mirror of
https://github.com/github/codeql.git
synced 2026-04-25 08:45:14 +02:00
move jose SharedTaintStep to a local taint step, add more additional steps with test cases, update test cases and expected test results
This commit is contained in:
am0o0
@@ -56,18 +56,6 @@ private module JsonWebToken {
|
||||
* Provides classes and predicates modeling the `jose` library.
|
||||
*/
|
||||
private module Jose {
|
||||
/**
|
||||
* A taint-step for `succ = await jose.importSPKI(pred, 'RS256')`.
|
||||
*/
|
||||
private class ImportSpkiStep extends TaintTracking::SharedTaintStep, DataFlow::SharedFlowStep {
|
||||
override predicate step(DataFlow::Node pred, DataFlow::Node succ) {
|
||||
exists(API::Node n | n = API::moduleImport("jose").getMember("importSPKI") |
|
||||
pred = n.getACall().getArgument(0) and
|
||||
succ = n.getReturn().getPromised().asSource()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* A taint-step for `succ = jose.base64url.encode(pred)` or `succ = jose.base64url.decode(pred)`.
|
||||
*/
|
||||
@@ -83,10 +71,12 @@ private module Jose {
|
||||
}
|
||||
|
||||
/**
|
||||
* The asymmetric key or symmetric secret for a JWT as a `CredentialsNode`.
|
||||
* The asymmetric key or symmetric secret for verifying a JWT as a `CredentialsNode`.
|
||||
*/
|
||||
private class JwtKey extends CredentialsNode {
|
||||
JwtKey() { this = API::moduleImport("jose").getMember("jwtVerify").getParameter(1).asSink() }
|
||||
private class JwtVerifyKey extends CredentialsNode {
|
||||
JwtVerifyKey() {
|
||||
this = API::moduleImport("jose").getMember("jwtVerify").getParameter(1).asSink()
|
||||
}
|
||||
|
||||
override string getCredentialsKind() { result = "key" }
|
||||
}
|
||||
|
||||
@@ -35,5 +35,24 @@ class Configuration extends DataFlow::Configuration {
|
||||
trg = bufferFrom and
|
||||
src = bufferFrom.getArgument(0)
|
||||
)
|
||||
or
|
||||
exists(API::Node n |
|
||||
n = API::moduleImport("jose").getMember(["importSPKI", "importPKCS8", "importX509"])
|
||||
|
|
||||
src = n.getACall().getArgument(0) and
|
||||
trg = n.getReturn().getPromised().asSource()
|
||||
)
|
||||
or
|
||||
exists(API::Node n |
|
||||
n = API::moduleImport("jose").getMember(["importSPKI", "importPKCS8", "importX509"])
|
||||
|
|
||||
src = n.getACall().getArgument(0) and
|
||||
trg = n.getReturn().getPromised().asSource()
|
||||
)
|
||||
or
|
||||
exists(API::Node n | n = API::moduleImport("jose").getMember("importJWK") |
|
||||
src = n.getParameter(0).getMember(["x", "y", "n"]).asSink() and
|
||||
trg = n.getReturn().getPromised().asSource()
|
||||
)
|
||||
}
|
||||
}
|
||||
|
||||
@@ -299,39 +299,45 @@ nodes
|
||||
| HardcodedCredentials.js:317:27:317:62 | new Tex ... ateKey) |
|
||||
| HardcodedCredentials.js:317:27:317:62 | new Tex ... ateKey) |
|
||||
| HardcodedCredentials.js:317:52:317:61 | privateKey |
|
||||
| HardcodedCredentials.js:320:11:323:29 | spki |
|
||||
| HardcodedCredentials.js:320:18:323:29 | `-----B ... Y-----` |
|
||||
| HardcodedCredentials.js:320:18:323:29 | `-----B ... Y-----` |
|
||||
| HardcodedCredentials.js:324:11:324:58 | publicKey |
|
||||
| HardcodedCredentials.js:324:23:324:58 | await j ... RS256') |
|
||||
| HardcodedCredentials.js:324:45:324:48 | spki |
|
||||
| HardcodedCredentials.js:325:27:325:35 | publicKey |
|
||||
| HardcodedCredentials.js:325:27:325:35 | publicKey |
|
||||
| HardcodedCredentials.js:331:9:331:43 | secretKey |
|
||||
| HardcodedCredentials.js:331:21:331:43 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:331:21:331:43 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:336:21:336:29 | secretKey |
