Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: ensure SQL processor uses key returned by query #424

Merged
merged 1 commit into from
Jan 21, 2025
Merged

fix: ensure SQL processor uses key returned by query #424

merged 1 commit into from
Jan 21, 2025

Conversation

ncc-akis
Copy link
Contributor

This PR addresses two issues in the SQL KID processor which prevent it being exploitable in the intended fashion.

  1. The code following the SQL query assumes a single result returned by the query, while the execute method uses the default "all" method which returns a list of results. This has been modified to use the "get" method which will return a single result.
  2. After the query has been executed, the key used is still always the default key, rather than the one returned by a query. This means that the JWT will only be validated if signed using the default key rather than an attacker-specified key. This has been modified to always use the key returned by the query, allowing the attacker to control the key used to sign the token.

@derevnjuk derevnjuk requested review from bararchy and pmstss January 14, 2025 16:04
@derevnjuk derevnjuk added the bug Something isn't working label Jan 14, 2025
pmstss
pmstss approved these changes Jan 15, 2025
View reviewed changes
Copy link
Contributor

@pmstss pmstss left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thank you for your contribution! The changes make sense to me.

✅ LGTM

@bararchy bararchy merged commit 21c624d into NeuraLegion:stable Jan 21, 2025
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@pmstss pmstss pmstss approved these changes

@bararchy bararchy bararchy approved these changes

Assignees

@ncc-akis ncc-akis

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@ncc-akis @bararchy @pmstss @derevnjuk