fix failing advisory test and fix lint errors

(cherry picked from commit 8d391d3b190a32775ee9209018b81a534183696f)
2022-07-18 16:40:10 +08:00 · 2022-07-18 16:40:10 +08:00 · c46f60a361
commit c46f60a361
parent eb4aa1d327
3 changed files with 118 additions and 1 deletions
--- a/backport-chore-fix-lint-errors.patch
+++ b/backport-chore-fix-lint-errors.patch
@ -0,0 +1,80 @@
+From 23feb3b068deb5f077e37c98541e7151782e544f Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Padilla?= <jpadilla@users.noreply.github.com>
+Date: Sun, 15 May 2022 15:18:29 -0400
+Subject: [PATCH] chore: fix lint errors
+
+---
+ jwt/utils.py           |  2 +-
+ tests/test_advisory.py | 19 +++++++++++--------
+ 2 files changed, 12 insertions(+), 9 deletions(-)
+
+diff --git a/jwt/utils.py b/jwt/utils.py
+index 8ab73b4..b8ad5fa 100644
+--- a/jwt/utils.py
+++ b/jwt/utils.py
+@@ -136,7 +136,7 @@ def is_pem_format(key: bytes) -> bool:
+ 
+ # Based on https://github.com/pyca/cryptography/blob/bcb70852d577b3f490f015378c75cba74986297b/src/cryptography/hazmat/primitives/serialization/ssh.py#L40-L46
+ _CERT_SUFFIX = b"-cert-v01@openssh.com"
+-_SSH_PUBKEY_RC = re.compile(br"\A(\S+)[ \t]+(\S+)")
+_SSH_PUBKEY_RC = re.compile(rb"\A(\S+)[ \t]+(\S+)")
+ _SSH_KEY_FORMATS = [
+     b"ssh-ed25519",
+     b"ssh-rsa",
+diff --git a/tests/test_advisory.py b/tests/test_advisory.py
+index a4a7d23..ed768d4 100644
+--- a/tests/test_advisory.py
+++ b/tests/test_advisory.py
+@@ -1,14 +1,17 @@
+-import jwt
+ import pytest
+
+import jwt
+ from jwt.exceptions import InvalidKeyError
+ 
+ from .utils import crypto_required
+ 
+-priv_key_bytes = b'''-----BEGIN PRIVATE KEY-----
+priv_key_bytes = b"""-----BEGIN PRIVATE KEY-----
+ MC4CAQAwBQYDK2VwBCIEIIbBhdo2ah7X32i50GOzrCr4acZTe6BezUdRIixjTAdL
+------END PRIVATE KEY-----'''
+-----END PRIVATE KEY-----"""
+ 
+-pub_key_bytes = b'ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPL1I9oiq+B8crkmuV4YViiUnhdLjCp3hvy1bNGuGfNL'
+pub_key_bytes = (
+    b"ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIPL1I9oiq+B8crkmuV4YViiUnhdLjCp3hvy1bNGuGfNL"
+)
+ 
+ ssh_priv_key_bytes = b"""-----BEGIN EC PRIVATE KEY-----
+ MHcCAQEEIOWc7RbaNswMtNtc+n6WZDlUblMr2FBPo79fcGXsJlGQoAoGCCqGSM49
+@@ -41,11 +44,11 @@ class TestAdvisory:
+         # Making a good jwt token that should work by signing it
+         # with the private key
+         # encoded_good = jwt.encode({"test": 1234}, priv_key_bytes, algorithm="EdDSA")
+-        encoded_good = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJ0ZXN0IjoxMjM0fQ.M5y1EEavZkHSlj9i8yi9nXKKyPBSAUhDRTOYZi3zZY11tZItDaR3qwAye8pc74_lZY3Ogt9KPNFbVOSGnUBHDg'
+        encoded_good = "eyJ0eXAiOiJKV1QiLCJhbGciOiJFZERTQSJ9.eyJ0ZXN0IjoxMjM0fQ.M5y1EEavZkHSlj9i8yi9nXKKyPBSAUhDRTOYZi3zZY11tZItDaR3qwAye8pc74_lZY3Ogt9KPNFbVOSGnUBHDg"
+ 
+         # Using HMAC with the public key to trick the receiver to think that the
+         # public key is a HMAC secret
+-        encoded_bad = 'eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZXN0IjoxMjM0fQ.6ulDpqSlbHmQ8bZXhZRLFko9SwcHrghCwh8d-exJEE4'
