Skip to content

πŸ›‘οΈ Sentinel: [CRITICAL] Fix constant-time comparison vulnerability#523

Draft
EffortlessSteven wants to merge 1 commit into
mainfrom
jules-6209686930731087830-f66acbcc
Draft

πŸ›‘οΈ Sentinel: [CRITICAL] Fix constant-time comparison vulnerability#523
EffortlessSteven wants to merge 1 commit into
mainfrom
jules-6209686930731087830-f66acbcc

Conversation

@EffortlessSteven

@EffortlessSteven EffortlessSteven commented Jun 21, 2026

Copy link
Copy Markdown
Member

🚨 Severity: CRITICAL
πŸ’‘ Vulnerability: Hand-rolled constant-time string comparisons (using fold and XOR) can be optimized by the Rust compiler into variable-time operations, reintroducing timing attacks.
🎯 Impact: Attackers could potentially glean valid tokens via timing side-channels during basic token matching.
πŸ”§ Fix: Switched the implementation of constant_time_eq to rely on the established subtle crate's ConstantTimeEq trait, preventing compiler optimizations while maintaining the DoS-preventing early length-check.
βœ… Verification: Ran cargo test -p http-auth-verifier ensuring functionality works and unit tests (like prop_constant_time_eq_matches_standard_equality) pass.


PR created automatically by Jules for task 6209686930731087830 started by @EffortlessSteven


Note

High Risk
Changes secret/basic token equality used in authorize_token, a security-sensitive path where broken constant-time behavior could enable timing side-channels.

Overview
Replaces the hand-rolled XOR/fold implementation of constant_time_eq in http-auth-verifier with subtle::ConstantTimeEq, while keeping the early length mismatch return so comparison time stays bounded on unequal lengths.

Adds the subtle dependency and records the compiler-optimization pitfall in .jules/sentinel.md so future changes avoid manual constant-time loops.

Reviewed by Cursor Bugbot for commit a6dcf19. Bugbot is set up for automated code reviews on this repo. Configure here.

@google-labs-jules

Copy link
Copy Markdown

πŸ‘‹ Jules, reporting for duty! I'm here to lend a hand with this pull request.

When you start a review, I'll add a πŸ‘€ emoji to each comment to let you know I've read it. I'll focus on feedback directed at me and will do my best to stay out of conversations between you and other bots or reviewers to keep the noise down.

I'll push a commit with your requested changes shortly after. Please note there might be a delay between these steps, but rest assured I'm on the job!

For more direct control, you can switch me to Reactive Mode. When this mode is on, I will only act on comments where you specifically mention me with @jules. You can find this option in the Pull Request section of your global Jules UI settings. You can always switch back!

New to Jules? Learn more at jules.google/docs.


For security, I will only act on instructions from the user who triggered this task.

@gemini-code-assist

Copy link
Copy Markdown

Warning

You have reached your daily quota limit. Please wait up to 24 hours and I will start processing your requests again!

@coderabbitai

coderabbitai Bot commented Jun 21, 2026

Copy link
Copy Markdown

Review Change Stack

Walkthrough

The PR replaces the manual XOR/fold byte comparison in constant_time_eq with subtle::ConstantTimeEq::ct_eq, adds subtle = "2.6.1" as a dependency, and appends a sentinel entry documenting the compiler-optimization risk of hand-rolled constant-time logic.

Changes

Constant-time comparison hardening

Layer / File(s) Summary
Switch constant_time_eq to subtle::ConstantTimeEq
crates/http-auth-verifier/Cargo.toml, crates/http-auth-verifier/src/lib.rs, .jules/sentinel.md
Adds subtle = "2.6.1" under [dependencies], imports subtle::ConstantTimeEq, and replaces the XOR/fold byte accumulator with left.as_bytes().ct_eq(right.as_bytes()).into(). The sentinel doc records the compiler-optimization vulnerability and prescribes using vetted primitives going forward.

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~3 minutes

Poem

πŸ‡ A bunny once folded XOR byte by byte,
But the compiler laughed and made it not right!
Now subtle steps in with its ct_eq grace,
Timing attacks find no foothold β€” no trace.
Constant as carrots, secure in their place! πŸ₯•

πŸš₯ Pre-merge checks | βœ… 5
βœ… Passed checks (5 passed)
Check name Status Explanation
Title check βœ… Passed The title accurately describes the main change: fixing a constant-time comparison vulnerability by switching to the subtle crate.
Docstring Coverage βœ… Passed Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.
Linked Issues check βœ… Passed Check skipped because no linked issues were found for this pull request.
Out of Scope Changes check βœ… Passed Check skipped because no linked issues were found for this pull request.
Description check βœ… Passed The pull request description is well-related to the changeset, providing clear rationale for replacing hand-rolled constant-time comparison with the subtle crate to address a timing attack vulnerability.

