fix: pattern name (#171)

getgrit · Apr 5, 2024 · 6eff03a · 6eff03a
1 parent 39d1de1
commit 6eff03a
Showing 1 changed file with 2 additions and 19 deletions.
diff --git a/.../patterns/python/jwt_go_none_algorithm.md → ...terns/python/jwt_python_none_algorithm.md b/.../patterns/python/jwt_go_none_algorithm.md → ...terns/python/jwt_python_none_algorithm.md
@@ -6,6 +6,7 @@ tags: [fix, correctness, jwt, security]
 Detected use of the `'none'` algorithm in a JWT token. The `'none'` algorithm assumes the integrity of the token has already been verified. This would allow a malicious actor to forge a `JWT` token that will automatically be verified. Do not explicitly use the `'none'` algorithm. Instead, use an algorithm such as `'HS256'`.
 
 ## references
+
 - [Cryptographic Failures](https://owasp.org/Top10/A02_2021-Cryptographic_Failures)
 
 ```grit
@@ -40,7 +41,6 @@ def bad1():
     return encoded
 ```
 
-
 ## `algorithm=['none']`
 
 ```python
@@ -59,7 +59,6 @@ def bad2(encoded):
     return encoded
 ```
 
-
 ## `algorithm='HS256'`
 
 ```python
@@ -70,14 +69,6 @@ def ok(secret_key):
     return encoded
 ```
 
-```python
-import jwt
-
-def ok(secret_key):
-    encoded = jwt.encode({'some': 'payload'}, secret_key, algorithm='HS256')
-    return encoded
-```
-
 ## `algorithms=["none", "other", "HS256"]`
 
 ```python
@@ -106,14 +97,6 @@ def bad2(encoded):
     return encoded
 ```
 
-```python
-import jwt
-
-def bad2(encoded):
-    jwt.decode(encoded, None, algorithms=["HS256"])
-    return encoded
-```
-
 ## `algorithms=["none", "md5"]`
 
 ```python
@@ -130,4 +113,4 @@ import jwt
 def bad2(encoded):
     jwt.decode(encoded, None, algorithms=[ "md5"])
     return encoded
-```
+```