Disagreement · 52c1a3b9-anthropic-1

Webhook authorization compares Buffers of mismatched length to timingSafeEqual — but the early-exit on length leaks token length

solo Opus

repo e24ef98c·PR #11·reviewed 1 week ago

Opus finding

Webhook authorization compares Buffers of mismatched length to timingSafeEqual — but the early-exit on length leaks token length

lowsecuritymedium

apps/web/app/api/cron/review-retry/route.ts:24-32

The length-mismatch short-circuit is necessary because timingSafeEqual throws on mismatched lengths, but it reveals via response timing whether the attacker's token has the correct length. For a fixed-length secret this is a minor information leak. Not critical, but worth noting because the rest of the comparison is otherwise constant-time. Mitigated by the fact that CRON_SECRET length is fixed and known to the operator; attackers gain at most knowledge of secret length.

Recommendation

Optionally pad the provided header to expected length before timingSafeEqual to fully mask length differences, e.g. compare hashes of both strings instead.

Other reviewer

The other reviewer flagged nothing in this file/line range.

Why this didn't post

This finding didn't meet AntFleet's unanimous agreement threshold. Both frontier models review every PR independently; only findings they both flag with the same severity and category are posted to the PR. This one fell through.

read the methodology →

From the same review

These findings passed the unanimous gate on the same PR review. The disagreement above was filtered out; the findings below were posted.

highbug
isTransientError always returns true — non-transient errors are retried, burning attempts and LLM budget
view anatomy →

← back to all disagreements view public receipts see unanimous findings + anatomies →

Tweet ↗