hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-16 16:53:25 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
d972af9ef86fdfe3c434e814fa6d1204f4042a30
codeql/go/ql/lib/semmle/go/security/MissingJwtSignatureCheck.qll
Anders Schack-Mulligen dc6d3fe7ba Use flowFrom.
2025-12-03 14:04:18 +01:00

45 lines
1.6 KiB
Plaintext
Raw Blame History

/**
* Provides a taint tracking flow for reasoning about JWT vulnerabilities.
*
* Note: for performance reasons, only import this file if `MissingJwtSignatureCheck::Config` or `MissingJwtSignatureCheck::Flow` are needed,
* otherwise `MissingJwtSignatureCheckCustomizations` should be imported instead.
*/
import go
/** Provides a taint-tracking flow for reasoning about JWT vulnerabilities. */
module MissingJwtSignatureCheck {
import MissingJwtSignatureCheckCustomizations::MissingJwtSignatureCheck
/** Config for reasoning about JWT vulnerabilities. */
module Config implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) {
source instanceof Source and
not SafeParse::flowFrom(source)
}
predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(AdditionalFlowStep s).step(nodeFrom, nodeTo)
}
predicate observeDiffInformedIncrementalMode() { any() }
}
/** Tracks taint flow for reasoning about JWT vulnerabilities. */
module Flow = TaintTracking::Global<Config>;
private module SafeParseConfig implements DataFlow::ConfigSig {
predicate isSource(DataFlow::Node source) { source instanceof Source }
predicate isSink(DataFlow::Node sink) { sink = any(JwtSafeParse jwtParse).getTokenArg() }
predicate isAdditionalFlowStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
any(AdditionalFlowStep s).step(nodeFrom, nodeTo)
}
}
private module SafeParse = TaintTracking::Global<SafeParseConfig>;
}
Reference in New Issue View Git Blame Copy Permalink