🗓 Jul 3, 2023 2:25:03 PM

✨ jwt_token_none_alg generator ✨ stringify method that uses json.dumps ✨ random_case method 🧪 tests added/updated
securisec · Jul 3, 2023 · 81b3de2 · 81b3de2
1 parent 7634be3
commit 81b3de2
Show file tree

Hide file tree

Showing 10 changed files with 97 additions and 1 deletion.
diff --git a/TODO b/TODO
@@ -24,6 +24,7 @@ New ideas:
   ☐ ✨ zero-width encode/decode
   ☐ ✨ hill cipher encode/decode/brute
   ☐ 💡 maybe a decorator function to convert all inputs into bytes when possible? this will allow for a consistant bytes approach to all functions
+  ☐ rsa enc/dec with key or from pem directly
 
 Bug:
 
@@ -58,6 +59,8 @@ Misc:
   ☐ cyberchef recipe to chepy recipe converter
 
 Archive:
+  ✔ stringify method using json.dumps
+  ✔ jwt none algo
   ✔ ✨ extractor partially done
   ✔ vigenere make aware of all cases/numbers/specials. i.e. npcdhzaon{a4Rmp!_K1N5q0p_4vQfKkT1uA3R} key victory shaktictf{y4Yyy!_M1S5i0n_4cCoMpL1sH3D}
   ✔ us-ascii 7bit 20127 https://gchq.github.io/CyberChef/#recipe=Encode_text('US-ASCII%20(7-bit)%20(20127)') 걳걵걮걻걢갴걳갳걟갱갲갸걟갱갵걟걢갱건걟걲갳걭갴거거갱걮걧걽

diff --git a/chepy/modules/codetidy.py b/chepy/modules/codetidy.py
@@ -1,6 +1,7 @@
 from typing import TypeVar
 
 import json
+import random
 
 import pydash
 import regex as re
@@ -205,3 +206,28 @@ def to_leetspeak(self, special_chars: bool = True) -> CodeTidyT:
                 hold += char
         self.state = hold
         return self
+
+    @ChepyDecorators.call_stack
+    def random_case(self) -> CodeTidyT:
+        """Randomly change the case
+
+        Returns:
+            Chepy: The Chepy object.
+        """
+        string = self._convert_to_str()
+        string_length = len(string)
+
+        random_indices = random.sample(range(string_length), string_length)
+        random_chars = []
+        for i in random_indices:
+            if random.choice([True, False]):
+                random_chars.append(string[i].upper())
+            else:
+                random_chars.append(string[i].lower())
+
+        string_list = list(string)
+        for index, char in zip(random_indices, random_chars):
+            if 0 <= index < len(string_list):
+                string_list[index] = char
+        self.state = "".join(string_list)
+        return self
diff --git a/chepy/modules/codetidy.pyi b/chepy/modules/codetidy.pyi
@@ -16,3 +16,4 @@ class CodeTidy(ChepyCore):
     def to_kebab_case(self: CodeTidyT) -> CodeTidyT: ...
     def swap_case(self: CodeTidyT) -> CodeTidyT: ...
     def to_leetspeak(self: CodeTidyT, special_chars: bool=...) -> CodeTidyT: ...
+    def random_case(self) -> CodeTidyT: ...
diff --git a/chepy/modules/dataformat.py b/chepy/modules/dataformat.py
@@ -1260,6 +1260,22 @@ def to_string(self) -> DataFormatT:
         self.state = self._convert_to_str()
         return self
 
+    @ChepyDecorators.call_stack
+    def stringify(self, compact: bool = True) -> DataFormatT:
+        """Stringify the state. This uses json.dumps unlike to_string
+
+        Args:
+            compact (bool, optional): If the output should be compact. Defaults to True.
+
+        Returns:
+            Chepy: The Chepy object.
+        """
+        sep = None
+        if compact:
+            sep = (",", ":")
+        self.state = json.dumps(self.state, separators=sep)
+        return self
+
     @ChepyDecorators.call_stack
     def select(self, start: int, end: int = None) -> DataFormatT:
         """Get an item by specifying an index

diff --git a/chepy/modules/dataformat.pyi b/chepy/modules/dataformat.pyi
@@ -71,6 +71,7 @@ class DataFormat(ChepyCore):
     def from_nato(self: DataFormatT, delimiter: str=..., join_by: str=...) -> DataFormatT: ...
     def swap_strings(self: DataFormatT, by:int) -> DataFormatT: ...
     def to_string(self: DataFormatT) -> DataFormatT: ...
+    def stringify(self: DataFormatT, compact:bool=...) -> DataFormatT: ...
     def select(self: DataFormatT, start: int, end: int) -> DataFormatT: ...
     def length(self: DataFormatT) -> DataFormatT: ...
     def to_leetcode(self: DataFormatT, replace_space: str=...) -> DataFormatT: ...