|
||||
| HardcodedCredentials.js:336:21:336:29 | secretKey |
|
||||
| HardcodedCredentials.js:347:21:347:52 | Buffer. ... ase64") |
|
||||
| HardcodedCredentials.js:347:21:347:52 | Buffer. ... ase64") |
|
||||
| HardcodedCredentials.js:347:33:347:41 | secretKey |
|
||||
| HardcodedCredentials.js:362:9:362:43 | secretKey |
|
||||
| HardcodedCredentials.js:362:21:362:43 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:362:21:362:43 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:365:24:365:32 | secretKey |
|
||||
| HardcodedCredentials.js:365:24:365:32 | secretKey |
|
||||
| HardcodedCredentials.js:372:31:372:39 | secretKey |
|
||||
| HardcodedCredentials.js:372:31:372:39 | secretKey |
|
||||
| HardcodedCredentials.js:383:9:383:43 | secretKey |
|
||||
| HardcodedCredentials.js:383:21:383:43 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:383:21:383:43 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:386:17:386:25 | secretKey |
|
||||
| HardcodedCredentials.js:386:17:386:25 | secretKey |
|
||||
| HardcodedCredentials.js:401:9:401:43 | secretKey |
|
||||
| HardcodedCredentials.js:401:21:401:43 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:401:21:401:43 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:403:27:403:35 | secretKey |
|
||||
| HardcodedCredentials.js:403:27:403:35 | secretKey |
|
||||
| HardcodedCredentials.js:319:11:321:29 | spki |
|
||||
| HardcodedCredentials.js:319:18:321:29 | `-----B ... Y-----` |
|
||||
| HardcodedCredentials.js:319:18:321:29 | `-----B ... Y-----` |
|
||||
| HardcodedCredentials.js:322:9:322:56 | publicKey |
|
||||
| HardcodedCredentials.js:322:21:322:56 | await j ... RS256') |
|
||||
| HardcodedCredentials.js:322:43:322:46 | spki |
|
||||
| HardcodedCredentials.js:323:27:323:35 | publicKey |
|
||||
| HardcodedCredentials.js:323:27:323:35 | publicKey |
|
||||
| HardcodedCredentials.js:328:12:328:55 | 'whYOFK ... -6f...' |
|
||||
| HardcodedCredentials.js:328:12:328:55 | 'whYOFK ... -6f...' |
|
||||
| HardcodedCredentials.js:331:5:331:46 | publicKey |
|
||||
| HardcodedCredentials.js:331:17:331:46 | await j ... k, alg) |
|
||||
| HardcodedCredentials.js:335:31:335:39 | publicKey |
|
||||
| HardcodedCredentials.js:335:31:335:39 | publicKey |
|
||||
| HardcodedCredentials.js:344:9:344:43 | secretKey |
|
||||
| HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:349:21:349:29 | secretKey |
|
||||
| HardcodedCredentials.js:349:21:349:29 | secretKey |
|
||||
| HardcodedCredentials.js:360:21:360:52 | Buffer. ... ase64") |
|
||||
| HardcodedCredentials.js:360:21:360:52 | Buffer. ... ase64") |
|
||||
| HardcodedCredentials.js:360:33:360:41 | secretKey |
|
||||
| HardcodedCredentials.js:375:9:375:43 | secretKey |
|
||||
| HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:378:24:378:32 | secretKey |
|
||||
| HardcodedCredentials.js:378:24:378:32 | secretKey |
|
||||
| HardcodedCredentials.js:385:31:385:39 | secretKey |
|
||||
| HardcodedCredentials.js:385:31:385:39 | secretKey |
|
||||
| HardcodedCredentials.js:396:9:396:43 | secretKey |
|
||||
| HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:399:17:399:25 | secretKey |
|
||||
| HardcodedCredentials.js:399:17:399:25 | secretKey |
|
||||
| HardcodedCredentials.js:414:9:414:43 | secretKey |
|
||||
| HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" |
|
||||
| HardcodedCredentials.js:416:27:416:35 | secretKey |
|
||||
| HardcodedCredentials.js:416:27:416:35 | secretKey |
|
||||
| __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' |
|
||||
