hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-04 13:15:21 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #12852 from egregius313/egregius313/java/webgoat/model-jwsheader

Browse Source 
Java: Model `io.jsonwebtoken.SigningKeyResolverAdapter` and `io.jsonwebtoken.JwsHeader`
This commit is contained in:
Edward Minnix III
2023-05-08 10:57:34 -04:00
committed by GitHub
parent 9558522d84 0c604b1c34
commit 05b1bd881e
9 changed files with 156 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
java/ql/lib/semmle/code/java/dataflow/FlowSteps.qll
View File

@@ -18,6 +18,7 @@ private module Frameworks {
private import semmle.code.java.frameworks.ApacheHttp
private import semmle.code.java.frameworks.guava.Guava
private import semmle.code.java.frameworks.Guice
private import semmle.code.java.frameworks.IoJsonWebToken
private import semmle.code.java.frameworks.jackson.JacksonSerializability
private import semmle.code.java.frameworks.Properties
private import semmle.code.java.frameworks.Protobuf

11
java/ql/lib/semmle/code/java/frameworks/IoJsonWebToken.qll Normal file
View File

@@ -0,0 +1,11 @@
/** Predicates and classes to reason about the `io.jsonwebtoken` library. */
import java
private import semmle.code.java.dataflow.DataFlow
private import semmle.code.java.dataflow.FlowSteps
private class JwsHeaderFieldsInheritTaint extends DataFlow::SyntheticFieldContent,
TaintInheritingContent
{
JwsHeaderFieldsInheritTaint() { this.getField().matches("io.jsonwebtoken.JwsHeader.%") }
}