hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-30 03:05:15 +02:00
Code Issues Packages Projects Releases Wiki Activity

Add missing subtype test

Browse Source
This commit is contained in:
Tony Torralba
2021-05-18 09:38:35 +02:00
parent 347bd2ebc2
commit 34a55e77ef
2 changed files with 58 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
java/ql/test/query-tests/security/CWE-347/MissingJWTSignatureCheckTest.java
View File

@@ -1,11 +1,11 @@
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwt;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.Header;
import io.jsonwebtoken.JwtParserBuilder;
import io.jsonwebtoken.Jws;
import io.jsonwebtoken.Jwt;
import io.jsonwebtoken.JwtHandlerAdapter;
import io.jsonwebtoken.JwtParser;
import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.impl.DefaultJwtParser;
import io.jsonwebtoken.impl.DefaultJwtParserBuilder;
public class MissingJWTSignatureCheckTest {
@@ -110,6 +110,10 @@ public class MissingJWTSignatureCheckTest {
Jwts.parserBuilder().setSigningKey("someBase64EncodedKey").build().parse(token); // $hasMissingJwtSignatureCheck
}
private void badJwtOnDefaultParserBuilder(String token) {
new DefaultJwtParserBuilder().setSigningKey("someBase64EncodedKey").build().parse(token); // $hasMissingJwtSignatureCheck
}
private void badJwtHandlerOnParser(String token) {
Jwts.parser().setSigningKey("someBase64EncodedKey").parse(token, // $hasMissingJwtSignatureCheck
new JwtHandlerAdapter<Jwt<Header, String>>() {