diff --git a/chepy/modules/encryptionencoding.py b/chepy/modules/encryptionencoding.py
@@ -3,7 +3,7 @@
 import codecs
 import itertools
 import string
-from typing import Literal, TypeVar, Dict
+from typing import Literal, TypeVar, Dict, Any
 
 import lazy_import
 
@@ -432,6 +432,27 @@ def jwt_bruteforce(
             else:  # pragma: no cover
                 return self
 
+    @ChepyDecorators.call_stack
+    def jwt_token_none_alg(self, headers: Dict[str, Any] = {}) -> EncryptionEncodingT:
+        """Generate a jwt token with none algorithem
+
+        Args:
+            headers (Dict[str, Any], optional): Headers. `alg` key will be overwritten. Defaults to {}.
+
+        Returns:
+            Chepy: The Chepy object.
+        """
+        assert isinstance(self.state, dict), "State should be a dictionary"
+        headers["alg"] = "none"
+        encoded_headers = base64.b64encode(json.dumps(headers).encode()).replace(
+            b"=", b""
+        )
+        encoded_payload = base64.b64encode(json.dumps(self.state).encode()).replace(
+            b"=", b""
+        )
+        self.state = encoded_headers + b"." + encoded_payload + b"."
+        return self
+
     @ChepyDecorators.call_stack
     def rc4_encrypt(self, key: str, key_format: str = "hex") -> EncryptionEncodingT:
         """Encrypt raw state with RC4

diff --git a/chepy/modules/encryptionencoding.pyi b/chepy/modules/encryptionencoding.pyi
@@ -26,6 +26,7 @@ class EncryptionEncoding(ChepyCore):
     def jwt_verify(self: EncryptionEncodingT, secret: str, algorithm: list=...) -> EncryptionEncodingT: ...
     def jwt_sign(self: EncryptionEncodingT, secret: str, algorithms: str=...) -> EncryptionEncodingT: ...
     def jwt_bruteforce(self: EncryptionEncodingT, wordlist: str, b64_encode: bool=..., algorithm: list=...) -> EncryptionEncodingT: ...
+    def jwt_token_none_alg(self: EncryptionEncodingT, headers: Dict[str, Any]=...) -> EncryptionEncodingT: ...
     def rc4_encrypt(self: EncryptionEncodingT, key: str, key_format: RC4_FORMAT=...) -> EncryptionEncodingT: ...
     def rc4_decrypt(self: EncryptionEncodingT, key: str, key_format: RC4_FORMAT=...) -> EncryptionEncodingT: ...
     def des_encrypt(self: EncryptionEncodingT, key: str, iv: str=..., mode: Literal["CBC", "OFB", "CTR", "ECB"]=..., key_format: FORMAT=..., iv_format: FORMAT=...) -> EncryptionEncodingT: ...

diff --git a/tests/test_codetidy.py b/tests/test_codetidy.py
@@ -1,3 +1,4 @@
+import string
 from chepy import Chepy
 
 
@@ -49,3 +50,8 @@ def test_lower_case():
 def test_leet_speak():
     assert Chepy("somexValue").to_leetspeak().o == "50m3%V@1u3"
     assert Chepy("somexValue").to_leetspeak(False).o == "50m3xVa1u3"
+
+
+def test_random_case():
+    data = string.ascii_letters * 5
+    assert Chepy(data).random_case().o != data
diff --git a/tests/test_dataformat.py b/tests/test_dataformat.py
@@ -375,6 +375,14 @@ def test_to_string():
     assert Chepy(1).to_string().o == "1"
 
 
+def test_stringify():
+    assert Chepy("aa").stringify().o == '"aa"'
+    assert Chepy(123).stringify().o == "123"
+    # assert Chepy("\xaa").stringify().o == '"\\u00aa"'
+    assert Chepy(True).stringify().o == "true"
+    assert Chepy({"a": 1}).stringify(False).o == '{"a": 1}'
+
+
 def test_select():
     assert Chepy("abcd").select(0, 2).o == "ab"
     assert Chepy("abcd").select(2).o == "cd"

diff --git a/tests/test_encryptionencoding.py b/tests/test_encryptionencoding.py
@@ -122,6 +122,19 @@ def test_jwt_bruteforce():
     )
 
 
+def test_jwt_non_alg():
+    assert (
+        Chepy(
+            {
+                "sub": "administrator",
+            }
+        )
+        .jwt_token_none_alg()
+        .o
+        == b"eyJhbGciOiAibm9uZSJ9.eyJzdWIiOiAiYWRtaW5pc3RyYXRvciJ9."
+    )
+
+
 def test_rc4_encrypt():
     msg = "some data"
     res = b"9e59bf79a2c0b7d253"