targets/pyjwt/server.py · jwt-differential-fuzzer

49 lines · python

import json
from http.server import BaseHTTPRequestHandler, HTTPServer
 
import jwt
 
LIB_ID = "pyjwt"
LIB_VERSION = jwt.__version__
 
def verdict(payload):
    token = payload["token"]
    key = payload["key"]
    algs = payload["algs"]
    try:
        claims = jwt.decode(token, key, algorithms=algs)
        return {"valid": True, "claims": claims, "error": None,
                "lib": LIB_ID, "version": LIB_VERSION}
    except Exception as e:
        return {"valid": False, "claims": None,
                "error": f"{type(e).__name__}: {e}",
                "lib": LIB_ID, "version": LIB_VERSION}
 
class Handler(BaseHTTPRequestHandler):
    def log_message(self, *_):
        pass
 
    def do_POST(self):
        if self.path != "/verify":
            self.send_response(404)
            self.end_headers()
            return
        n = int(self.headers.get("Content-Length", 0))
        try:
            payload = json.loads(self.rfile.read(n))
        except Exception:
            self.send_response(400)
            self.end_headers()
            self.wfile.write(b'{"error":"bad json"}')
            return
        out = verdict(payload)
        body = json.dumps(out).encode()
        self.send_response(200)
        self.send_header("Content-Type", "application/json")
        self.send_header("Content-Length", str(len(body)))
        self.end_headers()
        self.wfile.write(body)
 
if __name__ == "__main__":
    print(f"[{LIB_ID} {LIB_VERSION}] listening :7002")
    HTTPServer(("0.0.0.0", 7002), Handler).serve_forever()

1	import json
2	from http.server import BaseHTTPRequestHandler, HTTPServer
3
4	import jwt
5
6	LIB_ID = "pyjwt"
7	LIB_VERSION = jwt.__version__
8
9	def verdict(payload):
10	token = payload["token"]
11	key = payload["key"]
12	algs = payload["algs"]
13	try:
14	claims = jwt.decode(token, key, algorithms=algs)
15	return {"valid": True, "claims": claims, "error": None,
16	"lib": LIB_ID, "version": LIB_VERSION}
17	except Exception as e:
18	return {"valid": False, "claims": None,
19	"error": f"{type(e).__name__}: {e}",
20	"lib": LIB_ID, "version": LIB_VERSION}
21
22	class Handler(BaseHTTPRequestHandler):
23	def log_message(self, *_):
24	pass
25
26	def do_POST(self):
27	if self.path != "/verify":
28	self.send_response(404)
29	self.end_headers()
30	return
31	n = int(self.headers.get("Content-Length", 0))
32	try:
33	payload = json.loads(self.rfile.read(n))
34	except Exception:
35	self.send_response(400)
36	self.end_headers()
37	self.wfile.write(b'{"error":"bad json"}')
38	return
39	out = verdict(payload)
40	body = json.dumps(out).encode()
41	self.send_response(200)
42	self.send_header("Content-Type", "application/json")
43	self.send_header("Content-Length", str(len(body)))
44	self.end_headers()
45	self.wfile.write(body)
46
47	if __name__ == "__main__":
48	print(f"[{LIB_ID} {LIB_VERSION}] listening :7002")
49	HTTPServer(("0.0.0.0", 7002), Handler).serve_forever()