hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-24 08:15:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Apply suggestions from code review

Browse Source 
Co-authored-by: Chris Smowton <smowton@github.com>
This commit is contained in:
Tony Torralba
2024-02-14 09:54:16 +01:00
parent 5a82d2188a
commit 769ec16803
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
go/ql/src/Security/CWE-347/MissingJwtSignatureCheck.qhelp
View File

@@ -2,10 +2,10 @@
<qhelp>
<overview>
<p>Applications decoding a JSON Web Token (JWT) may be vulnerable when the
signature is not correctly verified in the process.</p>
signature is not correctly verified.</p>
</overview>
<recommendation>
<p>Always verify the signature by using the appropriate methods depending on the JWT library,
<p>Always verify the signature by using the appropriate methods provided by the JWT library,
or use a library that verifies it by default.</p>
</recommendation>
<example>