pyjwt icon indicating copy to clipboard operation
pyjwt copied to clipboard

Published 20 hours ago verified publisher icon jpadilla

Consider cryptography 42.x.x new validation

Open amolinaalvarez opened this issue 1 year ago • 2 comments
trafficstars

In cryptography 42.x.x, this library introduces a new parsing validation that raises a ValueError when load_pem_public_key is called with an invalid PEM. This affects the JWS decode function, as PyJWT does not currently handle this exception. Does it make sense to address this scenario?

PyJWT unmanaged exception point: https://github.com/jpadilla/pyjwt/blob/12420204cfef8fea7644532b9ca82c0cc5ca3abe/jwt/algorithms.py#L346

cryptography new validation: https://github.com/pyca/cryptography/blob/b507701ab4c14c345fd036c20ec7b95dae78c1a4/src/rust/src/error.rs#L12

Thank you.

amolinaalvarez avatar Mar 05 '24 14:03 amolinaalvarez

Of course! Can you make a PR?

codespearhead avatar Mar 21 '24 01:03 codespearhead

Hi 👋

I opened a PR that I think would handle this case.

https://github.com/jpadilla/pyjwt/pull/952

CollinEMac avatar Apr 05 '24 22:04 CollinEMac

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

github-actions[bot] avatar Jun 05 '24 01:06 github-actions[bot]