Merge branch 'amammad-java-JWT' of https://github.com/am0o0/codeql into amammad-java-JWT

Author: am0o0

java/ql/src/experimental/Security/CWE/CWE-347/Auth0NoVerifier.qhelp

@@ -2,33 +2,30 @@
 <qhelp>
      <overview>
           <p>
-               A JSON Web Token (JWT) is used for authenticating and managing users in an application.
-          </p>
-          <p>
-               Only Decoding JWTs without checking if they have a valid signature or not can lead to security vulnerabilities.
+               A JSON Web Token (JWT) is used for authenticating and managing users in an application. It must be verified in order to ensure the JWT is genuine.
           </p>
 
      </overview>
      <recommendation>
 
           <p>
-               Don't use methods that only decode JWT, Instead use methods that verify the signature of JWT.
+               Don't use information from a JWT without verifying that JWT.
           </p>
 
      </recommendation>
      <example>
 
           <p>
-               The following code you can see an Example from a popular Library.
+               The following example illustrates secure and insecure use of the Auth0 `java-jwt` library.
           </p>
 
           <sample src="Example.java" />
 
      </example>
      <references>
           <li>
-               <a href="CVE-2021-37580">The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication.</a>
+               <a href="https://nvd.nist.gov/vuln/detail/CVE-2021-37580">The incorrect use of JWT in ShenyuAdminBootstrap allows an attacker to bypass authentication.</a>
           </li>
      </references>
 
-</qhelp>
+</qhelp>