Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 34a55e7

Browse files
atorralbaatorralba
committed
Add missing subtype test
1 parent 347bd2e commit 34a55e7

2 files changed

Lines changed: 58 additions & 5 deletions

File tree

java/ql/test/query-tests/security/CWE-347/MissingJWTSignatureCheckTest.java

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -1,11 +1,11 @@
1-
import io.jsonwebtoken.Jwts;
2-
import io.jsonwebtoken.JwtParser;
3-
import io.jsonwebtoken.Jwt;
4-
import io.jsonwebtoken.Jws;
51
import io.jsonwebtoken.Header;
6-
import io.jsonwebtoken.JwtParserBuilder;
2+
import io.jsonwebtoken.Jws;
3+
import io.jsonwebtoken.Jwt;
74
import io.jsonwebtoken.JwtHandlerAdapter;
5+
import io.jsonwebtoken.JwtParser;
6+
import io.jsonwebtoken.Jwts;
87
import io.jsonwebtoken.impl.DefaultJwtParser;
8+
import io.jsonwebtoken.impl.DefaultJwtParserBuilder;
99

1010
public class MissingJWTSignatureCheckTest {
1111

@@ -110,6 +110,10 @@ private void badJwtOnParserBuilder(String token) {
110110
Jwts.parserBuilder().setSigningKey("someBase64EncodedKey").build().parse(token); // $hasMissingJwtSignatureCheck
111111
}
112112

113+
private void badJwtOnDefaultParserBuilder(String token) {
114+
new DefaultJwtParserBuilder().setSigningKey("someBase64EncodedKey").build().parse(token); // $hasMissingJwtSignatureCheck
115+
}
116+
113117
private void badJwtHandlerOnParser(String token) {
114118
Jwts.parser().setSigningKey("someBase64EncodedKey").parse(token, // $hasMissingJwtSignatureCheck
115119
new JwtHandlerAdapter<Jwt<Header, String>>() {

java/ql/test/stubs/jwtk-jjwt-0.11.2/io/jsonwebtoken/impl/DefaultJwtParserBuilder.java

Lines changed: 49 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
2+
/*
3+
* Copyright (C) 2019 jsonwebtoken.io
4+
*
5+
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except
6+
* in compliance with the License. You may obtain a copy of the License at
7+
*
8+
* http://www.apache.org/licenses/LICENSE-2.0
9+
*
10+
* Unless required by applicable law or agreed to in writing, software distributed under the License
11+
* is distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express
12+
* or implied. See the License for the specific language governing permissions and limitations under
13+
* the License.
14+
*/
15+
package io.jsonwebtoken.impl;
16+
17+
import java.security.Key;
18+
import io.jsonwebtoken.JwtParser;
19+
import io.jsonwebtoken.JwtParserBuilder;
20+
import io.jsonwebtoken.SigningKeyResolver;
21+
22+
23+
public class DefaultJwtParserBuilder implements JwtParserBuilder {
24+
25+
@Override
26+
public JwtParserBuilder setSigningKey(byte[] key) {
27+
return this;
28+
}
29+
30+
@Override
31+
public JwtParserBuilder setSigningKey(String base64EncodedSecretKey) {
32+
return this;
33+
}
34+
35+
@Override
36+
public JwtParserBuilder setSigningKey(Key key) {
37+
return this;
38+
}
39+
40+
@Override
41+
public JwtParserBuilder setSigningKeyResolver(SigningKeyResolver signingKeyResolver) {
42+
return this;
43+
}
44+
45+
@Override
46+
public JwtParser build() {
47+
return null;
48+
}
49+
}

0 commit comments

Comments
 (0)