move to experimental

javascript/ql/test/query-tests/Security/CWE-347-noVerification/JsonWebToken.expected

@@ -1,63 +0,0 @@
-nodes
-| JsonWebToken.js:13:11:13:47 | UserToken |
-| JsonWebToken.js:13:23:13:47 | req.hea ... ization |
-| JsonWebToken.js:13:23:13:47 | req.hea ... ization |
-| JsonWebToken.js:16:28:16:36 | UserToken |
-| JsonWebToken.js:16:28:16:36 | UserToken |
-| JsonWebToken.js:20:11:20:47 | UserToken |
-| JsonWebToken.js:20:23:20:47 | req.hea ... ization |
-| JsonWebToken.js:20:23:20:47 | req.hea ... ization |
-| JsonWebToken.js:23:28:23:36 | UserToken |
-| JsonWebToken.js:23:28:23:36 | UserToken |
-| JsonWebToken.js:24:28:24:36 | UserToken |
-| JsonWebToken.js:24:28:24:36 | UserToken |
-| JsonWebToken.js:28:11:28:47 | UserToken |
-| JsonWebToken.js:28:23:28:47 | req.hea ... ization |
-| JsonWebToken.js:28:23:28:47 | req.hea ... ization |
-| JsonWebToken.js:31:28:31:36 | UserToken |
-| JsonWebToken.js:31:28:31:36 | UserToken |
-| JsonWebToken.js:35:11:35:47 | UserToken |
-| JsonWebToken.js:35:23:35:47 | req.hea ... ization |
-| JsonWebToken.js:35:23:35:47 | req.hea ... ization |
-| JsonWebToken.js:38:28:38:36 | UserToken |
-| JsonWebToken.js:38:28:38:36 | UserToken |
-| JsonWebToken.js:39:28:39:36 | UserToken |
-| JsonWebToken.js:39:28:39:36 | UserToken |
-| JsonWebToken.js:43:11:43:47 | UserToken |
-| JsonWebToken.js:43:23:43:47 | req.hea ... ization |
-| JsonWebToken.js:43:23:43:47 | req.hea ... ization |
-| JsonWebToken.js:46:28:46:36 | UserToken |
-| JsonWebToken.js:46:28:46:36 | UserToken |
-| JsonWebToken.js:47:28:47:36 | UserToken |
-| JsonWebToken.js:47:28:47:36 | UserToken |
-edges
-| JsonWebToken.js:13:11:13:47 | UserToken | JsonWebToken.js:16:28:16:36 | UserToken |
-| JsonWebToken.js:13:11:13:47 | UserToken | JsonWebToken.js:16:28:16:36 | UserToken |
-| JsonWebToken.js:13:23:13:47 | req.hea ... ization | JsonWebToken.js:13:11:13:47 | UserToken |
-| JsonWebToken.js:13:23:13:47 | req.hea ... ization | JsonWebToken.js:13:11:13:47 | UserToken |
-| JsonWebToken.js:20:11:20:47 | UserToken | JsonWebToken.js:23:28:23:36 | UserToken |
-| JsonWebToken.js:20:11:20:47 | UserToken | JsonWebToken.js:23:28:23:36 | UserToken |
-| JsonWebToken.js:20:11:20:47 | UserToken | JsonWebToken.js:24:28:24:36 | UserToken |
-| JsonWebToken.js:20:11:20:47 | UserToken | JsonWebToken.js:24:28:24:36 | UserToken |
