Models flow from signing keys assignments to qualifiers of JWT insecure parsers.
This is used to determine whether a JwtParser
performing unsafe parsing has a signing key set.
Import path
import semmle.code.java.security.MissingJWTSignatureCheckQuery
Predicates
isAdditionalFlowStep | Holds if data may flow from |
isSink | Holds if |
isSource | Holds if |