Releasing newer version 1.0.3 (#40)

preetkaran20 · web-flow · commit 50e5b8db4cb2 · 2023-01-02T12:00:42.000-08:00
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -33,7 +33,7 @@ tasks.compileJava {
     dependsOn("spotlessApply")
 }
 
-version = "1.0.2"
+version = "1.0.3"
 description = "Detect JWT requests and scan them to find related vulnerabilities"
 
 zapAddOn {
diff --git a/src/main/java/org/zaproxy/zap/extension/jwt/attacks/SignatureAttack.java b/src/main/java/org/zaproxy/zap/extension/jwt/attacks/SignatureAttack.java
@@ -52,8 +52,8 @@
 import java.util.Set;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.log4j.Logger;
-import org.json.JSONObject;
 import org.json.JSONException;
+import org.json.JSONObject;
 import org.parosproxy.paros.Constant;
 import org.parosproxy.paros.core.scanner.Alert;
 import org.parosproxy.paros.core.scanner.Plugin.AttackStrength;
@@ -148,17 +148,18 @@ private boolean executePubliclyWellKnownHMacSecretAttack() {
     }
 
     /**
-     * Mis-matching the token signature and token data, to verify if the JWT implementation verifies the signature properly.
-     * A malicious user can exploit this vulnerability by supplying an arbitrary claim in the JWT payload to obtain 
-     * new privileges or impersonate other users
+     * Mis-matching the token signature and token data, to verify if the JWT implementation verifies
+     * the signature properly. A malicious user can exploit this vulnerability by supplying an
+     * arbitrary claim in the JWT payload to obtain new privileges or impersonate other users
      *
      * @throws JWTException
      */
     private boolean executeIncorrectSignatureAttack() {
         try {
             JWTHolder cloneJWTHolder = new JWTHolder(this.serverSideAttack.getJwtHolder());
             JSONObject payloadJSONObject = new JSONObject(cloneJWTHolder.getPayload());
-            payloadJSONObject.put(INCORRECT_SIGNATURE_PAYLOAD_KEY, INCORRECT_SIGNATURE_PAYLOAD_VALUE);
+            payloadJSONObject.put(
+                    INCORRECT_SIGNATURE_PAYLOAD_KEY, INCORRECT_SIGNATURE_PAYLOAD_VALUE);
             cloneJWTHolder.setPayload(payloadJSONObject.toString());
 
             if (this.serverSideAttack.getJwtActiveScanRule().isStop()) {
@@ -176,8 +177,7 @@ private boolean executeIncorrectSignatureAttack() {
                 return true;
             }
             return false;
-        }
-        catch (JSONException ex) {
+        } catch (JSONException ex) {
             LOGGER.error("An error occurred while incorrect signature attack", ex);
             return false;
         }

Original file line number	Diff line number	Diff line change
`@@ -33,7 +33,7 @@ tasks.compileJava {`
`33`	`33`	`dependsOn("spotlessApply")`
`34`	`34`	`}`
`35`	`35`
`36`		`-version = "1.0.2"`
	`36`	`+version = "1.0.3"`
`37`	`37`	`description = "Detect JWT requests and scan them to find related vulnerabilities"`
`38`	`38`
`39`	`39`	`zapAddOn {`