Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

JWT rule improvement #549

Merged
merged 11 commits into from
Aug 7, 2024
Merged

JWT rule improvement #549

merged 11 commits into from
Aug 7, 2024

Conversation

babenek
Copy link
Contributor

@babenek babenek commented Apr 29, 2024
edited
Loading

Description

Please include a summary of the change and which is fixed.

  • Add strong filter for JSON web token rule. It detects only JWT with header and open payloads (base64 encoded json). ecrypted JWT will not be detected
  • Common registered words for JSON keys are used
  • TODO: update and merge after Deep JWT obfuscation 2 CredData#157

How has this been tested?

Please describe the tests that you ran to verify your changes.

  • UnitTest
  • Benchmark

@babenek babenek requested a review from a team as a code owner April 29, 2024 17:06
@babenek babenek marked this pull request as draft April 29, 2024 17:06
@babenek babenek changed the title jwt check JWT & Auth rules improvement Apr 30, 2024
babenek
babenek commented Apr 30, 2024
View reviewed changes
Copy link
Contributor Author

@babenek babenek left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

TODO: rollback after Samsung/CredData#122

.github/workflows/benchmark.yml Show resolved Hide resolved
.github/workflows/benchmark.yml Show resolved Hide resolved
.github/workflows/benchmark.yml Show resolved Hide resolved
.github/workflows/benchmark.yml Show resolved Hide resolved
@babenek babenek marked this pull request as ready for review May 2, 2024 06:07
kmnls
kmnls previously approved these changes May 2, 2024
View reviewed changes
Copy link
Contributor

@kmnls kmnls left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Agree, seems ok

xDizzix
xDizzix previously requested changes May 2, 2024
View reviewed changes
Copy link
Contributor

@xDizzix xDizzix left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The rule is too loose

credsweeper/rules/config.yaml Show resolved Hide resolved
credsweeper/filters/value_jwt_check.py Outdated
def __init__(self, config: Config = None) -> None:
pass

def run(self, line_data: LineData, target: AnalysisTarget) -> bool:
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The checker is very loose. It must be more strict, at least check the inner structure for the presence of some security-related keywords.

experiment/src/entropy_test.py Outdated
@@ -100,5 +97,32 @@ def evaluate_avg(_args: Tuple[int, float, float]) -> Tuple[float, float]:
# 31 = (4.5121865964712535, 0.1393228408491736)
# 32 = (4.545556887485041, 0.13347416608982715)
# 33 = (4.576938427997454, 0.1300362152603773)

# 33 = (4.57601357276539, 0.13672208599146715)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Please describe what is this data for

Yullia
Yullia previously approved these changes May 8, 2024
View reviewed changes
Copy link
Contributor

@Yullia Yullia left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Approved

@babenek babenek dismissed stale reviews from Yullia and kmnls via da39697 May 20, 2024 09:09
@babenek babenek marked this pull request as draft May 24, 2024 10:02
@babenek babenek force-pushed the jwt branch 2 times, most recently from 7759771 to 7eb0dbf Compare June 3, 2024 13:50
@babenek babenek changed the title JWT & Auth rules improvement JWT rules improvement Jun 4, 2024
@babenek babenek changed the title JWT rules improvement JWT rule improvement Jun 4, 2024
@babenek babenek requested review from kmnls, Yullia and xDizzix June 4, 2024 11:36
@babenek babenek marked this pull request as ready for review June 4, 2024 11:36
@babenek babenek dismissed xDizzix’s stale review June 4, 2024 11:44

Please, review new approach

@babenek babenek marked this pull request as draft June 25, 2024 11:09
@babenek babenek mentioned this pull request Aug 7, 2024
Merged
@babenek babenek marked this pull request as ready for review August 7, 2024 09:37
@babenek babenek merged commit af4e9b0 into Samsung:main Aug 7, 2024
27 checks passed
@babenek babenek deleted the jwt branch August 7, 2024 10:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@xDizzix xDizzix xDizzix approved these changes

@Yullia Yullia Yullia approved these changes

@iuriimet iuriimet Awaiting requested review from iuriimet

@csh519 csh519 Awaiting requested review from csh519

@kmnls kmnls Awaiting requested review from kmnls

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@babenek @xDizzix @Yullia @kmnls