From 5a53bc769006cb08d9f3f50b88257fc1f96862ed Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Sun, 15 May 2022 18:57:54 +0000 Subject: [PATCH 1/2] Bump actions/setup-python from 2 to 3 Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 3. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](https://github.com/actions/setup-python/compare/v2...v3) --- updated-dependencies: - dependency-name: actions/setup-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] --- .github/workflows/main.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a110e2ca..98324c17 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -22,7 +22,7 @@ jobs: steps: - uses: "actions/checkout@v2" - - uses: "actions/setup-python@v2" + - uses: "actions/setup-python@v3" with: python-version: "${{ matrix.python-version }}" @@ -38,7 +38,7 @@ jobs: # We always use a modern Python version for combining coverage to prevent # parsing errors in older versions for modern code. - - uses: "actions/setup-python@v2" + - uses: "actions/setup-python@v3" with: python-version: "3.8" @@ -62,7 +62,7 @@ jobs: steps: - uses: "actions/checkout@v2" - - uses: "actions/setup-python@v2" + - uses: "actions/setup-python@v3" with: python-version: "3.8" @@ -88,7 +88,7 @@ jobs: steps: - uses: "actions/checkout@v2" - - uses: "actions/setup-python@v2" + - uses: "actions/setup-python@v3" with: python-version: "3.8" From 7e4d713288dd0790ba89df47fe91c020e55f41fb Mon Sep 17 00:00:00 2001 From: "pre-commit-ci[bot]" <66853113+pre-commit-ci[bot]@users.noreply.github.com> Date: Sun, 15 May 2022 18:58:13 +0000 Subject: [PATCH 2/2] [pre-commit.ci] auto fixes from pre-commit.com hooks for more information, see https://pre-commit.ci --- jwt/utils.py | 2 +- tests/test_advisory.py | 19 +++++++++++-------- 2 files changed, 12 insertions(+), 9 deletions(-) diff --git a/jwt/utils.py b/jwt/utils.py index 8ab73b42..b8ad5fa5 100644 --- a/jwt/utils.py +++ b/jwt/utils.py @@ -136,7 +136,7 @@ def is_pem_format(key: bytes) -> bool: # Based on https://github.com/pyca/cryptography/blob/bcb70852d577b3f490f015378c75cba74986297b/src/cryptography/hazmat/primitives/serialization/ssh.py#L40-L46 _CERT_SUFFIX = b"-cert-v01@openssh.com" -_SSH_PUBKEY_RC = re.compile(br"\A(\S+)[ \t]+(\S+)") +_SSH_PUBKEY_RC = re.compile(rb"\A(\S+)[ \t]+(\S+)") _SSH_KEY_FORMATS = [ b"ssh-ed25519", b"ssh-rsa", diff --git a/tests/test_advisory.py b/tests/test_advisory.py index a4a7d237..ed768d4b 100644 --- a/tests/test_advisory.py +++ b/tests/test_advisory.py @@ -1,14 +1,17 @@ -import jwt import pytest + +import jwt from jwt.exceptions import InvalidKeyError from .utils import crypto_required -priv_key_bytes = b'''-----BEGIN PRIVATE KEY----- +priv_key_bytes = b"""-----BEGIN PRIVATE KEY----- MC4CAQAwBQYDK2VwBCIEIIbBhdo2ah7X32i50GOzrCr4acZTe6BezUdRIixjTAdL ------END PRIVATE KEY-----''' +-----END PRIVATE KEY-----""" -pub_key_bytes = b'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPL1I9oiq+B8crkmuV4YViiUnhdLjCp3hvy1bNGuGfNL' +pub_key_bytes = ( + b"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPL1I9oiq+B8crkmuV4YViiUnhdLjCp3hvy1bNGuGfNL" +) ssh_priv_key_bytes = b"""-----BEGIN EC PRIVATE KEY----- MHcCAQEEIOWc7RbaNswMtNtc+n6WZDlUblMr2FBPo79fcGXsJlGQoAoGCCqGSM49 @@ -41,11 +44,11 @@ def test_ghsa_ffqj_6fqr_9h24(self): # Making a good jwt token that should work by signing it # with the private key # encoded_good = jwt.encode({"test": 1234}, priv_key_bytes, algorithm="EdDSA") - encoded_good = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJ0ZXN0IjoxMjM0fQ.M5y1EEavZkHSlj9i8yi9nXKKyPBSAUhDRTOYZi3zZY11tZItDaR3qwAye8pc74_lZY3Ogt9KPNFbVOSGnUBHDg' + encoded_good = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJ0ZXN0IjoxMjM0fQ.M5y1EEavZkHSlj9i8yi9nXKKyPBSAUhDRTOYZi3zZY11tZItDaR3qwAye8pc74_lZY3Ogt9KPNFbVOSGnUBHDg" # Using HMAC with the public key to trick the receiver to think that the # public key is a HMAC secret - encoded_bad = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZXN0IjoxMjM0fQ.6ulDpqSlbHmQ8bZXhZRLFko9SwcHrghCwh8d-exJEE4' + encoded_bad = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZXN0IjoxMjM0fQ.6ulDpqSlbHmQ8bZXhZRLFko9SwcHrghCwh8d-exJEE4" # Both of the jwt tokens are validated as valid jwt.decode( @@ -101,12 +104,12 @@ def test_ghsa_ffqj_6fqr_9h24(self): jwt.decode( encoded_good, ssh_key_bytes, - algorithms=jwt.algorithms.get_default_algorithms() + algorithms=jwt.algorithms.get_default_algorithms(), ) with pytest.raises(InvalidKeyError): jwt.decode( encoded_bad, ssh_key_bytes, - algorithms=jwt.algorithms.get_default_algorithms() + algorithms=jwt.algorithms.get_default_algorithms(), )