CodeQL library for Java
codeql/java-all 0.4.4 (changelog, source)
Search

Module MissingJWTSignatureCheckQuery

Provides classes to be used in queries related to JSON Web Token (JWT) signature vulnerabilities.

Import path

import semmle.code.java.security.MissingJWTSignatureCheckQuery

Imports

DataFlow

Provides classes for performing local (intra-procedural) and global (inter-procedural) data flow analyses.

JWT

Provides classes for working with JSON Web Token (JWT) libraries.

java

Provides all default Java QL imports.

Classes

MissingJwtSignatureCheckConf

Models flow from signing keys assignments to qualifiers of JWT insecure parsers. This is used to determine whether a JwtParser performing unsafe parsing has a signing key set.