hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-23 07:45:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

move to CWE-347, update comments of tests

Browse Source
This commit is contained in:
amammad
2023-11-02 16:24:58 +01:00
parent 9da815a5c0
commit faa483a282
9 changed files with 134 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

0
javascript/ql/src/Security/CWE-321-noVerification/Example.js → javascript/ql/src/Security/CWE-347-noVerification/Example.js
View File

6
javascript/ql/src/Security/CWE-321-noVerification/JsonWebToken.ql → javascript/ql/src/Security/CWE-347-noVerification/JsonWebToken.ql
View File

@@ -3,11 +3,11 @@
* @description The application does not verify the JWT payload with a cryptographic secret or public key.
* @kind path-problem
* @problem.severity error
* @security-severity 9.0
* @security-severity 8.0
* @precision high
* @id js/jwt-missing-verification
* @id js/jwt-missing-verification-jsonwebtoken
* @tags security
* external/cwe/cwe-321
* external/cwe/cwe-347
*/
import javascript

6
javascript/ql/src/Security/CWE-321-noVerification/jose.ql → javascript/ql/src/Security/CWE-347-noVerification/jose.ql
View File

@@ -2,10 +2,10 @@
* @name JWT missing secret or public key verification
* @description The application does not verify the JWT payload with a cryptographic secret or public key.
* @kind problem
* @problem.severity warning
* @security-severity 7.0
* @problem.severity error
* @security-severity 8.0
* @precision high
* @id js/jwt-missing-verification
* @id js/jwt-missing-verification-jose
* @tags security
* external/cwe/cwe-347
*/

6
javascript/ql/src/Security/CWE-321-noVerification/jwtDecode.ql → javascript/ql/src/Security/CWE-347-noVerification/jwtDecode.ql
View File

@@ -2,10 +2,10 @@
* @name JWT missing secret or public key verification
* @description The application does not verify the JWT payload with a cryptographic secret or public key.
* @kind problem
* @problem.severity warning
* @security-severity 7.0
* @problem.severity error
* @security-severity 8.0
* @precision high
* @id js/jwt-missing-verification
* @id js/jwt-missing-verification-jwt-decode
* @tags security
* external/cwe/cwe-347
*/

0
javascript/ql/src/Security/CWE-321-noVerification/jwtNoVerification.qhelp → javascript/ql/src/Security/CWE-347-noVerification/jwtNoVerification.qhelp
View File

4
javascript/ql/src/Security/CWE-321-noVerification/jwtSimple.ql → javascript/ql/src/Security/CWE-347-noVerification/jwtSimple.ql
View File

@@ -2,8 +2,8 @@
* @name JWT missing secret or public key verification
* @description The application does not verify the JWT payload with a cryptographic secret or public key.
* @kind problem
* @problem.severity warning
* @security-severity 7.0
* @problem.severity error
* @security-severity 8.0
* @precision high
* @id js/jwt-missing-verification
* @tags security