mirrors/CyberChef
1
0
Fork 0
mirror of https://github.com/gchq/CyberChef.git synced 2025-04-22 07:46:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updated jsonwebtoken dependency to 9+

Browse source 
updated JWTSign operation for backwards compatibility with insecure keys and invalid asym key types
This commit is contained in:
Chris White 2024-03-13 10:26:23 -07:00
parent c4e7c41a6e
commit ef5ff5bec6
3 changed files with 40 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

7
src/core/operations/JWTSign.mjs
View file

@ -50,7 +50,12 @@ class JWTSign extends Operation {
try {
return jwt.sign(input, key, {
algorithm: algorithm === "None" ? "none" : algorithm
algorithm: algorithm === "None" ? "none" : algorithm,
// To utilize jsonwebtoken 9+ library and maintain backwards compatibility for regression tests
// This could be turned into operation args in a future PR
allowInsecureKeySizes: true,
allowInvalidAsymmetricKeyTypes: true
});
} catch (err) {
throw new OperationError(`Error: Have you entered the key correctly? The key should be either the secret for HMAC algorithms or the PEM-encoded private key for RSA and ECDSA.