Move tests under test/

2026-04-30 19:26:02 +02:00 · 2021-07-01 17:51:00 +02:00
parent 058ade4d8e
commit 07422a1dce
3 changed files with 0 additions and 0 deletions
--- a/python/ql/test/experimental/query-tests/Security/CWE-437/JWTEmptyKeyOrAlgorithm.qlref
+++ b/python/ql/test/experimental/query-tests/Security/CWE-437/JWTEmptyKeyOrAlgorithm.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE-347/JWTEmptyKeyOrAlgorithm.ql
--- a/python/ql/test/experimental/query-tests/Security/CWE-437/JWTMissingSecretOrPublicKeyVerification.qlref
+++ b/python/ql/test/experimental/query-tests/Security/CWE-437/JWTMissingSecretOrPublicKeyVerification.qlref
@@ -0,0 +1 @@
+experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql
--- a/python/ql/test/experimental/query-tests/Security/CWE-437/pyjwt.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-437/pyjwt.py
@@ -0,0 +1,27 @@
+import jwt
+
+# Encoding
+
+# good - key and algorithm supplied
+jwt.encode({"foo": "bar"}, "key", "HS256")
+jwt.encode({"foo": "bar"}, key="key", algorithm="HS256")
+
+# bad - both key and algorithm set to None
+jwt.encode({"foo": "bar"}, None, None)
+
+# bad - empty key
+jwt.encode({"foo": "bar"}, "", algorithm="HS256")
+jwt.encode({"foo": "bar"}, key="", algorithm="HS256")
+
+# Decoding
+
+# good
+jwt.decode(token, "key", "HS256")
+
+# bad - unverified decoding
+jwt.decode(token, verify=False)
+jwt.decode(token, key, options={"verify_signature": False})
+
+# good - verified decoding
+jwt.decode(token, verify=True)
+jwt.decode(token, key, options={"verify_signature": True})
				`@@ -0,0 +1 @@`
				`experimental/Security/CWE-347/JWTEmptyKeyOrAlgorithm.ql`
				`@@ -0,0 +1 @@`
				`experimental/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.ql`