Thanks to visit codestin.com Credit goes to github.com
We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
1 parent 39e07cb commit fa81f43Copy full SHA for fa81f43
1 file changed
java/ql/src/experimental/Security/CWE/CWE-208/TimingAttackAgainstHeader.qhelp
@@ -21,7 +21,9 @@ and does not depend on the contents of the arrays.
21
<p>
22
The following example uses <code>Arrays.equals()</code> method for validating a csrf token.
23
This method implements a non-constant-time algorithm.
24
+
25
+In the same example i use a safe constant-time algorithm for validating.
26
</p>
-<sample src="UnsafecsrfComparison.java" />
27
+<sample src="csrfComparison.java" />
28
</qhelp>
29
0 commit comments