hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 19:55:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: convert MissingJWTSignatureCheck test to .qlref

Browse Source
This commit is contained in:
Nora Dimitrijević
2025-06-23 16:52:03 +02:00
parent 85c2f72892
commit 28694276e2
4 changed files with 67 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
java/ql/test/query-tests/security/CWE-347/MissingJWTSignatureCheckTest.java
View File

@@ -10,15 +10,15 @@ import io.jsonwebtoken.impl.DefaultJwtParserBuilder;
public class MissingJWTSignatureCheckTest {
private JwtParser getASignedParser() {
return Jwts.parser().setSigningKey("someBase64EncodedKey");
return Jwts.parser().setSigningKey("someBase64EncodedKey"); // $ Source
}
private JwtParser getASignedParserFromParserBuilder() {
return Jwts.parserBuilder().setSigningKey("someBase64EncodedKey").build();
return Jwts.parserBuilder().setSigningKey("someBase64EncodedKey").build(); // $ Source
}
private JwtParser getASignedNewParser() {
return new DefaultJwtParser().setSigningKey("someBase64EncodedKey");
return new DefaultJwtParser().setSigningKey("someBase64EncodedKey"); // $ Source
}
private void callSignedParsers() {
@@ -80,11 +80,11 @@ public class MissingJWTSignatureCheckTest {
}
private void badJwtOnParserBuilder(JwtParser parser, String token) {
parser.parse(token); // $hasMissingJwtSignatureCheck
parser.parse(token); // $ Alert
}
private void badJwtHandlerOnParserBuilder(JwtParser parser, String token) {
parser.parse(token, new JwtHandlerAdapter<Jwt<Header, String>>() { // $hasMissingJwtSignatureCheck
parser.parse(token, new JwtHandlerAdapter<Jwt<Header, String>>() { // $ Alert
@Override
public Jwt<Header, String> onPlaintextJwt(Jwt<Header, String> jwt) {
return jwt;
@@ -107,15 +107,15 @@ public class MissingJWTSignatureCheckTest {
}
private void badJwtOnParserBuilder(String token) {
Jwts.parserBuilder().setSigningKey("someBase64EncodedKey").build().parse(token); // $hasMissingJwtSignatureCheck
Jwts.parserBuilder().setSigningKey("someBase64EncodedKey").build().parse(token); // $ Alert
}
private void badJwtOnDefaultParserBuilder(String token) {
new DefaultJwtParserBuilder().setSigningKey("someBase64EncodedKey").build().parse(token); // $hasMissingJwtSignatureCheck
new DefaultJwtParserBuilder().setSigningKey("someBase64EncodedKey").build().parse(token); // $ Alert
}
private void badJwtHandlerOnParser(String token) {
Jwts.parser().setSigningKey("someBase64EncodedKey").parse(token, // $hasMissingJwtSignatureCheck
Jwts.parser().setSigningKey("someBase64EncodedKey").parse(token, // $ Alert
new JwtHandlerAdapter<Jwt<Header, String>>() {
@Override
public Jwt<Header, String> onPlaintextJwt(Jwt<Header, String> jwt) {