name: JWT CI

on:

push:

branches: [master]

pull_request:

branches: [master]

jobs:

coverage:

runs-on: ubuntu-latest

steps:

- uses: actions/checkout@v2

- uses: lukka/get-cmake@latest

- uses: ./.github/actions/install/gtest

- name: configure

run: |

mkdir build

cd build

cmake .. -DJWT_BUILD_EXAMPLES=OFF -DJWT_BUILD_TESTS=ON -DJWT_ENABLE_COVERAGE=ON -DCMAKE_BUILD_TYPE=Debug

- name: run

working-directory: build

run: make jwt-cpp-test coverage

- uses: coverallsapp/github-action@v1.1.1

with:

github-token: ${{ secrets.GITHUB_TOKEN }}

path-to-lcov: build/coverage.info

fuzzing:

runs-on: ubuntu-latest

steps:

- uses: actions/checkout@v2

- uses: lukka/get-cmake@latest

- uses: ./.github/actions/install/gtest

- name: configure

run: |

mkdir build

cd build

cmake .. -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ -DJWT_ENABLE_FUZZING=ON

- name: run

working-directory: build

run: |

make jwt-cpp-fuzz-BaseEncodeFuzz jwt-cpp-fuzz-BaseDecodeFuzz jwt-cpp-fuzz-TokenDecodeFuzz

./tests/fuzz/jwt-cpp-fuzz-BaseEncodeFuzz -runs=100000

./tests/fuzz/jwt-cpp-fuzz-BaseDecodeFuzz -runs=100000 ../tests/fuzz/decode-corpus

./tests/fuzz/jwt-cpp-fuzz-TokenDecodeFuzz -runs=100000 ../tests/fuzz/token-corpus

asan: ## Based on https://gist.github.com/jlblancoc/44be9d4d466f0a973b1f3808a8e56782

runs-on: ubuntu-20.04

steps:

- uses: actions/checkout@v2

- uses: lukka/get-cmake@latest

- uses: ./.github/actions/install/gtest

- name: configure

run: |

mkdir build

cd build

cmake .. -DJWT_BUILD_TESTS=ON -DCMAKE_CXX_FLAGS="-fsanitize=address -fsanitize=leak -g" \

-DCMAKE_C_FLAGS="-fsanitize=address -fsanitize=leak -g" \

-DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address -fsanitize=leak" \

-DCMAKE_MODULE_LINKER_FLAGS="-fsanitize=address -fsanitize=leak"

- name: run

working-directory: build

run: |

make

export ASAN_OPTIONS=fast_unwind_on_malloc=0

./example/rsa-create

./example/rsa-verify

./tests/jwt-cpp-test

cd build

make

- run: exit $(git status -s | wc -l)

asan: ## Based on https://gist.github.com/jlblancoc/44be9d4d466f0a973b1f3808a8e56782

runs-on: ubuntu-20.04

steps:

- uses: actions/checkout@v2

- uses: lukka/get-cmake@latest

- uses: ./.github/actions/install/gtest

- name: configure

run: |

mkdir build

cd build

cmake .. -DJWT_BUILD_TESTS=ON -DCMAKE_CXX_FLAGS="-fsanitize=address -fsanitize=leak -g" \

-DCMAKE_C_FLAGS="-fsanitize=address -fsanitize=leak -g" \

-DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address -fsanitize=leak" \

-DCMAKE_MODULE_LINKER_FLAGS="-fsanitize=address -fsanitize=leak"

- name: build

run: |

cd build

make

- name: run

run: |

export ASAN_OPTIONS=fast_unwind_on_malloc=0

cd build

./example/rsa-create

./example/rsa-verify

./tests/jwt-cpp-test

option(JWT_BUILD_EXAMPLES "Configure CMake to build examples (or not)" ON)

option(JWT_BUILD_TESTS "Configure CMake to build tests (or not)" OFF)

option(JWT_ENABLE_COVERAGE "Enable code coverage testing" OFF)

option(JWT_ENABLE_FUZZING "Enable fuzz testing" OFF)

option(JWT_EXTERNAL_PICOJSON "Use find_package() to locate picojson, provided to integrate with package managers" OFF)

option(JWT_DISABLE_BASE64 "Do not include the base64 implementation from this library" OFF)

if(JWT_BUILD_TESTS)

add_subdirectory(tests)

endif()

if(JWT_ENABLE_FUZZING)

add_subdirectory(tests/fuzz)

endif()

if (base.substr(size - fill.size(), fill.size()) == fill) {

fill_cnt++;

size -= fill.size();

if (fill_cnt > 2) throw std::runtime_error("Invalid input");

if (fill_cnt > 2) throw std::runtime_error("Invalid input: too much fill");

} else

break;

}

if ((size + fill_cnt) % 4 != 0) throw std::runtime_error("Invalid input");

if ((size + fill_cnt) % 4 != 0) throw std::runtime_error("Invalid input: incorrect total size");

size_t out_size = size / 4 * 3;

std::string res;

for (size_t i = 0; i < alphabet.size(); i++) {

if (alphabet[i] == base[offset]) return static_cast<uint32_t>(i);

}

throw std::runtime_error("Invalid input");

throw std::runtime_error("Invalid input: not within alphabet");

};

size_t fast_size = size - size % 4;

#include <jwt-cpp/base.h>

extern "C" {

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {

try {

const auto bin = jwt::base::decode<jwt::alphabet::base64>(

std::string{(char *)Data, Size});

} catch (const std::runtime_error &) {

// parse errors are ok, because input may be random bytes

}

return 0; // Non-zero return values are reserved for future use.

}

}

#include <jwt-cpp/base.h>

extern "C" {

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {

jwt::base::encode<jwt::alphabet::base64>(std::string{(char *)Data, Size});

return 0; // Non-zero return values are reserved for future use.

}

}

if(NOT ${CMAKE_CXX_COMPILER_ID} STREQUAL Clang)

message(FATAL_ERROR "Fuzzing is only available on Clang")

endif()

function(ADD_FUZZING_EXECUTABLE TARGET)

add_executable(jwt-cpp-fuzz-${TARGET} "${TARGET}.cpp")

target_compile_options(

jwt-cpp-fuzz-${TARGET}

PRIVATE -g -O1 -fsanitize=fuzzer,address,signed-integer-overflow,undefined

-fno-omit-frame-pointer)

target_link_options(

jwt-cpp-fuzz-${TARGET} PRIVATE

-fsanitize=fuzzer,address,signed-integer-overflow,undefined

-fno-omit-frame-pointer)

target_link_libraries(jwt-cpp-fuzz-${TARGET} PRIVATE jwt-cpp::jwt-cpp)

endfunction()

add_fuzzing_executable(BaseEncodeFuzz)

add_fuzzing_executable(BaseDecodeFuzz)

add_fuzzing_executable(TokenDecodeFuzz)

#include <jwt-cpp/jwt.h>

extern "C" {

int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {

try {

// step 1: parse input

const auto jwt1 = jwt::decode(std::string{(char *)Data, Size});

try {

// step 2: round trip

std::string s1 = jwt1.get_token();

const auto jwt2 = jwt::decode(s1);

// tokens must match

if (s1 != jwt2.get_token())

abort();

} catch (...) {

// parsing raw data twice must not fail

abort();

}

} catch (...) {

// parse errors are ok, because input may be random bytes

}

return 0; // Non-zero return values are reserved for future use.

}

}

FMF=