Skip to content

Commit c262517

Browse files
d10cd10c
committed
JS: decodeJwtWithoutVerification
1 parent 1d35bb7 commit c262517

File tree

1 file changed

+1
-5
lines changed

1 file changed

+1
-5
lines changed

javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerification.ql

Lines changed: 1 addition & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -29,11 +29,7 @@ module VerifiedDecodeConfig implements DataFlow::ConfigSig {
2929
predicate isSink(DataFlow::Node sink) { sink = verifiedDecode() }
3030

3131
predicate observeDiffInformedIncrementalMode() {
32-
any() // TODO: Make sure that the location overrides match the query's select clause: Column 5 does not select a source or sink originating from the flow call on line 39 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerification.ql@40:60:40:73)
33-
}
34-
35-
Location getASelectedSinkLocation(DataFlow::Node sink) {
36-
none() // TODO: Make sure that this sink location matches the query's select clause: Column 5 does not select a source or sink originating from the flow call on line 39 (/Users/d10c/src/semmle-code/ql/javascript/ql/src/experimental/Security/CWE-347/decodeJwtWithoutVerification.ql@40:60:40:73)
32+
none() // used as secondary config
3733
}
3834
}
3935

0 commit comments

Comments
 (0)