Reintroduce Timing-Safe Signature Verification in v2 Webhook Parser (#435)

Resolve #428

In v1, we had a constant-time signature comparison to mitigate timing
attacks.
-
https://github.com/line/line-bot-sdk-ruby/blob/a6db291b252b13116b67f9b3621f73d3694b35bc/lib/line/bot/v1/client.rb#L1654-L1691

In v2(before release), this check was removed. This patch reintroduces
timing-safe verification, ensuring that the request body and the
`x-line-signature` header are validated without leaking timing
information.

Author: Yang-33

lib/line/bot/v2/webhook_parser.rb

@@ -41,7 +41,23 @@ def parse(body, signature)
 
         def verify_signature(body:, signature:)
           hash = OpenSSL::HMAC.digest(OpenSSL::Digest.new('SHA256'), @channel_secret, body)
-          signature == Base64.strict_encode64(hash.to_s)
+          expected = Base64.strict_encode64(hash)
+          variable_secure_compare(signature, expected)
+        end
+
+        # To avoid timing attacks
+        def variable_secure_compare(a, b)
+          secure_compare(::Digest::SHA256.hexdigest(a), ::Digest::SHA256.hexdigest(b))
+        end
+
+        def secure_compare(a, b)
+          return false unless a.bytesize == b.bytesize
+
+          l = a.unpack("C#{a.bytesize}")
+
+          res = 0
+          b.each_byte { |byte| res |= byte ^ l.shift }
+          res == 0
         end
 
         def create_instance(klass, attributes)

sig/line/bot/v2/webhook_parser.rbs

@@ -8,6 +8,10 @@ module Line
 
         private
 
+        def variable_secure_compare: (a: String, b: String) -> bool
+
+        def secure_compare: (a: String, b: String) -> bool
+
         def verify_signature: (body: String, signature: String) -> bool
 
         def create_instance: (untyped klass, Hash[Symbol, untyped] attributes) -> untyped