Rooba
/
oss-fuzz
mirror of https://github.com/google/oss-fuzz.git
1
1
Fork 0
Code Issues Packages Projects Releases Wiki Activity

pyjwt: catch PyJWTError exceptions (#8645) 

jwt functions like jwt.decode could raise PyJWTError exceptions (e.g.
ExpiredSignatureError if the token is expired)

Fix error handling for issue:
- 50696 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50696)
This commit is contained in:
Riccardo Schirone 2022-10-14 12:49:39 +02:00 committed by GitHub
parent 647284cd19
commit 5b854a4468
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
projects/pyjwt/fuzz_jwt.py
View File

@ -44,8 +44,11 @@ def test_roundtrip(data):
return
key = "fuzzing"
jwt_message = jwt.encode(payload, key, algorithm="HS256")
decoded_payload = jwt.decode(jwt_message, key, algorithms=["HS256"])
try:
jwt_message = jwt.encode(payload, key, algorithm="HS256")
decoded_payload = jwt.decode(jwt_message, key, algorithms=["HS256"])
except jwt.exceptions.PyJWTError:
return
assert decoded_payload == payload