hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-19 22:14:01 +02:00
Code Issues Packages Projects Releases Wiki Activity
Files
628f85aebcf23ee9a7a944c8ca8d00aefc00b8eb
codeql/javascript/ql/test/experimental/Security/CWE-347/localsource/jose.js

31 lines
725 B
JavaScript
Raw Blame History

const jose = require('jose')
function getSecret() {
return "A Safe generated random key"
}
function aJWT() {
return "A JWT provided by user"
}
(function () {
const UserToken = aJwt()
// no signature verification
jose.decodeJwt(UserToken) // NOT OK
})();
(async function () {
const UserToken = aJwt()
// first without signature verification then with signature verification for same UserToken
jose.decodeJwt(UserToken) // OK
await jose.jwtVerify(UserToken, new TextEncoder().encode(getSecret())) // OK
})();
(async function () {
const UserToken = aJwt()
// with signature verification
await jose.jwtVerify(UserToken, new TextEncoder().encode(getSecret())) // OK
})();
Reference in New Issue View Git Blame Copy Permalink