+        encoded_bad = "eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJ0ZXN0IjoxMjM0fQ.6ulDpqSlbHmQ8bZXhZRLFko9SwcHrghCwh8d-exJEE4"
+ 
+         # Both of the jwt tokens are validated as valid
+         jwt.decode(
+@@ -101,12 +104,12 @@ class TestAdvisory:
+         jwt.decode(
+             encoded_good,
+             ssh_key_bytes,
+-            algorithms=jwt.algorithms.get_default_algorithms()
+            algorithms=jwt.algorithms.get_default_algorithms(),
+         )
+ 
+         with pytest.raises(InvalidKeyError):
+             jwt.decode(
+                 encoded_bad,
+                 ssh_key_bytes,
+-                algorithms=jwt.algorithms.get_default_algorithms()
+                algorithms=jwt.algorithms.get_default_algorithms(),
+             )
+-- 
+2.23.0
--- a/backport-fix-failing-advisory-test.patch
+++ b/backport-fix-failing-advisory-test.patch
@ -0,0 +1,32 @@
+From 96f3f0275745c5a455c019a0d3476a054980e8ea Mon Sep 17 00:00:00 2001
+From: =?UTF-8?q?Jos=C3=A9=20Padilla?= <jpadilla@users.noreply.github.com>
+Date: Thu, 12 May 2022 14:44:55 -0400
+Subject: [PATCH] fix: failing advisory test
+
+---
+ tests/test_advisory.py | 3 +++
+ 1 file changed, 3 insertions(+)
+
+diff --git a/tests/test_advisory.py b/tests/test_advisory.py
+index f70f54b..a4a7d23 100644
+--- a/tests/test_advisory.py
+++ b/tests/test_advisory.py
+@@ -2,6 +2,8 @@ import jwt
+ import pytest
+ from jwt.exceptions import InvalidKeyError
+
+from .utils import crypto_required
+
+ priv_key_bytes = b'''-----BEGIN PRIVATE KEY-----
+ MC4CAQAwBQYDK2VwBCIEIIbBhdo2ah7X32i50GOzrCr4acZTe6BezUdRIixjTAdL
+ -----END PRIVATE KEY-----'''
+@@ -18,6 +20,7 @@ ssh_key_bytes = b"""ecdsa-sha2-nistp256 AAAAE2VjZHNhLXNoYTItbmlzdHAyNTYAAAAIbmlz
+
+
+ class TestAdvisory:
+    @crypto_required
+     def test_ghsa_ffqj_6fqr_9h24(self):
+         # Generate ed25519 private key
+         # private_key = ed25519.Ed25519PrivateKey.generate()
+-- 
+2.23.0
--- a/python-jwt.spec
+++ b/python-jwt.spec
@ -2,7 +2,7 @@
 %bcond_without tests
 Name:               python-jwt
 Version:            2.3.0
-Release:            3
+Release:            4
 Summary:            JSON Web Token implementation in Python
 License:            MIT
 URL:                https://github.com/jpadilla/pyjwt
@ -10,6 +10,8 @@ Source0:            https://files.pythonhosted.org/packages/source/P/PyJWT/PyJWT
 BuildArch:          noarch

 Patch6000:          backport-CVE-2022-29217.patch
+Patch6001:          backport-fix-failing-advisory-test.patch
+Patch6002:          backport-chore-fix-lint-errors.patch

 %if %{with tests}
 BuildRequires:      python3-pytest python3-pytest-cov python3-pytest-runner
@ -55,6 +57,9 @@ Requires:       python%{python3_pkgversion}-cryptography
 %doc README.rst

 %changelog
+* Mon Jul 18 2022 yanglongkang <yanglongkang@h-partners.com> - 2.3.0-4
+- fix failing advisory test and fix lint errors
+
 * Thu Jun 09 2022 shixuantong <shixuantong@h-partners.com> - 2.3.0-3
 - fix CVE-2022-29217