Update lib/hooks/plugins/request_validator/shared_secret.rb

GrantBirki · Copilot · web-flow · commit b3c1523c2f62 · 2025-06-10T13:10:12.000-07:00
Co-authored-by: Copilot &lt;175728472+Copilot@users.noreply.github.com&gt;
diff --git a/lib/hooks/plugins/request_validator/shared_secret.rb b/lib/hooks/plugins/request_validator/shared_secret.rb
@@ -78,14 +78,17 @@ def self.valid?(payload:, headers:, secret:, config:)
 
           return false if raw_secret.nil? || raw_secret.empty?
 
+          # Cache the stripped value of raw_secret
+          stripped_secret = raw_secret.strip
+
           # Security: Reject secrets with leading/trailing whitespace
-          return false if raw_secret != raw_secret.strip
+          return false if raw_secret != stripped_secret
 
           # Security: Reject secrets containing null bytes or other control characters
           return false if raw_secret.match?(/[\u0000-\u001f\u007f-\u009f]/)
 
           # Use secure comparison to prevent timing attacks
-          Rack::Utils.secure_compare(secret, raw_secret.strip)
+          Rack::Utils.secure_compare(secret, stripped_secret)
         rescue StandardError => _e
           # Log error in production - for now just return false
           false
