hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
30ff68dc715f5b13b04f0561245ede080d2beb36
codeql/ruby/ql/test/query-tests/experimental/cwe-347/MissingJWTVerification.rb
Maiky 17565cde75 Add JWT Security Queries
2023-08-25 21:28:53 +02:00

24 lines
657 B
Ruby
Raw Blame History

require 'jwt'
payload = { foo: 'bar' }
# Unsecure token
token_without_signature = JWT.encode(payload, nil, 'none')
# Secure token
token = JWT.encode(payload, "secret", 'HS256')
# BAD: it does not verify
decoded_token1 = JWT.decode(token_without_signature, nil, false, algorithm: 'HS256')
# BAD: it's using none
decoded_token3 = JWT.decode(token_without_signature, secret, true, algorithm: 'none')
# BAD: it's using none
decoded_token4 = JWT.decode(token_without_signature, secret, true, { algorithm: 'none' })
# GOOD: it does verify
decoded_token5 = JWT.decode(token, secret, 'HS256')
# GOOD: it does verify
decoded_token2 = JWT.decode(token,secret)
Reference in New Issue View Git Blame Copy Permalink