diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index a110e2ca..c329e8be 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -21,7 +21,7 @@ jobs: python-version: ["3.6", "3.7", "3.8", "3.9", "3.10"] steps: - - uses: "actions/checkout@v2" + - uses: "actions/checkout@v3" - uses: "actions/setup-python@v2" with: python-version: "${{ matrix.python-version }}" @@ -61,7 +61,7 @@ jobs: runs-on: "ubuntu-latest" steps: - - uses: "actions/checkout@v2" + - uses: "actions/checkout@v3" - uses: "actions/setup-python@v2" with: python-version: "3.8" @@ -87,7 +87,7 @@ jobs: runs-on: "${{ matrix.os }}" steps: - - uses: "actions/checkout@v2" + - uses: "actions/checkout@v3" - uses: "actions/setup-python@v2" with: python-version: "3.8" diff --git a/jwt/utils.py b/jwt/utils.py index 8ab73b42..b8ad5fa5 100644 --- a/jwt/utils.py +++ b/jwt/utils.py @@ -136,7 +136,7 @@ def is_pem_format(key: bytes) -> bool: # Based on https://github.com/pyca/cryptography/blob/bcb70852d577b3f490f015378c75cba74986297b/src/cryptography/hazmat/primitives/serialization/ssh.py#L40-L46 _CERT_SUFFIX = b"-cert-v01@openssh.com" -_SSH_PUBKEY_RC = re.compile(br"\A(\S+)[ \t]+(\S+)") +_SSH_PUBKEY_RC = re.compile(rb"\A(\S+)[ \t]+(\S+)") _SSH_KEY_FORMATS = [ b"ssh-ed25519", b"ssh-rsa", diff --git a/tests/test_advisory.py b/tests/test_advisory.py index a4a7d237..ed768d4b 100644 --- a/tests/test_advisory.py +++ b/tests/test_advisory.py @@ -1,14 +1,17 @@ -import jwt import pytest + +import jwt from jwt.exceptions import InvalidKeyError from .utils import crypto_required -priv_key_bytes = b'''-----BEGIN PRIVATE KEY----- +priv_key_bytes = b"""-----BEGIN PRIVATE KEY----- MC4CAQAwBQYDK2VwBCIEIIbBhdo2ah7X32i50GOzrCr4acZTe6BezUdRIixjTAdL ------END PRIVATE KEY-----''' +-----END PRIVATE KEY-----""" -pub_key_bytes = b'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPL1I9oiq+B8crkmuV4YViiUnhdLjCp3hvy1bNGuGfNL' +pub_key_bytes = ( + b"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPL1I9oiq+B8crkmuV4YViiUnhdLjCp3hvy1bNGuGfNL" +) ssh_priv_key_bytes = b"""-----BEGIN EC PRIVATE KEY----- MHcCAQEEIOWc7RbaNswMtNtc+n6WZDlUblMr2FBPo79fcGXsJlGQoAoGCCqGSM49 @@ -41,11 +44,11 @@ def test_ghsa_ffqj_6fqr_9h24(self): # Making a good jwt token that should work by signing it # with the private key # encoded_good = jwt.encode({"test": 1234}, priv_key_bytes, algorithm="EdDSA") - encoded_good = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJ0ZXN0IjoxMjM0fQ.M5y1EEavZkHSlj9i8yi9nXKKyPBSAUhDRTOYZi3zZY11tZItDaR3qwAye8pc74_lZY3Ogt9KPNFbVOSGnUBHDg' + encoded_good = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJ0ZXN0IjoxMjM0fQ.M5y1EEavZkHSlj9i8yi9nXKKyPBSAUhDRTOYZi3zZY11tZItDaR3qwAye8pc74_lZY3Ogt9KPNFbVOSGnUBHDg" # Using HMAC with the public key to trick the receiver to think that the # public key is a HMAC secret - encoded_bad = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZXN0IjoxMjM0fQ.6ulDpqSlbHmQ8bZXhZRLFko9SwcHrghCwh8d-exJEE4' + encoded_bad = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZXN0IjoxMjM0fQ.6ulDpqSlbHmQ8bZXhZRLFko9SwcHrghCwh8d-exJEE4" # Both of the jwt tokens are validated as valid jwt.decode( @@ -101,12 +104,12 @@ def test_ghsa_ffqj_6fqr_9h24(self): jwt.decode( encoded_good, ssh_key_bytes, - algorithms=jwt.algorithms.get_default_algorithms() + algorithms=jwt.algorithms.get_default_algorithms(), ) with pytest.raises(InvalidKeyError): jwt.decode( encoded_bad, ssh_key_bytes, - algorithms=jwt.algorithms.get_default_algorithms() + algorithms=jwt.algorithms.get_default_algorithms(), )