705e95efcc0358accdf84 85745ccbe8575b91006d740676c3092c4282c365
Checks run (2 succeeded)
flake8
passed.
JSHint
passed.