()
| 1681 | # nextVal = valLst.readline() |
| 1682 | |
| 1683 | def reflectedClaims(): |
| 1684 | checkVal = "jwt_inject_"+hashlib.md5(datetime.now().strftime('%Y-%m-%d %H:%M:%S').encode()).hexdigest()+"_" |
| 1685 | for claim in paylDict: |
| 1686 | tmpValue = paylDict[claim] |
| 1687 | paylDict[claim] = checkVal+claim |
| 1688 | tmpContents = base64.urlsafe_b64encode(json.dumps(headDict,separators=(",",":")).encode()).decode('UTF-8').strip("=")+"."+base64.urlsafe_b64encode(json.dumps(paylDict,separators=(",",":")).encode()).decode('UTF-8').strip("=") |
| 1689 | jwtOut(tmpContents+"."+sig, "Claim processing check in "+claim+" claim", "Token sent to check if the signature is checked before the "+claim+" claim is processed") |
| 1690 | if checkVal+claim in config['argvals']['rescontent']: |
| 1691 | cprintc("Injected value in "+claim+" claim was observed - "+checkVal+claim, "red") |
| 1692 | paylDict[claim] = tmpValue |
| 1693 | |
| 1694 | |
| 1695 | def preScan(): |
no test coverage detected