CodeQL library for Java
codeql/java-all 0.3.2 (changelog, source)
Search

Module JWT

Provides classes for working with JSON Web Token (JWT) libraries.

Import path

import semmle.code.java.security.JWT

Imports

java

Provides all default Java QL imports.

Classes

JwtParserWithInsecureParseAdditionalFlowStep

A unit class for adding additional flow steps.

JwtParserWithInsecureParseSink

The qualifier of an insecure parsing method. That is, either the qualifier of a call to the parse(token), parseClaimsJwt(token) or parsePlaintextJwt(token) methods or the qualifier of a call to a parse(token, handler) method where the handler is considered insecure.

JwtParserWithInsecureParseSource

A method access that assigns signing keys to a JWT parser.