@octokit/webhooks
Advanced tools
Comparing version 3.0.0 to 3.0.1
@@ -1,1 +0,1 @@ | ||
{"name":"@octokit/webhooks","version":"3.0.0","publishConfig":{"access":"public"},"description":"GitHub webhook events toolset for Node.js","main":"index.js","directories":{"lib":"lib","test":"test"},"dependencies":{},"devDependencies":{"axios":"^0.17.1","coveralls":"^3.0.0","debug":"^3.1.0","get-port":"^3.2.0","pify":"^3.0.0","semantic-release":"^9.1.1","simple-mock":"^0.8.0","standard":"^10.0.3","tap":"^10.7.3"},"scripts":{"coverage":"tap --coverage-report=html && open coverage/lcov-report/index.html","coverage:upload":"tap --coverage-report=text-lcov | coveralls","pretest":"standard","test":"tap --100 --coverage 'test/**/*-test.js'","semantic-release":"semantic-release"},"repository":{"type":"git","url":"https://github.com/octokit/webhooks.js.git"},"keywords":[],"author":"Gregor Martynus (https://twitter.com/gr2m)","license":"MIT"} | ||
{"name":"@octokit/webhooks","version":"3.0.1","publishConfig":{"access":"public"},"description":"GitHub webhook events toolset for Node.js","main":"index.js","directories":{"lib":"lib","test":"test"},"dependencies":{"buffer-equal-constant-time":"^1.0.1"},"devDependencies":{"axios":"^0.17.1","coveralls":"^3.0.0","debug":"^3.1.0","get-port":"^3.2.0","pify":"^3.0.0","semantic-release":"^9.1.1","simple-mock":"^0.8.0","standard":"^10.0.3","tap":"^11.0.0"},"scripts":{"coverage":"tap --coverage-report=html && open coverage/lcov-report/index.html","coverage:upload":"tap --coverage-report=text-lcov | coveralls","pretest":"standard","test":"tap --100 --coverage 'test/**/*-test.js'","semantic-release":"semantic-release"},"repository":{"type":"git","url":"https://github.com/octokit/webhooks.js.git"},"keywords":[],"author":"Gregor Martynus (https://twitter.com/gr2m)","license":"MIT"} |
module.exports = verify | ||
const crypto = require('crypto') | ||
const Buffer = require('buffer').Buffer | ||
const timingSafeEqualPolyfill = require('buffer-equal-constant-time') | ||
const sign = require('../sign') | ||
@@ -12,6 +15,21 @@ | ||
return Buffer.compare( | ||
Buffer.from(signature), | ||
Buffer.from(sign(secret, eventPayload)) | ||
) === 0 | ||
const signatureBuffer = Buffer.from(signature) | ||
const verificationBuffer = Buffer.from(sign(secret, eventPayload)) | ||
if (signatureBuffer.length !== verificationBuffer.length) { | ||
return false | ||
} | ||
return timingSafeEqual(signatureBuffer, verificationBuffer) | ||
} | ||
/* istanbul ignore next */ | ||
function timingSafeEqual (signatureBuffer, verificationBuffer) { | ||
// crypto.verificationBuffer was added in Node 6.6 | ||
// https://nodejs.org/docs/latest-v6.x/api/crypto.html#crypto_crypto_timingsafeequal_a_b | ||
if ('timingSafeEqual' in crypto) { | ||
return crypto.timingSafeEqual(signatureBuffer, verificationBuffer) | ||
} | ||
return timingSafeEqualPolyfill(signatureBuffer, verificationBuffer) | ||
} |
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
62116
1114
1
+ Addedbuffer-equal-constant-time@1.0.1(transitive)