-| JsonWebToken.js:20:23:20:47 | req.hea ... ization | JsonWebToken.js:20:11:20:47 | UserToken |
-| JsonWebToken.js:20:23:20:47 | req.hea ... ization | JsonWebToken.js:20:11:20:47 | UserToken |
-| JsonWebToken.js:28:11:28:47 | UserToken | JsonWebToken.js:31:28:31:36 | UserToken |
-| JsonWebToken.js:28:11:28:47 | UserToken | JsonWebToken.js:31:28:31:36 | UserToken |
-| JsonWebToken.js:28:23:28:47 | req.hea ... ization | JsonWebToken.js:28:11:28:47 | UserToken |
-| JsonWebToken.js:28:23:28:47 | req.hea ... ization | JsonWebToken.js:28:11:28:47 | UserToken |
-| JsonWebToken.js:35:11:35:47 | UserToken | JsonWebToken.js:38:28:38:36 | UserToken |
-| JsonWebToken.js:35:11:35:47 | UserToken | JsonWebToken.js:38:28:38:36 | UserToken |
-| JsonWebToken.js:35:11:35:47 | UserToken | JsonWebToken.js:39:28:39:36 | UserToken |
-| JsonWebToken.js:35:11:35:47 | UserToken | JsonWebToken.js:39:28:39:36 | UserToken |
-| JsonWebToken.js:35:23:35:47 | req.hea ... ization | JsonWebToken.js:35:11:35:47 | UserToken |
-| JsonWebToken.js:35:23:35:47 | req.hea ... ization | JsonWebToken.js:35:11:35:47 | UserToken |
-| JsonWebToken.js:43:11:43:47 | UserToken | JsonWebToken.js:46:28:46:36 | UserToken |
-| JsonWebToken.js:43:11:43:47 | UserToken | JsonWebToken.js:46:28:46:36 | UserToken |
-| JsonWebToken.js:43:11:43:47 | UserToken | JsonWebToken.js:47:28:47:36 | UserToken |
-| JsonWebToken.js:43:11:43:47 | UserToken | JsonWebToken.js:47:28:47:36 | UserToken |
-| JsonWebToken.js:43:23:43:47 | req.hea ... ization | JsonWebToken.js:43:11:43:47 | UserToken |
-| JsonWebToken.js:43:23:43:47 | req.hea ... ization | JsonWebToken.js:43:11:43:47 | UserToken |
-#select
-| JsonWebToken.js:13:23:13:47 | req.hea ... ization | JsonWebToken.js:13:23:13:47 | req.hea ... ization | JsonWebToken.js:16:28:16:36 | UserToken | Decoding JWT $@. | JsonWebToken.js:16:28:16:36 | UserToken | without signature verification |
-| JsonWebToken.js:20:23:20:47 | req.hea ... ization | JsonWebToken.js:20:23:20:47 | req.hea ... ization | JsonWebToken.js:23:28:23:36 | UserToken | Decoding JWT $@. | JsonWebToken.js:23:28:23:36 | UserToken | without signature verification |
-| JsonWebToken.js:20:23:20:47 | req.hea ... ization | JsonWebToken.js:20:23:20:47 | req.hea ... ization | JsonWebToken.js:24:28:24:36 | UserToken | Decoding JWT $@. | JsonWebToken.js:24:28:24:36 | UserToken | without signature verification |

