{
    "id": "S046",
    "name": "Use algorithm allowlist for self-contained tokens",
    "description": "Prevent algorithm confusion and downgrade attacks by restricting token signing/verification to an explicit allowlist of algorithms. Never allow the 'none' algorithm. Validate algorithm before processing token.",
    "category": "security",
    "severity": "critical",
    "enabled": true,
    "engines": ["heuristic"],
    "enginePreference": ["heuristic"],
    "tags": ["security", "jwt", "token", "algorithm", "authentication"],
    "examples": {
        "valid": [
            "jwt.verify(token, key, { algorithms: ['RS256'] });",
            "const options = { algorithms: ['HS256', 'HS384'] };",
            "if (!['RS256', 'ES256'].includes(header.alg)) throw new Error();"
        ],
        "invalid": [
            "jwt.verify(token, key); // No algorithm specified",
            "jwt.decode(token); // Decodes without verification",
            "{ algorithms: ['none'] } // 'none' algorithm allowed"
        ]
    },
    "fixable": false,
    "docs": {
        "description": "This rule ensures JWT/token verification uses an explicit algorithm allowlist. Algorithm confusion attacks occur when an attacker can control which algorithm is used. Must use algorithm allowlist, never allow 'none' algorithm, prefer either symmetric OR asymmetric algorithms not both. If both needed, implement key type validation to prevent key confusion attacks.",
        "url": "https://owasp.org/Top10/A07_2021-Identification_and_Authentication_Failures/"
    }
}