| __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' |
|
||||
| __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' |
|
||||
@@ -484,34 +490,39 @@ edges
|
||||
| HardcodedCredentials.js:316:22:316:44 | "myHard ... ateKey" | HardcodedCredentials.js:316:9:316:44 | privateKey |
|
||||
| HardcodedCredentials.js:317:52:317:61 | privateKey | HardcodedCredentials.js:317:27:317:62 | new Tex ... ateKey) |
|
||||
| HardcodedCredentials.js:317:52:317:61 | privateKey | HardcodedCredentials.js:317:27:317:62 | new Tex ... ateKey) |
|
||||
| HardcodedCredentials.js:320:11:323:29 | spki | HardcodedCredentials.js:324:45:324:48 | spki |
|
||||
| HardcodedCredentials.js:320:18:323:29 | `-----B ... Y-----` | HardcodedCredentials.js:320:11:323:29 | spki |
|
||||
| HardcodedCredentials.js:320:18:323:29 | `-----B ... Y-----` | HardcodedCredentials.js:320:11:323:29 | spki |
|
||||
| HardcodedCredentials.js:324:11:324:58 | publicKey | HardcodedCredentials.js:325:27:325:35 | publicKey |
|
||||
| HardcodedCredentials.js:324:11:324:58 | publicKey | HardcodedCredentials.js:325:27:325:35 | publicKey |
|
||||
| HardcodedCredentials.js:324:23:324:58 | await j ... RS256') | HardcodedCredentials.js:324:11:324:58 | publicKey |
|
||||
| HardcodedCredentials.js:324:45:324:48 | spki | HardcodedCredentials.js:324:23:324:58 | await j ... RS256') |
|
||||
| HardcodedCredentials.js:331:9:331:43 | secretKey | HardcodedCredentials.js:336:21:336:29 | secretKey |
|
||||
| HardcodedCredentials.js:331:9:331:43 | secretKey | HardcodedCredentials.js:336:21:336:29 | secretKey |
|
||||
| HardcodedCredentials.js:331:9:331:43 | secretKey | HardcodedCredentials.js:347:33:347:41 | secretKey |
|
||||
| HardcodedCredentials.js:331:21:331:43 | "myHard ... ateKey" | HardcodedCredentials.js:331:9:331:43 | secretKey |
|
||||
| HardcodedCredentials.js:331:21:331:43 | "myHard ... ateKey" | HardcodedCredentials.js:331:9:331:43 | secretKey |
|
||||
| HardcodedCredentials.js:347:33:347:41 | secretKey | HardcodedCredentials.js:347:21:347:52 | Buffer. ... ase64") |
|
||||
| HardcodedCredentials.js:347:33:347:41 | secretKey | HardcodedCredentials.js:347:21:347:52 | Buffer. ... ase64") |
|
||||
| HardcodedCredentials.js:362:9:362:43 | secretKey | HardcodedCredentials.js:365:24:365:32 | secretKey |
|
||||
| HardcodedCredentials.js:362:9:362:43 | secretKey | HardcodedCredentials.js:365:24:365:32 | secretKey |
|
||||
| HardcodedCredentials.js:362:9:362:43 | secretKey | HardcodedCredentials.js:372:31:372:39 | secretKey |
|
||||
| HardcodedCredentials.js:362:9:362:43 | secretKey | HardcodedCredentials.js:372:31:372:39 | secretKey |
|
||||
| HardcodedCredentials.js:362:21:362:43 | "myHard ... ateKey" | HardcodedCredentials.js:362:9:362:43 | secretKey |
|
||||
| HardcodedCredentials.js:362:21:362:43 | "myHard ... ateKey" | HardcodedCredentials.js:362:9:362:43 | secretKey |
|
||||
| HardcodedCredentials.js:383:9:383:43 | secretKey | HardcodedCredentials.js:386:17:386:25 | secretKey |
|
||||
| HardcodedCredentials.js:383:9:383:43 | secretKey | HardcodedCredentials.js:386:17:386:25 | secretKey |
|
||||
| HardcodedCredentials.js:383:21:383:43 | "myHard ... ateKey" | HardcodedCredentials.js:383:9:383:43 | secretKey |
|
||||
| HardcodedCredentials.js:383:21:383:43 | "myHard ... ateKey" | HardcodedCredentials.js:383:9:383:43 | secretKey |
|
||||
| HardcodedCredentials.js:401:9:401:43 | secretKey | HardcodedCredentials.js:403:27:403:35 | secretKey |
|
||||
| HardcodedCredentials.js:401:9:401:43 | secretKey | HardcodedCredentials.js:403:27:403:35 | secretKey |
|
||||
