From 50e5b8db4cb24bd52ee599e4cbec99de4dafc695 Mon Sep 17 00:00:00 2001
From: Karan Preet Singh Sasan <preetkaran20@gmail.com>
Date: Mon, 2 Jan 2023 12:00:42 -0800
Subject: [PATCH] Releasing newer version 1.0.3 (#40)

---
 build.gradle.kts                                   |  2 +-
 .../zap/extension/jwt/attacks/SignatureAttack.java | 14 +++++++-------
 2 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/build.gradle.kts b/build.gradle.kts
index 27000c5..b5fbac8 100644
--- a/build.gradle.kts
+++ b/build.gradle.kts
@@ -33,7 +33,7 @@ tasks.compileJava {
     dependsOn("spotlessApply")
 }
 
-version = "1.0.2"
+version = "1.0.3"
 description = "Detect JWT requests and scan them to find related vulnerabilities"
 
 zapAddOn {
diff --git a/src/main/java/org/zaproxy/zap/extension/jwt/attacks/SignatureAttack.java b/src/main/java/org/zaproxy/zap/extension/jwt/attacks/SignatureAttack.java
index bbfc39c..9b15581 100644
--- a/src/main/java/org/zaproxy/zap/extension/jwt/attacks/SignatureAttack.java
+++ b/src/main/java/org/zaproxy/zap/extension/jwt/attacks/SignatureAttack.java
@@ -52,8 +52,8 @@
 import java.util.Set;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
-import org.json.JSONObject;
 import org.json.JSONException;
+import org.json.JSONObject;
 import org.parosproxy.paros.Constant;
 import org.parosproxy.paros.core.scanner.Alert;
 import org.parosproxy.paros.core.scanner.Plugin.AttackStrength;
@@ -148,9 +148,9 @@ private boolean executePubliclyWellKnownHMacSecretAttack() {
     }
 
     /**
-     * Mis-matching the token signature and token data, to verify if the JWT implementation verifies the signature properly.
-     * A malicious user can exploit this vulnerability by supplying an arbitrary claim in the JWT payload to obtain 
-     * new privileges or impersonate other users
+     * Mis-matching the token signature and token data, to verify if the JWT implementation verifies
+     * the signature properly. A malicious user can exploit this vulnerability by supplying an
+     * arbitrary claim in the JWT payload to obtain new privileges or impersonate other users
      *
      * @throws JWTException
      */
@@ -158,7 +158,8 @@ private boolean executeIncorrectSignatureAttack() {
         try {
             JWTHolder cloneJWTHolder = new JWTHolder(this.serverSideAttack.getJwtHolder());
             JSONObject payloadJSONObject = new JSONObject(cloneJWTHolder.getPayload());
-            payloadJSONObject.put(INCORRECT_SIGNATURE_PAYLOAD_KEY, INCORRECT_SIGNATURE_PAYLOAD_VALUE);
+            payloadJSONObject.put(
+                    INCORRECT_SIGNATURE_PAYLOAD_KEY, INCORRECT_SIGNATURE_PAYLOAD_VALUE);
             cloneJWTHolder.setPayload(payloadJSONObject.toString());
 
             if (this.serverSideAttack.getJwtActiveScanRule().isStop()) {
@@ -176,8 +177,7 @@ private boolean executeIncorrectSignatureAttack() {
                 return true;
             }
             return false;
-        }
-        catch (JSONException ex) {
+        } catch (JSONException ex) {
             LOGGER.error("An error occurred while incorrect signature attack", ex);
             return false;
         }