feat(policies): initial Rails JWT leaks

[elsapet]

Description

Support for JWT policy

Sample policy report

CRITICAL: JWT leaking policy breach with Personal data
JWT leaks detected

File: ../../Desktop/example/user.rb:10

 10 JWT.encode user.address, nil, 'none'

Checklist

• I've added test coverage that shows my fix or feature works as expected.
• I've updated or added documentation if required.
• I've included usage information in the description if CLI behavior was updated or added.
• PR title follows Conventional Commits format

[swarmia]

✅  Linked to AMA-3283 · JWT Leaking
➡️  Part of AMA-3280 · Write ALL Ruby custom detectors & policies
➡️  Part of AMA-2947 · OSS - Curio CLI

[elsapet]

Advance apologies for a confused question, but with variable reconciliation should we be able to detect the following?

payload = {
	user: {
		first_name: "John",
		last_name: "Doe",
	}
}

token1 = JWT.encode payload, nil, "none"

[cfabianski]

@elsapet we should but it’s not working right now. Working on it with @didroe 😉