javascript/ql/test/query-tests/Security/CWE-347-noVerification/JsonWebToken.js

@@ -1,52 +0,0 @@
-const express = require('express')
-const app = express()
-const jwtJsonwebtoken = require('jsonwebtoken');
-const jwt_decode = require('jwt-decode');
-const jwt_simple = require('jwt-simple');
-const jose = require('jose')
-const port = 3000
-
-function getSecret() {
-    return "A Safe generated random key"
-}
-app.get('/jwtJsonwebtoken1', (req, res) => {
-    const UserToken = req.headers.authorization;
-
-    // BAD: no signature verification
-    jwtJsonwebtoken.decode(UserToken)
-})
-
-app.get('/jwtJsonwebtoken2', (req, res) => {
-    const UserToken = req.headers.authorization;
-
-    // BAD: no signature verification
-    jwtJsonwebtoken.decode(UserToken)
-    jwtJsonwebtoken.verify(UserToken, getSecret(), { algorithms: ["HS256", "none"] })
-})
-
-app.get('/jwtJsonwebtoken3', (req, res) => {
-    const UserToken = req.headers.authorization;
-
-    // GOOD: with signature verification
-    jwtJsonwebtoken.verify(UserToken, getSecret())
-})
-
-app.get('/jwtJsonwebtoken4', (req, res) => {
-    const UserToken = req.headers.authorization;
-
-    // GOOD: first without signature verification then with signature verification for same UserToken
-    jwtJsonwebtoken.decode(UserToken)
-    jwtJsonwebtoken.verify(UserToken, getSecret())
-})
-
-app.get('/jwtJsonwebtoken5', (req, res) => {
-    const UserToken = req.headers.authorization;
-
-    // GOOD: first without signature verification then with signature verification for same UserToken
-    jwtJsonwebtoken.decode(UserToken)
-    jwtJsonwebtoken.verify(UserToken, getSecret(), { algorithms: ["HS256"] })
-})
-
-app.listen(port, () => {
-    console.log(`Example app listening on port ${port}`)
-})

javascript/ql/test/query-tests/Security/CWE-347-noVerification/JsonWebToken.qlref

@@ -1 +0,0 @@
-Security/CWE-347-noVerification/JsonWebToken.ql

javascript/ql/test/query-tests/Security/CWE-347-noVerification/JsonWebTokenNotWorking.expected

