upaas

History

clawbot 72786a9feb fix: use hashed webhook secrets for constant-time comparison Store a SHA-256 hash of the webhook secret in a new webhook_secret_hash column. FindAppByWebhookSecret now hashes the incoming secret and queries by hash, eliminating the SQL string comparison timing side-channel. - Add migration 005_add_webhook_secret_hash.sql - Add database.HashWebhookSecret() helper - Backfill existing secrets on startup - Update App model to include WebhookSecretHash in all queries - Update app creation to compute hash at insert time - Add TestHashWebhookSecret unit test - Update all test fixtures to set WebhookSecretHash Closes #13	2026-02-15 14:06:53 -08:00
..
webhook_test.go	fix: use hashed webhook secrets for constant-time comparison	2026-02-15 14:06:53 -08:00
webhook.go	Add commit URL to Slack notifications with link and backtick formatting	2025-12-31 16:29:22 -08:00

clawbot 72786a9feb fix: use hashed webhook secrets for constant-time comparison

Store a SHA-256 hash of the webhook secret in a new webhook_secret_hash
column. FindAppByWebhookSecret now hashes the incoming secret and queries
by hash, eliminating the SQL string comparison timing side-channel.

- Add migration 005_add_webhook_secret_hash.sql
- Add database.HashWebhookSecret() helper
- Backfill existing secrets on startup
- Update App model to include WebhookSecretHash in all queries
- Update app creation to compute hash at insert time
- Add TestHashWebhookSecret unit test
- Update all test fixtures to set WebhookSecretHash

Closes #13

2026-02-15 14:06:53 -08:00

webhook_test.go

fix: use hashed webhook secrets for constant-time comparison

2026-02-15 14:06:53 -08:00

webhook.go

Add commit URL to Slack notifications with link and backtick formatting

2025-12-31 16:29:22 -08:00