Add indeterminate test to pyjwt

jorgectf · jorgectf · commit e14b10370e8e · 2021-07-21T21:30:54.000+02:00
diff --git a/python/ql/test/experimental/query-tests/Security/CWE-437/pyjwt.py b/python/ql/test/experimental/query-tests/Security/CWE-437/pyjwt.py
@@ -3,15 +3,15 @@
 # Encoding
 
 # good - key and algorithm supplied
-jwt.encode({"foo": "bar"}, "key", "HS256")
-jwt.encode({"foo": "bar"}, key="key", algorithm="HS256")
+jwt.encode(token, "key", "HS256")
+jwt.encode(token, key="key", algorithm="HS256")
 
 # bad - both key and algorithm set to None
-jwt.encode({"foo": "bar"}, None, None)
+jwt.encode(token, None, None)
 
 # bad - empty key
-jwt.encode({"foo": "bar"}, "", algorithm="HS256")
-jwt.encode({"foo": "bar"}, key="", algorithm="HS256")
+jwt.encode(token, "", algorithm="HS256")
+jwt.encode(token, key="", algorithm="HS256")
 
 # Decoding
 
@@ -25,3 +25,7 @@
 # good - verified decoding
 jwt.decode(token, verify=True)
 jwt.decode(token, key, options={"verify_signature": True})
+
+
+def indeterminate(verify):
+    jwt.decode(token, key, verify)
