jwt: reduce heap allocations in jwt.Parse (#3403)

* jwt: benchmark Parse against malicious requests

Signed-off-by: jub0bs <jcretel-infosec+github@protonmail.com>

* jwt: defend Parse against malicious requests

Some benchmark results:

```
goos: darwin
goarch: amd64
pkg: github.com/zalando/skipper/jwt
cpu: Intel(R) Core(TM) i7-6700HQ CPU @ 2.60GHz
                                       │        old        │                  new                  │
                                       │      sec/op       │    sec/op     vs base                 │
Parse_malicious/all_periods-8            13681180.50n ± 2%   97.85n ± 47%  -100.00% (p=0.000 n=10)
Parse_malicious/two_trailing_periods-8         60.78µ ± 1%   35.41µ ± 11%   -41.74% (p=0.000 n=10)
geomean                                        911.9µ        1.861µ         -99.80%

                                       │       old        │                 new                 │
                                       │       B/op       │    B/op     vs base                 │
Parse_malicious/all_periods-8            16785409.00 ± 0%   64.00 ± 0%  -100.00% (p=0.000 n=10)
Parse_malicious/two_trailing_periods-8         224.0 ± 0%   240.0 ± 0%    +7.14% (p=0.000 n=10)
geomean                                      59.88Ki        123.9        -99.80%

                                       │    old     │                 new                 │
                                       │ allocs/op  │ allocs/op   vs base                 │
Parse_malicious/all_periods-8            1.000 ± 0%   1.000 ± 0%       ~ (p=1.000 n=10) ¹
Parse_malicious/two_trailing_periods-8   4.000 ± 0%   4.000 ± 0%       ~ (p=1.000 n=10) ¹
geomean                                  2.000        2.000       +0.00%
¹ all samples are equal
```

Signed-off-by: jub0bs <jcretel-infosec+github@protonmail.com>

---------

Signed-off-by: jub0bs <jcretel-infosec+github@protonmail.com>

jwt/token.go

@@ -16,7 +16,7 @@ type Token struct {
 }
 
 func Parse(value string) (*Token, error) {
-	parts := strings.Split(value, ".")
+	parts := strings.SplitN(value, ".", 4)
 	if len(parts) != 3 {
 		return nil, errInvalidToken
 	}

jwt/token_test.go

@@ -3,6 +3,7 @@ package jwt
 import (
 	"encoding/base64"
 	"encoding/json"
+	"net/http"
 	"reflect"
 	"strings"
 	"testing"
@@ -93,3 +94,26 @@ func BenchmarkParse(b *testing.B) {
 		parseSink, _ = Parse(value)
 	}
 }
+
+func BenchmarkParse_malicious(b *testing.B) {
+	cases := []struct {
+		name  string
+		value string
+	}{
+		{
+			name:  "all periods",
+			value: strings.Repeat(".", http.DefaultMaxHeaderBytes),
+		}, {
+			name:  "two trailing periods",
+			value: strings.Repeat("a", http.DefaultMaxHeaderBytes-2) + "..",
+		},
+	}
+	for _, bc := range cases {
+		b.Run(bc.name, func(b *testing.B) {
+			b.ReportAllocs()
+			for range b.N {
+				parseSink, _ = Parse(bc.value)
+			}
+		})
+	}
+}