always use compare_digest

author: Michael Merickel <michael@merickel.org> 2018-11-23 15:55:00 -0600
committer: Michael Merickel <michael@merickel.org> 2018-11-23 15:57:08 -0600
commit: f6b0ae2a32d6bcd40246ef1ec3abb16ce65324dc (patch)
tree: 2a6d06116a88662221fb607ed1fcb47655665c8a /src
parent: b404d4b29e5eaa08fb38e9bd4818e1a2d390c10b (diff)
download: pyramid-f6b0ae2a32d6bcd40246ef1ec3abb16ce65324dc.tar.gz
pyramid-f6b0ae2a32d6bcd40246ef1ec3abb16ce65324dc.tar.bz2
pyramid-f6b0ae2a32d6bcd40246ef1ec3abb16ce65324dc.zip
1 files changed, 2 insertions, 6 deletions
diff --git a/src/pyramid/util.py b/src/pyramid/util.py
index cad8142dd..e552b37de 100644
--- a/src/pyramid/util.py
+++ b/src/pyramid/util.py
@@ -301,7 +301,7 @@ class WeakOrderedSet(object):
             return self._items[oid]()
 
 
-def strings_differ(string1, string2, compare_digest=compare_digest):
+def strings_differ(string1, string2):
     """Check whether two strings differ while avoiding timing attacks.
 
     This function returns True if the given strings differ and False
@@ -325,11 +325,7 @@ def strings_differ(string1, string2, compare_digest=compare_digest):
         left = string2
     right = string2
 
-    if compare_digest is not None:
-        invalid_bits += not compare_digest(left, right)
-    else:
-        for a, b in zip(left, right):
-            invalid_bits += a != b
+    invalid_bits += not compare_digest(left, right)
     return invalid_bits != 0
author	Michael Merickel <michael@merickel.org>	2018-11-23 15:55:00 -0600
committer	Michael Merickel <michael@merickel.org>	2018-11-23 15:57:08 -0600
commit	f6b0ae2a32d6bcd40246ef1ec3abb16ce65324dc (patch)
tree	2a6d06116a88662221fb607ed1fcb47655665c8a /src
parent	b404d4b29e5eaa08fb38e9bd4818e1a2d390c10b (diff)
download	pyramid-f6b0ae2a32d6bcd40246ef1ec3abb16ce65324dc.tar.gz pyramid-f6b0ae2a32d6bcd40246ef1ec3abb16ce65324dc.tar.bz2 pyramid-f6b0ae2a32d6bcd40246ef1ec3abb16ce65324dc.zip