| HardcodedCredentials.js:401:21:401:43 | "myHard ... ateKey" | HardcodedCredentials.js:401:9:401:43 | secretKey |
|
||||
| HardcodedCredentials.js:401:21:401:43 | "myHard ... ateKey" | HardcodedCredentials.js:401:9:401:43 | secretKey |
|
||||
| HardcodedCredentials.js:319:11:321:29 | spki | HardcodedCredentials.js:322:43:322:46 | spki |
|
||||
| HardcodedCredentials.js:319:18:321:29 | `-----B ... Y-----` | HardcodedCredentials.js:319:11:321:29 | spki |
|
||||
| HardcodedCredentials.js:319:18:321:29 | `-----B ... Y-----` | HardcodedCredentials.js:319:11:321:29 | spki |
|
||||
| HardcodedCredentials.js:322:9:322:56 | publicKey | HardcodedCredentials.js:323:27:323:35 | publicKey |
|
||||
| HardcodedCredentials.js:322:9:322:56 | publicKey | HardcodedCredentials.js:323:27:323:35 | publicKey |
|
||||
| HardcodedCredentials.js:322:21:322:56 | await j ... RS256') | HardcodedCredentials.js:322:9:322:56 | publicKey |
|
||||
| HardcodedCredentials.js:322:43:322:46 | spki | HardcodedCredentials.js:322:21:322:56 | await j ... RS256') |
|
||||
| HardcodedCredentials.js:328:12:328:55 | 'whYOFK ... -6f...' | HardcodedCredentials.js:331:17:331:46 | await j ... k, alg) |
|
||||
| HardcodedCredentials.js:328:12:328:55 | 'whYOFK ... -6f...' | HardcodedCredentials.js:331:17:331:46 | await j ... k, alg) |
|
||||
| HardcodedCredentials.js:331:5:331:46 | publicKey | HardcodedCredentials.js:335:31:335:39 | publicKey |
|
||||
| HardcodedCredentials.js:331:5:331:46 | publicKey | HardcodedCredentials.js:335:31:335:39 | publicKey |
|
||||
| HardcodedCredentials.js:331:17:331:46 | await j ... k, alg) | HardcodedCredentials.js:331:5:331:46 | publicKey |
|
||||
| HardcodedCredentials.js:344:9:344:43 | secretKey | HardcodedCredentials.js:349:21:349:29 | secretKey |
|
||||
| HardcodedCredentials.js:344:9:344:43 | secretKey | HardcodedCredentials.js:349:21:349:29 | secretKey |
|
||||
| HardcodedCredentials.js:344:9:344:43 | secretKey | HardcodedCredentials.js:360:33:360:41 | secretKey |
|
||||
| HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:344:9:344:43 | secretKey |
|
||||
| HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:344:9:344:43 | secretKey |
|
||||
| HardcodedCredentials.js:360:33:360:41 | secretKey | HardcodedCredentials.js:360:21:360:52 | Buffer. ... ase64") |
|
||||
| HardcodedCredentials.js:360:33:360:41 | secretKey | HardcodedCredentials.js:360:21:360:52 | Buffer. ... ase64") |
|
||||
| HardcodedCredentials.js:375:9:375:43 | secretKey | HardcodedCredentials.js:378:24:378:32 | secretKey |
|
||||
| HardcodedCredentials.js:375:9:375:43 | secretKey | HardcodedCredentials.js:378:24:378:32 | secretKey |
|
||||
| HardcodedCredentials.js:375:9:375:43 | secretKey | HardcodedCredentials.js:385:31:385:39 | secretKey |
|
||||
| HardcodedCredentials.js:375:9:375:43 | secretKey | HardcodedCredentials.js:385:31:385:39 | secretKey |
|
||||
| HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:375:9:375:43 | secretKey |
|
||||
| HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:375:9:375:43 | secretKey |
|
||||
| HardcodedCredentials.js:396:9:396:43 | secretKey | HardcodedCredentials.js:399:17:399:25 | secretKey |
|
||||
| HardcodedCredentials.js:396:9:396:43 | secretKey | HardcodedCredentials.js:399:17:399:25 | secretKey |
|
||||
| HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" | HardcodedCredentials.js:396:9:396:43 | secretKey |
|
||||
| HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" | HardcodedCredentials.js:396:9:396:43 | secretKey |
|
||||
| HardcodedCredentials.js:414:9:414:43 | secretKey | HardcodedCredentials.js:416:27:416:35 | secretKey |
