-
Notifications
You must be signed in to change notification settings - Fork 35
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
11 changed files
with
201 additions
and
709 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
import contextlib | ||
import json | ||
import math | ||
import string | ||
from typing import Any | ||
|
||
from credsweeper.common.constants import Chars | ||
from credsweeper.config import Config | ||
from credsweeper.credentials import LineData | ||
from credsweeper.file_handler.analysis_target import AnalysisTarget | ||
from credsweeper.filters import Filter, ValueEntropyBase64Check | ||
from credsweeper.utils import Util | ||
|
||
|
||
class ValueJwtCheck(Filter): | ||
"""JWT token check - simple""" | ||
ASCII_NON_WHITESPACES = string.ascii_letters + string.digits + string.punctuation | ||
JWT_KEYS = {"alg", "typ", "key", "password"} | ||
|
||
def __init__(self, config: Config = None) -> None: | ||
pass | ||
|
||
def run(self, line_data: LineData, target: AnalysisTarget) -> bool: | ||
"""Run filter checks on received token which might be A JSON. | ||
Args: | ||
line_data: credential candidate data | ||
target: multiline target from which line data was obtained | ||
Return: | ||
True, when need to filter candidate and False if left | ||
""" | ||
|
||
if not line_data.value: | ||
return True | ||
probability = 0.0 | ||
with contextlib.suppress(Exception): | ||
for part in line_data.value.split('.'): | ||
if part.startswith("eyJ"): | ||
decoded = Util.decode_base64(part, padding_safe=True, urlsafe_detect=True) | ||
if part_data := json.loads(decoded): | ||
probability += ValueJwtCheck.check_jwt_recursive(part_data) | ||
else: | ||
# broken jwt | ||
break | ||
elif part: | ||
entropy = Util.get_shannon_entropy(part, Chars.BASE64URL_CHARS.value) | ||
# JWT auxiliary parts contain encrypted data which have less entropy than random | ||
len_part = len(part) | ||
min_entropy = ValueEntropyBase64Check.get_min_data_entropy(len_part) - 1 / math.log(len_part) | ||
if min_entropy < entropy: | ||
probability += 0.5 | ||
else: | ||
# all parts passed the test | ||
return 0.5 > probability | ||
return True | ||
|
||
@staticmethod | ||
def check_jwt_recursive(data: Any) -> float: | ||
"""Recursive check for jwt is safe because jwt has no references in data structure""" | ||
result = 0.0 | ||
if isinstance(data, list): | ||
for i in data: | ||
result += ValueJwtCheck.check_jwt_recursive(i) | ||
elif isinstance(data, dict): | ||
for k, v in data.items(): | ||
if k in ValueJwtCheck.JWT_KEYS: | ||
result += 0.33 | ||
result += ValueJwtCheck.check_jwt_recursive(v) | ||
elif isinstance(data, str) and 32 <= len(data): | ||
len_data = len(data) | ||
# encoded/encrypted values may have less entropy than random generated | ||
min_entropy = ValueEntropyBase64Check.get_min_data_entropy(len_data) - 1 / math.log(len_data) | ||
entropy = Util.get_shannon_entropy(data, ValueJwtCheck.ASCII_NON_WHITESPACES) | ||
if min_entropy < entropy: | ||
result = 0.5 | ||
else: | ||
# float, integer, none aren`t analyzed | ||
pass | ||
return result |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.