File tree Expand file tree Collapse file tree
Expand file tree Collapse file tree Original file line number Diff line number Diff line change 11/**
22 * @name Missing JWT signature check
3- * @description Failing to check the JWT signature may allow an attacker to forge their own tokens.
3+ * @description Failing to check the Json Web Token ( JWT) signature may allow an attacker to forge their own tokens.
44 * @kind path-problem
55 * @problem.severity error
66 * @security-severity 7.8
Original file line number Diff line number Diff line change @@ -97,7 +97,6 @@ private module Frameworks {
9797 private import semmle.code.java.security.ResponseSplitting
9898 private import semmle.code.java.security.InformationLeak
9999 private import semmle.code.java.security.JexlInjectionSinkModels
100- private import semmle.code.java.security.JWT
101100 private import semmle.code.java.security.LdapInjection
102101 private import semmle.code.java.security.XPath
103102 private import semmle.code.java.frameworks.android.SQLite
Original file line number Diff line number Diff line change 1- /** Provides classes for working with JWT libraries. */
1+ /** Provides classes for working with JSON Web Token ( JWT) libraries. */
22
33import java
44private import semmle.code.java.dataflow.ExternalFlow
Original file line number Diff line number Diff line change 1- /** Provides classes to be used in queries related to JWT signature vulnerabilities. */
1+ /** Provides classes to be used in queries related to JSON Web Token ( JWT) signature vulnerabilities. */
22
33import java
44import semmle.code.java.dataflow.DataFlow
5- import semmle.code.java.dataflow.ExternalFlow
65import semmle.code.java.security.JWT
76
87/**
You can’t perform that action at this time.
0 commit comments