|
||||
| HardcodedCredentials.js:414:9:414:43 | secretKey | HardcodedCredentials.js:416:27:416:35 | secretKey |
|
||||
| HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | HardcodedCredentials.js:414:9:414:43 | secretKey |
|
||||
| HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | HardcodedCredentials.js:414:9:414:43 | secretKey |
|
||||
| __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' | __tests__/HardcodedCredentialsDemo.js:5:15:5:22 | 'dbuser' |
|
||||
| __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' | __tests__/HardcodedCredentialsDemo.js:8:19:8:28 | 'hgfedcba' |
|
||||
#select
|
||||
@@ -583,10 +594,11 @@ edges
|
||||
| HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | The hard-coded value "iubfewiaaweiybgaeuybgera" is used as $@. | HardcodedCredentials.js:302:44:302:69 | 'iubfew ... ybgera' | key |
|
||||
| HardcodedCredentials.js:308:22:308:44 | "myHard ... ateKey" | HardcodedCredentials.js:308:22:308:44 | "myHard ... ateKey" | HardcodedCredentials.js:309:34:309:43 | privateKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:309:34:309:43 | privateKey | key |
|
||||
| HardcodedCredentials.js:316:22:316:44 | "myHard ... ateKey" | HardcodedCredentials.js:316:22:316:44 | "myHard ... ateKey" | HardcodedCredentials.js:317:27:317:62 | new Tex ... ateKey) | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:317:27:317:62 | new Tex ... ateKey) | key |
|
||||
| HardcodedCredentials.js:320:18:323:29 | `-----B ... Y-----` | HardcodedCredentials.js:320:18:323:29 | `-----B ... Y-----` | HardcodedCredentials.js:325:27:325:35 | publicKey | The hard-coded value "-----BEGIN PUBLIC KEY-----\n MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhYOFK2Ocbbpb/zVypi9\n ...\n -----END PUBLIC KEY-----" is used as $@. | HardcodedCredentials.js:325:27:325:35 | publicKey | key |
|
||||
| HardcodedCredentials.js:331:21:331:43 | "myHard ... ateKey" | HardcodedCredentials.js:331:21:331:43 | "myHard ... ateKey" | HardcodedCredentials.js:336:21:336:29 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:336:21:336:29 | secretKey | key |
|
||||
| HardcodedCredentials.js:331:21:331:43 | "myHard ... ateKey" | HardcodedCredentials.js:331:21:331:43 | "myHard ... ateKey" | HardcodedCredentials.js:347:21:347:52 | Buffer. ... ase64") | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:347:21:347:52 | Buffer. ... ase64") | key |
|
||||
| HardcodedCredentials.js:362:21:362:43 | "myHard ... ateKey" | HardcodedCredentials.js:362:21:362:43 | "myHard ... ateKey" | HardcodedCredentials.js:365:24:365:32 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:365:24:365:32 | secretKey | key |
|
||||
| HardcodedCredentials.js:362:21:362:43 | "myHard ... ateKey" | HardcodedCredentials.js:362:21:362:43 | "myHard ... ateKey" | HardcodedCredentials.js:372:31:372:39 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:372:31:372:39 | secretKey | key |
|
||||
| HardcodedCredentials.js:383:21:383:43 | "myHard ... ateKey" | HardcodedCredentials.js:383:21:383:43 | "myHard ... ateKey" | HardcodedCredentials.js:386:17:386:25 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:386:17:386:25 | secretKey | key |
|
||||
| HardcodedCredentials.js:401:21:401:43 | "myHard ... ateKey" | HardcodedCredentials.js:401:21:401:43 | "myHard ... ateKey" | HardcodedCredentials.js:403:27:403:35 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:403:27:403:35 | secretKey | key |
|
||||