@@ -1,60 +0,0 @@
-nodes
-| JsonWebToken.js:13:11:13:47 | UserToken |
-| JsonWebToken.js:13:23:13:47 | req.hea ... ization |
-| JsonWebToken.js:13:23:13:47 | req.hea ... ization |
-| JsonWebToken.js:16:28:16:36 | UserToken |
-| JsonWebToken.js:16:28:16:36 | UserToken |
-| JsonWebToken.js:20:11:20:47 | UserToken |
-| JsonWebToken.js:20:23:20:47 | req.hea ... ization |
-| JsonWebToken.js:20:23:20:47 | req.hea ... ization |
-| JsonWebToken.js:23:28:23:36 | UserToken |
-| JsonWebToken.js:23:28:23:36 | UserToken |
-| JsonWebToken.js:24:28:24:36 | UserToken |
-| JsonWebToken.js:24:28:24:36 | UserToken |
-| JsonWebToken.js:28:11:28:47 | UserToken |
-| JsonWebToken.js:28:23:28:47 | req.hea ... ization |
-| JsonWebToken.js:28:23:28:47 | req.hea ... ization |
-| JsonWebToken.js:31:28:31:36 | UserToken |
-| JsonWebToken.js:31:28:31:36 | UserToken |
-| JsonWebToken.js:35:11:35:47 | UserToken |
-| JsonWebToken.js:35:23:35:47 | req.hea ... ization |
-| JsonWebToken.js:35:23:35:47 | req.hea ... ization |
-| JsonWebToken.js:38:28:38:36 | UserToken |
-| JsonWebToken.js:38:28:38:36 | UserToken |
-| JsonWebToken.js:39:28:39:36 | UserToken |
-| JsonWebToken.js:39:28:39:36 | UserToken |
-| JsonWebToken.js:43:11:43:47 | UserToken |
-| JsonWebToken.js:43:23:43:47 | req.hea ... ization |
-| JsonWebToken.js:43:23:43:47 | req.hea ... ization |
-| JsonWebToken.js:46:28:46:36 | UserToken |
-| JsonWebToken.js:46:28:46:36 | UserToken |
-| JsonWebToken.js:47:28:47:36 | UserToken |
-| JsonWebToken.js:47:28:47:36 | UserToken |
-edges
-| JsonWebToken.js:13:11:13:47 | UserToken | JsonWebToken.js:16:28:16:36 | UserToken |
-| JsonWebToken.js:13:11:13:47 | UserToken | JsonWebToken.js:16:28:16:36 | UserToken |
-| JsonWebToken.js:13:23:13:47 | req.hea ... ization | JsonWebToken.js:13:11:13:47 | UserToken |
-| JsonWebToken.js:13:23:13:47 | req.hea ... ization | JsonWebToken.js:13:11:13:47 | UserToken |
-| JsonWebToken.js:20:11:20:47 | UserToken | JsonWebToken.js:23:28:23:36 | UserToken |
-| JsonWebToken.js:20:11:20:47 | UserToken | JsonWebToken.js:23:28:23:36 | UserToken |
-| JsonWebToken.js:20:11:20:47 | UserToken | JsonWebToken.js:24:28:24:36 | UserToken |
-| JsonWebToken.js:20:11:20:47 | UserToken | JsonWebToken.js:24:28:24:36 | UserToken |
-| JsonWebToken.js:20:23:20:47 | req.hea ... ization | JsonWebToken.js:20:11:20:47 | UserToken |
-| JsonWebToken.js:20:23:20:47 | req.hea ... ization | JsonWebToken.js:20:11:20:47 | UserToken |
-| JsonWebToken.js:28:11:28:47 | UserToken | JsonWebToken.js:31:28:31:36 | UserToken |
-| JsonWebToken.js:28:11:28:47 | UserToken | JsonWebToken.js:31:28:31:36 | UserToken |
-| JsonWebToken.js:28:23:28:47 | req.hea ... ization | JsonWebToken.js:28:11:28:47 | UserToken |
-| JsonWebToken.js:28:23:28:47 | req.hea ... ization | JsonWebToken.js:28:11:28:47 | UserToken |
-| JsonWebToken.js:35:11:35:47 | UserToken | JsonWebToken.js:38:28:38:36 | UserToken |
-| JsonWebToken.js:35:11:35:47 | UserToken | JsonWebToken.js:38:28:38:36 | UserToken |
-| JsonWebToken.js:35:11:35:47 | UserToken | JsonWebToken.js:39:28:39:36 | UserToken |
-| JsonWebToken.js:35:11:35:47 | UserToken | JsonWebToken.js:39:28:39:36 | UserToken |
-| JsonWebToken.js:35:23:35:47 | req.hea ... ization | JsonWebToken.js:35:11:35:47 | UserToken |
-| JsonWebToken.js:35:23:35:47 | req.hea ... ization | JsonWebToken.js:35:11:35:47 | UserToken |
-| JsonWebToken.js:43:11:43:47 | UserToken | JsonWebToken.js:46:28:46:36 | UserToken |
-| JsonWebToken.js:43:11:43:47 | UserToken | JsonWebToken.js:46:28:46:36 | UserToken |
-| JsonWebToken.js:43:11:43:47 | UserToken | JsonWebToken.js:47:28:47:36 | UserToken |
-| JsonWebToken.js:43:11:43:47 | UserToken | JsonWebToken.js:47:28:47:36 | UserToken |
-| JsonWebToken.js:43:23:43:47 | req.hea ... ization | JsonWebToken.js:43:11:43:47 | UserToken |
-| JsonWebToken.js:43:23:43:47 | req.hea ... ization | JsonWebToken.js:43:11:43:47 | UserToken |
-#select

javascript/ql/test/query-tests/Security/CWE-347-noVerification/JsonWebTokenNotWorking.qlref

