jwt/patterns.yml


name: JWT

patterns:
  - name: JWT
    type: jwt
    description: "JSON Web Tokens are an open, industry standard RFC 7519 method for representing claims securely between two parties."
    regex:
      pattern: |
        e(?:y[IJ]|yL[CD]|yA[JKgi]|w[ko][JKgi])[A-Za-z0-9_-]{10,}(?:fQ|[3HXn]0|[1BFJNRVZdhlpx]9)={0,2}\.e(?:y[IJ]|yL[CD]|yA[JKgi]|w[ko][JKgi])[A-Za-z0-9_-]{10,}(?:fQ|[3HXn]0|[1BFJNRVZdhlpx]9)={0,2}(?:\.?[A-Za-z0-9_-]+={0,2})?
      start: |
        [^0-9A-Za-z_.-]|\A
      end: |
        [^0-9A-Za-z_.=-]|\z
      # don't detect JWT that are used in private GitHub issues
      additional_not_match:
        - ^eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9\.eyJrZXkiOiJrZXkxIiwiZXhwIjo[A-Za-z0-9_-]+(JlgtQW16LVNpZ25lZEhlYWRlcnM9aG9zdCZhY3Rvcl9pZD0wJmtleV9pZD0wJnJlcG9faWQ9MCJ9|ZYLUFtei1TaWduZWRIZWFkZXJzPWhvc3QmYWN0b3JfaWQ9MCZrZXlfaWQ9MCZyZXBvX2lkPTAifQ|mWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0)

    expected:
      - name: owasp-juice-shop.ts
        start_offset: 8105
        end_offset: 8801
      - name: example.txt
        start_offset: 16
        end_offset: 171
      - name: test_jwt.txt
        start_offset: 6
        end_offset: 163
      - name: test_jwt.txt
        start_offset: 170
        end_offset: 381