PyCharm Python Security plugin
Contents:
Matching inputs, secrets or tokens using the == operator is vulnerable to timing attacks.
if password == "SUPER_SECRET": proceed()
if password == hash: proceed()
Developer security best practices: protecting against timing attacks