| HardcodedCredentials.js:319:18:321:29 | `-----B ... Y-----` | HardcodedCredentials.js:319:18:321:29 | `-----B ... Y-----` | HardcodedCredentials.js:323:27:323:35 | publicKey | The hard-coded value "-----BEGIN PUBLIC KEY-----\n MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhYOFK2Ocbbpb/zVypi9...\n -----END PUBLIC KEY-----" is used as $@. | HardcodedCredentials.js:323:27:323:35 | publicKey | key |
|
||||
| HardcodedCredentials.js:328:12:328:55 | 'whYOFK ... -6f...' | HardcodedCredentials.js:328:12:328:55 | 'whYOFK ... -6f...' | HardcodedCredentials.js:335:31:335:39 | publicKey | The hard-coded value "whYOFK2Ocbbpb_zVypi9SeKiNUqKQH0zTKN1-6f..." is used as $@. | HardcodedCredentials.js:335:31:335:39 | publicKey | key |
|
||||
| HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:349:21:349:29 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:349:21:349:29 | secretKey | key |
|
||||
| HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:344:21:344:43 | "myHard ... ateKey" | HardcodedCredentials.js:360:21:360:52 | Buffer. ... ase64") | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:360:21:360:52 | Buffer. ... ase64") | key |
|
||||
| HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:378:24:378:32 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:378:24:378:32 | secretKey | key |
|
||||
| HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:375:21:375:43 | "myHard ... ateKey" | HardcodedCredentials.js:385:31:385:39 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:385:31:385:39 | secretKey | key |
|
||||
| HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" | HardcodedCredentials.js:396:21:396:43 | "myHard ... ateKey" | HardcodedCredentials.js:399:17:399:25 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:399:17:399:25 | secretKey | key |
|
||||
| HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | HardcodedCredentials.js:414:21:414:43 | "myHard ... ateKey" | HardcodedCredentials.js:416:27:416:35 | secretKey | The hard-coded value "myHardCodedPrivateKey" is used as $@. | HardcodedCredentials.js:416:27:416:35 | secretKey | key |
|
||||
|
||||
@@ -316,13 +316,26 @@
|
||||
var privateKey = "myHardCodedPrivateKey";
|
||||
jose.jwtVerify(token, new TextEncoder().encode(privateKey)) // NOT OK
|
||||
|
||||
|
||||
const spki = `-----BEGIN PUBLIC KEY-----
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhYOFK2Ocbbpb/zVypi9
|
||||
...
|
||||
MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAwhYOFK2Ocbbpb/zVypi9...
|
||||
-----END PUBLIC KEY-----`
|
||||
const publicKey = await jose.importSPKI(spki, 'RS256')
|
||||
let publicKey = await jose.importSPKI(spki, 'RS256')
|
||||
jose.jwtVerify(token, publicKey) // NOT OK
|
||||
|
||||
const alg = 'RS256'
|
||||
const jwk = {
|
||||
kty: 'RSA',
|
||||
n: 'whYOFK2Ocbbpb_zVypi9SeKiNUqKQH0zTKN1-6f...',
|
||||
e: 'AQAB',
|
||||
}
|
||||
publicKey = await jose.importJWK(jwk, alg)
|
||||
const jwt =
|
||||
'eyJhbGciOiJSUzI1NiJ9.eyJ1cm46ZXhhbXBsZTpjbGFpbSI6dHJ1ZSwiaWF0IjoxNjY5MDU2NDg4LCJpc3MiOiJ1cm46ZXhhbXBsZTppc3N1ZXIiLCJhdWQiOiJ1cm46ZXhhbXBsZTphdWRpZW5jZSJ9.gXrPZ3yM_60dMXGE69dusbpzYASNA-XIOwsb5D5xYnSxyj6_D6OR_uR_1vqhUm4AxZxcrH1_-XJAve9HCw8az_QzHcN-nETt-v6stCsYrn6Bv1YOc-mSJRZ8ll57KVqLbCIbjKwerNX5r2_Qg2TwmJzQdRs-AQDhy-s_DlJd8ql6wR4n-kDZpar-pwIvz4fFIN0Fj57SXpAbLrV6Eo4Byzl0xFD8qEYEpBwjrMMfxCZXTlAVhAq6KCoGlDTwWuExps342-0UErEtyIqDnDGcrfNWiUsoo8j-29IpKd-w9-C388u-ChCxoHz--H8WmMSZzx3zTXsZ5lXLZ9IKfanDKg'
|
||||
|
||||
await jose.jwtVerify(jwt, publicKey, { // NOT OK
|
||||
issuer: 'urn:example:issuer',
|
||||
audience: 'urn:example:audience',
|
||||
})
|
||||
})();
|
||||
|
||||
(function () {
|
||||
|
||||
Reference in New Issue
Block a user