# Return some error
    ...
```

Porém, ao utilizar o `secrets.compare_digest()`, isso estará seguro contra um tipo de ataque chamado "timing attacks" (ataques de temporização).

### Ataques de Temporização { #timing-attacks }

Mas o que é um "timing attack" (ataque de temporização)?

Vamos imaginar que alguns invasores estão tentando adivinhar o usuário e a senha.

        State currentState = state.get();
        totalSuccesses.incrementAndGet();
        consecutiveSuccesses.incrementAndGet();
        consecutiveFailures.set(0);

        // Track response time metrics
        if (responseTimeMs > 0) {
            updateResponseTimeMetrics(responseTimeMs);
        }

        rollingWindow.recordSuccess(responseTimeMs);

    For more details, see [Advanced audit](https://kubernetes.io/docs/tasks/debug-application-cluster/audit/#advanced-audit).

* The deprecated `ThirdPartyResource` (TPR) API was removed.
  To avoid losing your TPR data, [migrate to CustomResourceDefinition](https://kubernetes.io/docs/tasks/access-kubernetes-api/migrate-third-party-resource/).

			return h.New()
		}
	}
}

// HashBorrower allows borrowing hashes and will keep track of them.
func (s *SigningMethodHMAC) HashBorrower() HashBorrower {
	return HashBorrower{pool: &s.HasherPool, borrowed: make([]hash.Hash, 0, 2)}
}

// HashBorrower keeps track of borrowed hashers and allows to return them all.
type HashBorrower struct {
	pool     *bpool.Pool[hash.Hash]
	borrowed []hash.Hash

        <!--<exclude name='ExplicitCallToAndMethod'/>-->
        <!--<exclude name='ExplicitCallToOrMethod'/>-->
    <!--</ruleset-ref>-->
    <ruleset-ref path='rulesets/braces.xml'/>
    <ruleset-ref path='rulesets/imports.xml'>
        <exclude name="ImportFromSunPackages"/>
        <exclude name="MisorderedStaticImports"/>
        <exclude name="NoWildcardImports"/>
    </ruleset-ref>

Please restrain from publicly discussing a potential security vulnerability. 🙊

It's better to discuss privately and try to find a solution first, to limit the potential impact as much as possible.

---

Thanks for your help!

name: Bug Report
description: File a bug report
labels: ["bug"]

body:
  - type: markdown
    attributes:
      value: |
        Thanks for taking the time to fill out this bug report.     

        Simple fixes in single PRs do not require issues. 
  
        **Do you use the latest project version?**

  - type: input
    id: version

/**
 * Utility class for handling {@link File}.
 * <p>
 * <strong>SECURITY NOTE:</strong> When accepting file paths from untrusted sources,
 * always validate them using {@link #isPathSafe(Path, Path)} to prevent path traversal attacks.
 * Methods that accept path strings do not perform automatic validation to maintain backward compatibility.
 * </p>
 *
 * @author higa
 */
public abstract class FileUtil {

    /**
     * Do not instantiate.

        <!--<exclude name='ExplicitCallToAndMethod'/>-->
        <!--<exclude name='ExplicitCallToOrMethod'/>-->
    <!--</ruleset-ref>-->
    <ruleset-ref path='rulesets/braces.xml'/>
    <ruleset-ref path='rulesets/imports.xml'>
        <exclude name="ImportFromSunPackages"/>
        <exclude name="MisorderedStaticImports"/>
        <exclude name="NoWildcardImports"/>
    </ruleset-ref>

title: "x/pkgsite: package removal request for [type path here]"
labels: ["pkgsite/package-removal"]
body:
  - type: markdown
    attributes:
      value: "Please answer these questions before submitting your issue. Thanks!"
  - type: input
    id: package-path
    attributes:
      label: "What is the path of the package that you would like to have removed?"
      description: |
        We can remove packages with a shared path prefix.