Regex doesn't recognize JWT token

[vdb-sander]

In the latest version (2.2.5) the regex to find the JWT token is set to the following. However, the payload of the token I was about to test started with eyI. This didn't match the regex and resulted in Cannot find a valid JWT.

eyJ[A-Za-z0-9_\/+-]*\.eyJ[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*

Modifying all regexes in the code to the following resolved my issue.

eyJ[A-Za-z0-9_\/+-]*\.ey[A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*

[ticarpi]

Nice one. Yes, this is a very narrow case, but it can happen. The regex /eyJ./ matches the first block (4 chars) of base64 output for any string beginning with /{"[a-zA-Z]/ - that is, any JSON object with a key/name starting with an alpha char. If the JSON object has a first key/name as a quoted numeric value (e.g. {"1":"one","2":"two"}), then the base64 value will match regex /eyI./ I have never seen this myself, but changing the regex of the JSON base64 sections to the following would be wise to cover those edge cases (while minimisng false positives): /ey[IJ][A-Za-z0-9_\/+-]*/ So: /ey[IJ][A-Za-z0-9_\/+-]*\.ey[IJ][A-Za-z0-9_\/+-]*\.[A-Za-z0-9._\/+-]*/

[fdaugan]

It happens to JWT of my client too with start eyA