Golang Snippet #09
This challenge covers the review of a snippet of code written in Golang
The Code Review Snippet challenges are designed to help you hone your code review skills by providing a small snippet of potentially vulnerable code. Initially, you're encouraged to identify the security issue without assistance. If you find it challenging to pinpoint the problem or wish to confirm your findings, you can watch the accompanying video for a detailed explanation.
In the provided Golang example, the function verifyPayment is scrutinized. This function takes a username, an amount, and a signature to verify the integrity of a payment request. The video walks you through the code, explaining each part, and highlights a critical security flaw: the comparison between the expected and provided signatures isn't done in constant time. This flaw can be exploited by attackers to brute-force the signature one character at a time, making the system vulnerable.