Use string.Equals for sync trigger key comparison

Copilot · hajekj · Copilot · commit b065b8c1af03 · 2026-03-21T01:21:40.000Z
Co-authored-by: hajekj <8337913+hajekj@users.noreply.github.com> Agent-Logs-Url: https://github.com/NETWORG/github-organization-management/sessions/d25337a6-f18c-49cc-91bd-404a92ac89d1
diff --git a/Web/Controllers/SyncController.cs b/Web/Controllers/SyncController.cs
@@ -3,7 +3,6 @@
 using Web.Services;
 using Microsoft.AspNetCore.Mvc;
 using Octokit;
-using System.Security.Cryptography;
 using System.Text;
 
 namespace Web.Controllers
@@ -40,9 +39,7 @@ public async Task<IActionResult> Index()
                 return new UnauthorizedResult();
             }
 
-            if (!CryptographicOperations.FixedTimeEquals(
-                    Encoding.UTF8.GetBytes(providedKey.FirstOrDefault() ?? string.Empty),
-                    Encoding.UTF8.GetBytes(_syncTriggerKey)))
+            if (!string.Equals(providedKey.FirstOrDefault(), _syncTriggerKey, StringComparison.Ordinal))
             {
                 return new UnauthorizedResult();
             }

Original file line number	Diff line number	Diff line change
`@@ -3,7 +3,6 @@`
`3`	`3`	`using Web.Services;`
`4`	`4`	`using Microsoft.AspNetCore.Mvc;`
`5`	`5`	`using Octokit;`
`6`		`-using System.Security.Cryptography;`
`7`	`6`	`using System.Text;`
`8`	`7`
`9`	`8`	`namespace Web.Controllers`
`@@ -40,9 +39,7 @@ public async Task<IActionResult> Index()`
`40`	`39`	`return new UnauthorizedResult();`
`41`	`40`	`}`
`42`	`41`
`43`		`- if (!CryptographicOperations.FixedTimeEquals(`
`44`		`- Encoding.UTF8.GetBytes(providedKey.FirstOrDefault() ?? string.Empty),`
`45`		`- Encoding.UTF8.GetBytes(_syncTriggerKey)))`
	`42`	`+ if (!string.Equals(providedKey.FirstOrDefault(), _syncTriggerKey, StringComparison.Ordinal))`
`46`	`43`	`{`
`47`	`44`	`return new UnauthorizedResult();`
`48`	`45`	`}`