Fixed scripted JWT generation, updated regex to match: it was incorrect

aegilops · aegilops · commit 441d8ce7e0e8 · 2022-12-15T16:58:31.000Z
diff --git a/jwt/generate_jwt.py b/jwt/generate_jwt.py
@@ -6,8 +6,10 @@
 from typing import Generator, Optional
 from enum import Enum
 from argparse import ArgumentParser
+import logging
 
 
+LOG = logging.getLogger(__name__)
 PADDING_CHARS = ('', "\t", "\n", ' ')
 
 
@@ -32,7 +34,7 @@ def leading_json_as_base64() -> Generator:
 
 
 def trailing_json_as_base64() -> Generator:
-        for json_type in JSONTypes:
+        for json_type in [JSONTypes.NUMBER]:
             if json_type == JSONTypes.STRING:
                 for c in range(0x01, 0xf4):
                     for d in range(0x01, 0xf4):
@@ -66,13 +68,15 @@ def trailing_json_as_base64() -> Generator:
 
 
 def output_trailing_json(obj: str) -> Generator:
-    for slide in range(0, 2):
+    for slide in range(0, 3):
         for e in PADDING_CHARS:
             for f in PADDING_CHARS:
                 for g in PADDING_CHARS:
                     for h in PADDING_CHARS:
                         padding = e + f + g + h
-                        yield b64(('A' * slide) + obj + padding + '}') 
+                        plain = ('A' * slide) + obj + padding + '}'
+                        LOG.debug(plain)
+                        yield b64(plain)
 
 
 def b64(text: str) -> str:
@@ -84,6 +88,11 @@ def main() -> None:
     add_args(parser)
     args = parser.parse_args()
 
+    logging.basicConfig()
+
+    if args.debug:
+        LOG.setLevel(logging.DEBUG)
+
     if args.leading:
         for token in leading_json_as_base64():
             print(token)
@@ -98,6 +107,7 @@ def main() -> None:
 def add_args(parser: ArgumentParser) -> None:
     parser.add_argument('--leading', action='store_true')
     parser.add_argument('--trailing', action='store_true')
+    parser.add_argument('--debug', '-d', action='store_true')
 
 
 if __name__ == '__main__':
diff --git a/jwt/patterns.yml b/jwt/patterns.yml
@@ -7,7 +7,7 @@ patterns:
     description: "JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties."
     regex:
       pattern: |
-        e(?:y[IJ]|yL[CD]|yA[JKgi]|w[koA][JKgi])[A-Za-z0-9_-]{10,}(?:[0-59JKdgilsw-z]fQ|[3HXn]0|[1BJVlpx]9)={0,2}\.e(?:y[IJ]|yL[CD]|yA[JKgi]|w[koA][JKgi])[A-Za-z0-9_-]{10,}(?:[0-59JKdgilsw-z]fQ|[3HXn]0|[1BJVlpx]9)={0,2}\.?[A-Za-z0-9_-]*={0,2}
+        e(?:y[IJ]|yL[CD]|yA[JKgi]|w[koA][JKgi])[A-Za-z0-9_-]{10,}(?:[0-5JKgw-z]fQ|[3HXn]0|[BFJNRVZdhlp]9)={0,2}\.e(?:y[IJ]|yL[CD]|yA[JKgi]|w[koA][JKgi])[A-Za-z0-9_-]{10,}(?:[0-5JKgw-z]fQ|[3HXn]0|[BFJNRVZdhlp]9)={0,2}\.?[A-Za-z0-9_-]*={0,2}
       start: |
         [^0-9A-Za-z_.-]|\A
       end: |
@@ -20,4 +20,7 @@ patterns:
       - name: example.txt
         start_offset: 16
         end_offset: 171
+      - name: test_supabase.txt
+        start_offset: 6
+        end_offset: 163
 
diff --git a/jwt/test_supabase.txt b/jwt/test_supabase.txt
@@ -0,0 +1 @@
+token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic2VydmljZV9yb2xlIiwiaWF0IjoxNjM2MzcxNDkzLCJleHAiOjE5NTE5NDc0OTN9.T365h6AcgnvibAWvN_rIiaFnOK5R1ZGqdEkPI45zsNs

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1 @@`
	`1`	`+token=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJyb2xlIjoic2VydmljZV9yb2xlIiwiaWF0IjoxNjM2MzcxNDkzLCJleHAiOjE5NTE5NDc0OTN9.T365h6AcgnvibAWvN_rIiaFnOK5R1ZGqdEkPI45zsNs`