CodeQL library for Java
codeql/java-all 0.6.2 ( changelog , source )
Search

Module JWT

Provides classes for working with JSON Web Token (JWT) libraries.

Import path

import semmle.code.java.security.JWT

Imports

java

Provides all default Java QL imports.

Classes

JwtParserWithInsecureParseAdditionalFlowStep

A unit class for adding additional flow steps.

JwtParserWithInsecureParseSink

The qualifier of an insecure parsing method. That is, either the qualifier of a call to the parse(token), parseClaimsJwt(token) or parsePlaintextJwt(token) methods or the qualifier of a call to a parse(token, handler) method where the handler is considered insecure.

JwtParserWithInsecureParseSource

A method access that assigns signing keys to a JWT parser.