Add Authlib modeling and tests

2026-05-05 13:45:19 +02:00 · 2021-07-21 21:31:35 +02:00
parent e14b10370e
commit ce507beed4
2 changed files with 79 additions and 0 deletions
--- a/python/ql/test/experimental/query-tests/Security/CWE-437/authlib.py
+++ b/python/ql/test/experimental/query-tests/Security/CWE-437/authlib.py
@@ -0,0 +1,18 @@
+from authlib.jose import jwt  # It is already a JsonWebToken object
+from authlib.jose import JsonWebToken
+
+# Encoding
+
+# good - key and algorithm supplied
+jwt.encode({"alg": "HS256"}, token, "key")
+JsonWebToken().encode({"alg": "HS256"}, token, "key")
+
+# bad - empty key
+jwt.encode({"alg": "HS256"}, token, "")
+JsonWebToken().encode({"alg": "HS256"}, token, "")
+
+# Decoding
+
+# good -  "it will raise BadSignatureError when signature doesn’t match"
+jwt.decode(token, key)
+JsonWebToken().decode(token, key)