hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-21 06:55:31 +02:00
Code Issues Packages Projects Releases Wiki Activity

Update go/ql/lib/semmle/go/security/Jwt.qll

Browse Source
This commit is contained in:
Tony Torralba
2024-02-14 09:52:46 +01:00
parent 304998d50e
commit 8afaa231ee
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
go/ql/lib/semmle/go/security/Jwt.qll
View File

@@ -35,7 +35,7 @@ private class GinJwtSign extends HardcodedCredentials::Sink {
private class SquareJoseKey extends HardcodedCredentials::Sink {
SquareJoseKey() {
exists(Field f, string pkg |
pkg = ["github.com/square/go-jose/v3", "gopkg.in/square/go-jose.v2"]
pkg = [package("github.com/square/go-jose", ""), "gopkg.in/square/go-jose.v2"]
|
f.hasQualifiedName(pkg, ["Recipient", "SigningKey"], "Key") and
f.getAWrite().getRhs() = this