hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-05-01 11:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #7452 from jorgectf/python_jwt

Browse Source 
Python: Add Python_JWT to JWT security query
This commit is contained in:
Taus
2022-02-23 15:23:20 +01:00
committed by GitHub
parent 7d55771092 4aa1c0a11e
commit 3ce7d47b5b
4 changed files with 67 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
python/ql/test/experimental/query-tests/Security/CWE-347/JWTMissingSecretOrPublicKeyVerification.expected
View File

@@ -1,3 +1,4 @@
| pyjwt.py:22:12:22:16 | ControlFlowNode for token | is not verified with a cryptographic secret or public key. |
| pyjwt.py:23:12:23:16 | ControlFlowNode for token | is not verified with a cryptographic secret or public key. |
| python_jose.py:19:12:19:16 | ControlFlowNode for token | is not verified with a cryptographic secret or public key. |
| python_jwt.py:14:28:14:32 | ControlFlowNode for token | is not verified with a cryptographic secret or public key. |

14
python/ql/test/experimental/query-tests/Security/CWE-347/python_jwt.py Normal file
View File

@@ -0,0 +1,14 @@
import python_jwt
# GOOD
def good(token):
python_jwt.process_jwt(token)
python_jwt.verify_jwt(token, "key", "HS256")
# BAD
def bad(token):
python_jwt.process_jwt(token)