Alan-Jowett / CoPilot-For-Consensus / 21556481805
78%

DEFAULT BRANCH: main
Ran
Jobs 0
Files 0
Run time
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
21556481805

push

github

web-flow 
test(security): Fuzz JWT parsing and validation in auth service (#1113)

* Initial plan

* Add JWT fuzzing tests for auth service

- Created comprehensive JWT fuzzing test suite in fuzzing/tests/test_jwt_fuzzing.py
- Implemented 7 fuzzing tests using Hypothesis property-based testing
- Tests cover JWT header parsing, signature validation, claims extraction, timing validation, and algorithm confusion attacks
- All tests pass successfully with 200 examples per test (100 for timing/signature tests)

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Update fuzzing README with JWT test documentation

- Document new JWT fuzzing tests in fuzzing/README.md
- Add description of attack vectors covered
- Mark as P0 priority for authentication security

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* Update CI fuzzing workflow to include JWT tests

- Add JWT fuzzing test step to fuzzing.yml workflow
- Install copilot_auth adapter for JWT test dependencies
- Add JWT test result artifacts and reporting
- Update workflow summary to include JWT fuzzing status

Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.noreply.github.com>

* fix: address PR review comments for JWT fuzzing

- Remove unused json import
- Add proper 'none' algorithm bypass testing
- Add module-level RSA key caching for performance
- Note: tempfile context manager scope is correct (code reviewed)

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Use module-level RSA key caching for all tests to improve performance

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

* Address review comments: fix type annotation, timing tolerance, exception handling, docs

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>

---------

Signed-off-by: Alan Jowett <alan.jowett@microsoft.com>
Co-authored-by: copilot-swe-agent[bot] <198982749+Copilot@users.noreply.github.com>
Co-authored-by: Alan-Jowett <20480683+Alan-Jowett@users.norepl... (continued)
Source Files on build 21556481805
Detailed source file information is not available for this build.