jwt

package
v0.1.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 5, 2026 License: MIT Imports: 13 Imported by: 0

Documentation

Overview

internal/analysis/static/jwt/analyzer.go

internal/analysis/static/jwt/token_logic.go

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Finding 

type Finding struct {
	Type        FindingType
	Description string
	Severity    schemas.Severity
	Detail      map[string]interface{}
}

Finding represents a single vulnerability or misconfiguration identified within a JWT.

type FindingType 

type FindingType int

FindingType enumerates the specific types of JWT vulnerabilities that can be detected. 

const (
	UnknownFinding          FindingType = iota // An unknown or uncategorized finding.
	AlgNoneVulnerability                       // The token uses the insecure "none" algorithm.
	WeakSecretVulnerability                    // The token is signed with a weak, brute-forceable secret.
	SensitiveInfoExposure                      // The token's claims contain potentially sensitive information.
	MissingExpiration                          // The token lacks an expiration ('exp') claim.
)

type JWTAnalyzer 

type JWTAnalyzer struct {
	// contains filtered or unexported fields
}

JWTAnalyzer is a passive analyzer that scans HTTP traffic for JSON Web Tokens (JWTs) and checks them for common vulnerabilities, such as the use of weak secrets or the "none" algorithm.

func NewJWTAnalyzer 

func NewJWTAnalyzer(logger *zap.Logger, bruteForceEnabled bool) *JWTAnalyzer

NewJWTAnalyzer creates a new instance of the JWTAnalyzer.

func (*JWTAnalyzer) Analyze 

func (a *JWTAnalyzer) Analyze(ctx context.Context, analysisCtx *core.AnalysisContext) error

Analyze is the main entry point for the JWT analysis. It extracts JWTs from the HAR artifact and analyzes each unique token for potential vulnerabilities.

func (*JWTAnalyzer) Description 

func (a *JWTAnalyzer) Description() string

Description provides a brief explanation of what the analyzer does.

func (*JWTAnalyzer) Name 

func (a *JWTAnalyzer) Name() string

Name returns the unique name of the analyzer.

func (*JWTAnalyzer) Type 

func (a *JWTAnalyzer) Type() core.AnalyzerType

Type returns the type of the analyzer, which is `core.TypePassive` for JWT analysis.

type TokenAnalysisResult 

type TokenAnalysisResult struct {
	TokenString string
	Header      map[string]interface{}
	Claims      jwt.MapClaims
	Findings    []Finding
}

TokenAnalysisResult encapsulates the complete result of analyzing a single JWT, including its parsed components and a list of any findings.

func AnalyzeToken 

func AnalyzeToken(tokenString string, bruteForceEnabled bool) (TokenAnalysisResult, error)

AnalyzeToken performs a series of security checks on a given JWT string. It checks for the "none" algorithm, sensitive data in claims, missing expiration, and, if enabled, attempts to brute-force the signature using a list of weak secrets.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.