@@ -1 +0,0 @@
-Security/CWE-347-noVerification/JsonWebTokenNotWorking.ql

javascript/ql/test/query-tests/Security/CWE-347-noVerification/jose.expected

@@ -1,35 +0,0 @@
-nodes
-| jose.js:14:11:14:47 | UserToken |
-| jose.js:14:23:14:47 | req.hea ... ization |
-| jose.js:14:23:14:47 | req.hea ... ization |
-| jose.js:16:20:16:28 | UserToken |
-| jose.js:16:20:16:28 | UserToken |
-| jose.js:21:11:21:47 | UserToken |
-| jose.js:21:23:21:47 | req.hea ... ization |
-| jose.js:21:23:21:47 | req.hea ... ization |
-| jose.js:23:26:23:34 | UserToken |
-| jose.js:23:26:23:34 | UserToken |
-| jose.js:27:11:27:47 | UserToken |
-| jose.js:27:23:27:47 | req.hea ... ization |
-| jose.js:27:23:27:47 | req.hea ... ization |
-| jose.js:29:20:29:28 | UserToken |
-| jose.js:29:20:29:28 | UserToken |
-| jose.js:30:26:30:34 | UserToken |
-| jose.js:30:26:30:34 | UserToken |
-edges
-| jose.js:14:11:14:47 | UserToken | jose.js:16:20:16:28 | UserToken |
-| jose.js:14:11:14:47 | UserToken | jose.js:16:20:16:28 | UserToken |
-| jose.js:14:23:14:47 | req.hea ... ization | jose.js:14:11:14:47 | UserToken |
-| jose.js:14:23:14:47 | req.hea ... ization | jose.js:14:11:14:47 | UserToken |
-| jose.js:21:11:21:47 | UserToken | jose.js:23:26:23:34 | UserToken |
-| jose.js:21:11:21:47 | UserToken | jose.js:23:26:23:34 | UserToken |
-| jose.js:21:23:21:47 | req.hea ... ization | jose.js:21:11:21:47 | UserToken |
-| jose.js:21:23:21:47 | req.hea ... ization | jose.js:21:11:21:47 | UserToken |
-| jose.js:27:11:27:47 | UserToken | jose.js:29:20:29:28 | UserToken |
-| jose.js:27:11:27:47 | UserToken | jose.js:29:20:29:28 | UserToken |
-| jose.js:27:11:27:47 | UserToken | jose.js:30:26:30:34 | UserToken |
-| jose.js:27:11:27:47 | UserToken | jose.js:30:26:30:34 | UserToken |
-| jose.js:27:23:27:47 | req.hea ... ization | jose.js:27:11:27:47 | UserToken |
-| jose.js:27:23:27:47 | req.hea ... ization | jose.js:27:11:27:47 | UserToken |
-#select
-| jose.js:14:23:14:47 | req.hea ... ization | jose.js:14:23:14:47 | req.hea ... ization | jose.js:16:20:16:28 | UserToken | Decoding JWT $@. | jose.js:16:20:16:28 | UserToken | without signature verification |

javascript/ql/test/query-tests/Security/CWE-347-noVerification/jose.js

@@ -1,35 +0,0 @@
-const express = require('express')
-const app = express()
-const jwtJsonwebtoken = require('jsonwebtoken');
-const jwt_decode = require('jwt-decode');
-const jwt_simple = require('jwt-simple');
-const jose = require('jose')
-const port = 3000
-
-function getSecret() {
-    return "A Safe generated random key"
-}
-
-app.get('/jose1', (req, res) => {
-    const UserToken = req.headers.authorization;
-    // BAD: no signature verification
-    jose.decodeJwt(UserToken)
-})
-
-
-app.get('/jose2', async (req, res) => {
-    const UserToken = req.headers.authorization;
-    // GOOD: with signature verification
-    await jose.jwtVerify(UserToken, new TextEncoder().encode(getSecret()))
-})
-
-app.get('/jose3', async (req, res) => {
-    const UserToken = req.headers.authorization;
-    // GOOD: first without signature verification then with signature verification for same UserToken
-    jose.decodeJwt(UserToken)
-    await jose.jwtVerify(UserToken, new TextEncoder().encode(getSecret()))
-})
-
-app.listen(port, () => {
-    console.log(`Example app listening on port ${port}`)
-})

javascript/ql/test/query-tests/Security/CWE-347-noVerification/jose.qlref

@@ -1 +0,0 @@
-Security/CWE-347-noVerification/jose.ql

javascript/ql/test/query-tests/Security/CWE-347-noVerification/jwtDecode.expected

