search

jpadilla / pyjwt

JSON Web Token implementation in Python
https://pyjwt.readthedocs.io
MIT License
4.99k stars 676 forks source link

Consider cryptography 42.x.x new validation #948

Closed amolinaalvarez closed 3 weeks ago

amolinaalvarez commented 4 months ago

In cryptography 42.x.x, this library introduces a new parsing validation that raises a ValueError when load_pem_public_key is called with an invalid PEM. This affects the JWS decode function, as PyJWT does not currently handle this exception. Does it make sense to address this scenario?

PyJWT unmanaged exception point: https://github.com/jpadilla/pyjwt/blob/12420204cfef8fea7644532b9ca82c0cc5ca3abe/jwt/algorithms.py#L346

cryptography new validation: https://github.com/pyca/cryptography/blob/b507701ab4c14c345fd036c20ec7b95dae78c1a4/src/rust/src/error.rs#L12

Thank you.

codespearhead commented 3 months ago

Of course! Can you make a PR?

CollinEMac commented 3 months ago

Hi 👋

I opened a PR that I think would handle this case.

https://github.com/jpadilla/pyjwt/pull/952

github-actions[bot] commented 1 month ago

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days