Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT & Auth rules improvement #549

Draft
wants to merge 20 commits into
base: main
Choose a base branch
from
Draft

JWT & Auth rules improvement #549

wants to merge 20 commits into from

Conversation

babenek
Copy link
Contributor

@babenek babenek commented Apr 29, 2024
edited

Description

Please include a summary of the change and which is fixed.

  • Add strong filter for JSON web token rule
  • Fix "Authorization: Basic" rule with use predefined auth-type words

How has this been tested?

Please describe the tests that you ran to verify your changes.

  • UnitTest
  • Benchmark

@babenek babenek requested a review from a team as a code owner April 29, 2024 17:06
@babenek babenek marked this pull request as draft April 29, 2024 17:06
@babenek babenek changed the title jwt check JWT & Auth rules improvement Apr 30, 2024
babenek
babenek commented Apr 30, 2024
View reviewed changes
Copy link
Contributor Author

@babenek babenek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO: rollback after Samsung/CredData#122

.github/workflows/benchmark.yml Outdated Show resolved Hide resolved
.github/workflows/benchmark.yml Outdated Show resolved Hide resolved
.github/workflows/benchmark.yml Outdated Show resolved Hide resolved
.github/workflows/benchmark.yml Outdated Show resolved Hide resolved
@babenek babenek marked this pull request as ready for review May 2, 2024 06:07
kmnls
kmnls previously approved these changes May 2, 2024
View reviewed changes
Copy link
Contributor

@kmnls kmnls left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree, seems ok

xDizzix
xDizzix requested changes May 2, 2024
View reviewed changes
Copy link
Contributor

@xDizzix xDizzix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The rule is too loose

credsweeper/rules/config.yaml
@@ -304,16 +304,15 @@

- name: JSON Web Token
severity: medium
confidence: moderate
confidence: strong
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it a controversial statement that the JSON encoded in base64 is a security threat

credsweeper/filters/value_jwt_check.py
def __init__(self, config: Config = None) -> None:
pass

def run(self, line_data: LineData, target: AnalysisTarget) -> bool:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The checker is very loose. It must be more strict, at least check the inner structure for the presence of some security-related keywords.

experiment/src/entropy_test.py
@@ -100,5 +97,32 @@ def evaluate_avg(_args: Tuple[int, float, float]) -> Tuple[float, float]:
# 31 = (4.5121865964712535, 0.1393228408491736)
# 32 = (4.545556887485041, 0.13347416608982715)
# 33 = (4.576938427997454, 0.1300362152603773)

# 33 = (4.57601357276539, 0.13672208599146715)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please describe what is this data for

Yullia
Yullia previously approved these changes May 8, 2024
View reviewed changes
Copy link
Contributor

@Yullia Yullia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@babenek babenek dismissed stale reviews from Yullia and kmnls via da39697 May 20, 2024 09:09
@babenek babenek marked this pull request as draft May 24, 2024 10:02
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xDizzix xDizzix xDizzix requested changes

@Yullia Yullia Yullia left review comments

@kmnls kmnls kmnls left review comments

@iuriimet iuriimet Awaiting requested review from iuriimet

@csh519 csh519 Awaiting requested review from csh519

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
4 participants
@babenek @xDizzix @Yullia @kmnls