Add JWT unit tests #467

kjosh · 2023-12-19T13:45:34Z

I wrote some unit tests for the JWT vulnerabilities (#398), testing the controller functions and some validator exploits to the best of my ability.

I refactored some relatively minor things to make the controller easier to test:

created a method to create a token with a JWK header in the existing IJWTTokenGenerator, so I can also use it in the test without too much duplication
removed the static initialization logic in JWTAlgorithmKMS, manage it's singleton lifecycle via Spring instead, mainly so I can inject it into the controller and spy on it in the test
replace the String type of the RequestEntity parameters with Void, this should be the correct type for GET-Requests and allows creation of test objects

Makes it easier to use in unit tests

…bs#398) Allows reuse in controller unit test

)

preetkaran20

Thanks a lot for the PR. PR looks good to me. merging it.

preetkaran20 · 2023-12-25T22:36:22Z

src/main/java/org/sasanlabs/service/vulnerability/jwt/keys/JWTAlgorithmKMS.java


-    private static volatile boolean initDone = false;


Thank you for making this class unit testable. !!!

kjosh added 5 commits December 19, 2023 12:48

Manage JWTAlgorithmKMS lifecycle with Spring (SasanLabs#398)

78f8d30

Makes it easier to use in unit tests

Move creation of token with JWK header to IJWTTokenGenerator (SasanLa…

3b95bd2

…bs#398) Allows reuse in controller unit test

Replace String body type of GET-RequestEntities with Void (SasanLabs#398

ecb1a98

)

Add unit test for JWTVulnerability controller (SasanLabs#398)

da5e429

Add unit test for JWTValidator (SasanLabs#398)

a912fa8

preetkaran20 approved these changes Dec 25, 2023

View reviewed changes

preetkaran20 merged commit 1145456 into SasanLabs:master Dec 25, 2023

Provide feedback