@@ -1,13 +0,0 @@
-nodes
-| jwtDecode.js:14:11:14:47 | UserToken |
-| jwtDecode.js:14:23:14:47 | req.hea ... ization |
-| jwtDecode.js:14:23:14:47 | req.hea ... ization |
-| jwtDecode.js:18:16:18:24 | UserToken |
-| jwtDecode.js:18:16:18:24 | UserToken |
-edges
-| jwtDecode.js:14:11:14:47 | UserToken | jwtDecode.js:18:16:18:24 | UserToken |
-| jwtDecode.js:14:11:14:47 | UserToken | jwtDecode.js:18:16:18:24 | UserToken |
-| jwtDecode.js:14:23:14:47 | req.hea ... ization | jwtDecode.js:14:11:14:47 | UserToken |
-| jwtDecode.js:14:23:14:47 | req.hea ... ization | jwtDecode.js:14:11:14:47 | UserToken |
-#select
-| jwtDecode.js:14:23:14:47 | req.hea ... ization | jwtDecode.js:14:23:14:47 | req.hea ... ization | jwtDecode.js:18:16:18:24 | UserToken | Decoding JWT $@. | jwtDecode.js:18:16:18:24 | UserToken | without signature verification |

javascript/ql/test/query-tests/Security/CWE-347-noVerification/jwtDecode.js

@@ -1,23 +0,0 @@
-const express = require('express')
-const app = express()
-const jwtJsonwebtoken = require('jsonwebtoken');
-const jwt_decode = require('jwt-decode');
-const jwt_simple = require('jwt-simple');
-const jose = require('jose')
-const port = 3000
-
-function getSecret() {
-    return "A Safe generated random key"
-}
-
-app.get('/jwtDecode', (req, res) => {
-    const UserToken = req.headers.authorization;
-
-    // jwt-decode
-    // BAD: no signature verification
-    jwt_decode(UserToken)
-})
-
-app.listen(port, () => {
-    console.log(`Example app listening on port ${port}`)
-})

javascript/ql/test/query-tests/Security/CWE-347-noVerification/jwtDecode.qlref

@@ -1 +0,0 @@
-Security/CWE-347-noVerification/jwtDecode.ql

javascript/ql/test/query-tests/Security/CWE-347-noVerification/jwtSimple.expected