✏️ Tip: You can configure your own custom pre-merge checks in the settings.

✨ Finishing Touches
πŸ“ Generate docstrings
  • Create stacked PR
  • Commit on current branch
πŸ§ͺ Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch jules-6209686930731087830-f66acbcc

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❀️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

πŸ€– Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.jules/sentinel.md:
- Around line 6-7: The Markdown file `.jules/sentinel.md` violates the MD022
linting rule which requires blank lines before and after headings. Add a blank
line after the heading "## 2026-06-21 - Compiler optimization of hand-rolled
constant-time checks" and before the "**Vulnerability:**" line to properly
separate the heading from the content that follows it.
πŸͺ„ Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

ℹ️ Review info
βš™οΈ Run configuration

Configuration used: Organization UI

Review profile: ASSERTIVE

Plan: Pro

Run ID: 2f0f77e7-2c88-4fd4-83c0-9f8bfad4b14d

πŸ“₯ Commits

Reviewing files that changed from the base of the PR and between 3debe49 and a6dcf19.

β›” Files ignored due to path filters (1)
  • Cargo.lock is excluded by !**/*.lock
πŸ“’ Files selected for processing (3)
  • .jules/sentinel.md
  • crates/http-auth-verifier/Cargo.toml
  • crates/http-auth-verifier/src/lib.rs

Comment thread .jules/sentinel.md
Comment on lines +6 to +7
## 2026-06-21 - Compiler optimization of hand-rolled constant-time checks
**Vulnerability:** Hand-rolled constant-time string comparisons (e.g., using `fold` and XOR) can be optimized by the compiler into variable-time operations, defeating their purpose and introducing timing attacks.

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟑 Minor | ⚑ Quick win

Add a blank line below the new heading to satisfy Markdown linting.

markdownlint MD022 expects headings to be surrounded by blank lines; Line 6 is missing a blank line before Line 7.

Suggested fix
 ## 2026-06-21 - Compiler optimization of hand-rolled constant-time checks
+
 **Vulnerability:** Hand-rolled constant-time string comparisons (e.g., using `fold` and XOR) can be optimized by the compiler into variable-time operations, defeating their purpose and introducing timing attacks.

As per coding guidelines, "Don't flag formatting issues unless specifically indicated by static analysis tools or pipeline failure logs."

πŸ“ Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
## 2026-06-21 - Compiler optimization of hand-rolled constant-time checks
**Vulnerability:** Hand-rolled constant-time string comparisons (e.g., using `fold` and XOR) can be optimized by the compiler into variable-time operations, defeating their purpose and introducing timing attacks.
## 2026-06-21 - Compiler optimization of hand-rolled constant-time checks
**Vulnerability:** Hand-rolled constant-time string comparisons (e.g., using `fold` and XOR) can be optimized by the compiler into variable-time operations, defeating their purpose and introducing timing attacks.
🧰 Tools
πŸͺ› LanguageTool

[typographical] ~6-~6: To join two clauses or introduce examples, consider using an em dash.
Context: ... to bound execution time. ## 2026-06-21 - Compiler optimization of hand-rolled con...

(DASH_RULE)

πŸͺ› markdownlint-cli2 (0.22.1)

[warning] 6-6: Headings should be surrounded by blank lines
Expected: 1; Actual: 0; Below

(MD022, blanks-around-headings)

πŸ€– Prompt for AI Agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

In @.jules/sentinel.md around lines 6 - 7, The Markdown file
`.jules/sentinel.md` violates the MD022 linting rule which requires blank lines
before and after headings. Add a blank line after the heading "## 2026-06-21 -
Compiler optimization of hand-rolled constant-time checks" and before the
"**Vulnerability:**" line to properly separate the heading from the content that
follows it.

Sources: Coding guidelines, Linters/SAST tools

@github-actions

Copy link
Copy Markdown

Test Results

283 tests   245 βœ…β€ƒβ€ƒ11m 17s ⏱️
 25 suites   38 πŸ’€
  1 files      0 ❌

Results for commit a6dcf19.

@cursor

cursor Bot commented Jun 21, 2026

Copy link
Copy Markdown

Bugbot couldn't run - usage limit reached

Bugbot is counted against Cursor usage for this user or team, and this run hit a usage or spend limit.

A user or team admin can review and increase usage limits in the Cursor dashboard.

(requestId: serverGenReqId_56ed5a4d-931b-4db0-8b5a-a43475b96ec3)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant