Refined pattern to allow for whitespace, restricted characters in keys/values to allowed ranges

aegilops · aegilops · commit 56782a6e68d9 · 2022-12-15T13:52:51.000Z
diff --git a/jwt/generate_jwt.py b/jwt/generate_jwt.py
@@ -0,0 +1,105 @@
+#!/usr/bin/env python3
+
+from base64 import urlsafe_b64encode as b64encode
+import re
+from random import randbytes
+from typing import Generator, Optional
+from enum import Enum
+from argparse import ArgumentParser
+
+
+PADDING_CHARS = ('', "\t", "\n", ' ')
+
+
+class JSONTypes(Enum):
+    STRING = 1
+    NUMBER = 2
+    OBJECT = 3
+    ARRAY = 4
+    BOOL = 5
+    NULL = 6
+
+
+def leading_json_as_base64() -> Generator:
+    for c in range(0x01, 0xf4):
+        for d in range(0x01, 0xf4):
+            for e in PADDING_CHARS:
+                for f in PADDING_CHARS:
+                    for g in PADDING_CHARS:
+                        for h in PADDING_CHARS:
+                            padding = e + f + g + h
+                            yield b64('{' + padding + '"' + chr(c) + chr(d))
+
+
+def trailing_json_as_base64() -> Generator:
+        for json_type in JSONTypes:
+            if json_type == JSONTypes.STRING:
+                for c in range(0x01, 0xf4):
+                    for d in range(0x01, 0xf4):
+                        for output in output_trailing_json(chr(c) + chr(d) + '"'):
+                            yield output
+            elif json_type == JSONTypes.NUMBER:
+                for c in ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', 'e', '.', '-', ' ', "\t", ':']:
+                    for d in ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0', 'e', '.', '-', ' ', "\t", ':']:
+                        for e in ['0', '1', '2', '3', '4', '5', '6', '7', '8', '9', '0']:
+                            for output in output_trailing_json(c + d + e):
+                                yield output
+            elif json_type == JSONTypes.OBJECT:
+                for c in range(0x01, 0xf4):
+                    for d in range(0x01, 0xf4):
+                        for output in output_trailing_json(chr(c) + chr(d) + '}'):
+                            yield output
+            elif json_type == JSONTypes.ARRAY:
+                for c in range(0x01, 0xf4):
+                    for d in range(0x01, 0xf4):
+                        for output in output_trailing_json(chr(c) + chr(d) + ']'):
+                            yield output
+            elif json_type == JSONTypes.BOOL:
+                for c in PADDING_CHARS:
+                    for b in ["true", "false"]:
+                        for output in output_trailing_json(c + b):
+                            yield output
+            elif json_type == JSONTypes.NULL:
+                for c in PADDING_CHARS:
+                    for output in output_trailing_json(c + "null"):
+                        yield output
+
+
+def output_trailing_json(obj: str) -> Generator:
+    for slide in range(0, 2):
+        for e in PADDING_CHARS:
+            for f in PADDING_CHARS:
+                for g in PADDING_CHARS:
+                    for h in PADDING_CHARS:
+                        padding = e + f + g + h
+                        yield b64(('A' * slide) + obj + padding + '}') 
+
+
+def b64(text: str) -> str:
+    return b64encode(text.encode('utf-8')).decode('utf-8')
+
+
+def main() -> None:
+    parser = ArgumentParser(description="Generate JWT base64 strings")
+    add_args(parser)
+    args = parser.parse_args()
+
+    if args.leading:
+        for token in leading_json_as_base64():
+            print(token)
+        return
+
+    if args.trailing:
+        for token in trailing_json_as_base64():
+            print(token.rstrip('='))
+        return
+
+
+def add_args(parser: ArgumentParser) -> None:
+    parser.add_argument('--leading', action='store_true')
+    parser.add_argument('--trailing', action='store_true')
+
+
+if __name__ == '__main__':
+        main()
+
diff --git a/jwt/patterns.yml b/jwt/patterns.yml
@@ -7,11 +7,11 @@ patterns:
     description: "JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties."
     regex:
       pattern: |
-        ey[A-Za-z0-9-_]{12,}[Q90]={0,2}\.ey[A-Za-z0-9-_]{12,}[Q90]={0,2}\.?[A-Za-z0-9-_=]*
+        e(?:y[I-J]|yL[CD]|w[koA][JKgi])[A-Za-z0-9_-]{10,}(?:[0-59JKdgilsw-z]fQ|[3HXn]0|[1BJVlpx]9)={0,2}\.e(?:y[I-J]|yL[CD]|w[koA][JKgi])[A-Za-z0-9_-]{10,}(?:[0-59JKdgilsw-z]fQ|[3HXn]0|[1BJVlpx]9)={0,2}\.?[A-Za-z0-9_-]*={0,2}
       start: |
         [^0-9A-Za-z_.-]|\A
       end: |
-        [^0-9A-Za-z_.-]|\z
+        [^0-9A-Za-z_.=-]|\z
 
     expected:
       - name: owasp-juice-shop.ts