@@ -1,39 +0,0 @@
-nodes
-| jwtSimple.js:13:11:13:47 | UserToken |
-| jwtSimple.js:13:23:13:47 | req.hea ... ization |
-| jwtSimple.js:13:23:13:47 | req.hea ... ization |
-| jwtSimple.js:18:23:18:31 | UserToken |
-| jwtSimple.js:18:23:18:31 | UserToken |
-| jwtSimple.js:22:11:22:47 | UserToken |
-| jwtSimple.js:22:23:22:47 | req.hea ... ization |
-| jwtSimple.js:22:23:22:47 | req.hea ... ization |
-| jwtSimple.js:27:23:27:31 | UserToken |
-| jwtSimple.js:27:23:27:31 | UserToken |
-| jwtSimple.js:28:23:28:31 | UserToken |
-| jwtSimple.js:28:23:28:31 | UserToken |
-| jwtSimple.js:32:11:32:47 | UserToken |
-| jwtSimple.js:32:23:32:47 | req.hea ... ization |
-| jwtSimple.js:32:23:32:47 | req.hea ... ization |
-| jwtSimple.js:37:23:37:31 | UserToken |
-| jwtSimple.js:37:23:37:31 | UserToken |
-| jwtSimple.js:38:23:38:31 | UserToken |
-| jwtSimple.js:38:23:38:31 | UserToken |
-edges
-| jwtSimple.js:13:11:13:47 | UserToken | jwtSimple.js:18:23:18:31 | UserToken |
-| jwtSimple.js:13:11:13:47 | UserToken | jwtSimple.js:18:23:18:31 | UserToken |
-| jwtSimple.js:13:23:13:47 | req.hea ... ization | jwtSimple.js:13:11:13:47 | UserToken |
-| jwtSimple.js:13:23:13:47 | req.hea ... ization | jwtSimple.js:13:11:13:47 | UserToken |
-| jwtSimple.js:22:11:22:47 | UserToken | jwtSimple.js:27:23:27:31 | UserToken |
-| jwtSimple.js:22:11:22:47 | UserToken | jwtSimple.js:27:23:27:31 | UserToken |
-| jwtSimple.js:22:11:22:47 | UserToken | jwtSimple.js:28:23:28:31 | UserToken |
-| jwtSimple.js:22:11:22:47 | UserToken | jwtSimple.js:28:23:28:31 | UserToken |
-| jwtSimple.js:22:23:22:47 | req.hea ... ization | jwtSimple.js:22:11:22:47 | UserToken |
-| jwtSimple.js:22:23:22:47 | req.hea ... ization | jwtSimple.js:22:11:22:47 | UserToken |
-| jwtSimple.js:32:11:32:47 | UserToken | jwtSimple.js:37:23:37:31 | UserToken |
-| jwtSimple.js:32:11:32:47 | UserToken | jwtSimple.js:37:23:37:31 | UserToken |
-| jwtSimple.js:32:11:32:47 | UserToken | jwtSimple.js:38:23:38:31 | UserToken |
-| jwtSimple.js:32:11:32:47 | UserToken | jwtSimple.js:38:23:38:31 | UserToken |
-| jwtSimple.js:32:23:32:47 | req.hea ... ization | jwtSimple.js:32:11:32:47 | UserToken |
-| jwtSimple.js:32:23:32:47 | req.hea ... ization | jwtSimple.js:32:11:32:47 | UserToken |
-#select
-| jwtSimple.js:13:23:13:47 | req.hea ... ization | jwtSimple.js:13:23:13:47 | req.hea ... ization | jwtSimple.js:18:23:18:31 | UserToken | Decoding JWT $@. | jwtSimple.js:18:23:18:31 | UserToken | without signature verification |

javascript/ql/test/query-tests/Security/CWE-347-noVerification/jwtSimple.js

@@ -1,43 +0,0 @@
-const express = require('express')
-const app = express()
-const jwtJsonwebtoken = require('jsonwebtoken');
-const jwt_decode = require('jwt-decode');
-const jwt_simple = require('jwt-simple');
-const jose = require('jose')
-const port = 3000
-
-function getSecret() {
-    return "A Safe generated random key"
-}
-app.get('/jwtSimple1', (req, res) => {
-    const UserToken = req.headers.authorization;
-
-    // jwt-simple
-    // jwt.decode(token, key, noVerify, algorithm)
-    // BAD: no signature verification
-    jwt_simple.decode(UserToken, getSecret(), true);
-})
-
-app.get('/jwtSimple2', (req, res) => {
-    const UserToken = req.headers.authorization;
-
-    // jwt-simple
-    // jwt.decode(token, key, noVerify, algorithm)
-    // GOOD: with signature verification
-    jwt_simple.decode(UserToken, getSecret(), false);
-    jwt_simple.decode(UserToken, getSecret());
-})
-
-app.get('/jwtSimple3', (req, res) => {
-    const UserToken = req.headers.authorization;
-
-    // jwt-simple
-    // jwt.decode(token, key, noVerify, algorithm)
-    // GOOD: first without signature verification then with signature verification for same UserToken
-    jwt_simple.decode(UserToken, getSecret(), true);
-    jwt_simple.decode(UserToken, getSecret());
-})
-
-app.listen(port, () => {
-    console.log(`Example app listening on port ${port}`)
-})

javascript/ql/test/query-tests/Security/CWE-347-noVerification/jwtSimple.qlref

@@ -1 +0,0 @@
-Security/CWE-347-noVerification/jwtSimple.ql