Releasing newer version 1.0.3 (#40)

SasanLabs · Jan 2, 2023 · 50e5b8d · 50e5b8d
1 parent ddaedec
commit 50e5b8d
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 8 deletions.
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -33,7 +33,7 @@ tasks.compileJava {
     dependsOn("spotlessApply")
 }
 
-version = "1.0.2"
+version = "1.0.3"
 description = "Detect JWT requests and scan them to find related vulnerabilities"
 
 zapAddOn {

diff --git a/src/main/java/org/zaproxy/zap/extension/jwt/attacks/SignatureAttack.java b/src/main/java/org/zaproxy/zap/extension/jwt/attacks/SignatureAttack.java
@@ -52,8 +52,8 @@
 import java.util.Set;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
-import org.json.JSONObject;
 import org.json.JSONException;
+import org.json.JSONObject;
 import org.parosproxy.paros.Constant;
 import org.parosproxy.paros.core.scanner.Alert;
 import org.parosproxy.paros.core.scanner.Plugin.AttackStrength;
@@ -148,17 +148,18 @@ private boolean executePubliclyWellKnownHMacSecretAttack() {
     }
 
     /**
-     * Mis-matching the token signature and token data, to verify if the JWT implementation verifies the signature properly.
-     * A malicious user can exploit this vulnerability by supplying an arbitrary claim in the JWT payload to obtain 
-     * new privileges or impersonate other users
+     * Mis-matching the token signature and token data, to verify if the JWT implementation verifies
+     * the signature properly. A malicious user can exploit this vulnerability by supplying an
+     * arbitrary claim in the JWT payload to obtain new privileges or impersonate other users
      *
      * @throws JWTException
      */
     private boolean executeIncorrectSignatureAttack() {
         try {
             JWTHolder cloneJWTHolder = new JWTHolder(this.serverSideAttack.getJwtHolder());
             JSONObject payloadJSONObject = new JSONObject(cloneJWTHolder.getPayload());
-            payloadJSONObject.put(INCORRECT_SIGNATURE_PAYLOAD_KEY, INCORRECT_SIGNATURE_PAYLOAD_VALUE);
+            payloadJSONObject.put(
+                    INCORRECT_SIGNATURE_PAYLOAD_KEY, INCORRECT_SIGNATURE_PAYLOAD_VALUE);
             cloneJWTHolder.setPayload(payloadJSONObject.toString());
 
             if (this.serverSideAttack.getJwtActiveScanRule().isStop()) {
@@ -176,8 +177,7 @@ private boolean executeIncorrectSignatureAttack() {
                 return true;
             }
             return false;
-        }
-        catch (JSONException ex) {
+        } catch (JSONException ex) {
             LOGGER.error("An error occurred while incorrect signature attack", ex);
             return false;
         }