Golang Snippet #02
Bookmarked!This challenge covers the review of a snippet of code written in Golang
In this lab, we explore a Golang snippet with three functions: buildSignatureforPayment
, buildUrl
, and verifyPayment
. These functions work together to create and verify a payment signature using HMAC with SHA-256. The code concatenates the user and amount to produce a signature, which is then used to construct a URL for payment processing.
However, the code has a significant flaw: it concatenates the user and amount directly without a separator. This can lead to collisions where different user and amount combinations produce the same HMAC signature. For example, a user "test" with an amount of 20 and a user "test2" with an amount of 0 both produce the same signature, causing a security vulnerability. This issue highlights the importance of using separators when concatenating values for signature generation to avoid such collisions.