File tree Expand file tree Collapse file tree 1 file changed +17
-0
lines changed
java/ql/test/library-tests/dataflow/taintsources Expand file tree Collapse file tree 1 file changed +17
-0
lines changed Original file line number Diff line number Diff line change
1
+ import java .security .Key ;
2
+
1
3
import io .jsonwebtoken .Claims ;
2
4
import io .jsonwebtoken .JwsHeader ;
3
5
import io .jsonwebtoken .SigningKeyResolverAdapter ;
@@ -6,12 +8,27 @@ public class JwsSigningKeyResolverAdapter extends SigningKeyResolverAdapter {
6
8
private void sink (Object o ) {
7
9
}
8
10
11
+ @ Override
12
+ public Key resolveSigningKey (JwsHeader header , Claims claims ) {
13
+ final String keyId = header .getKeyId ();
14
+ String example = "example:" + keyId ;
15
+ sink (example ); // $ hasRemoteTaintFlow
16
+ return null ;
17
+ }
18
+
9
19
@ Override
10
20
public byte [] resolveSigningKeyBytes (JwsHeader header , Claims claims ) {
11
21
final String keyId = header .getKeyId ();
12
22
String example = "example:" + keyId ;
23
+
13
24
sink (example ); // $ hasRemoteTaintFlow
14
25
26
+ final String algorithm = header .getAlgorithm ();
27
+ sink ("algo:" + algorithm ); // $ hasRemoteTaintFlow
28
+
29
+ final String random = (String )header .get ("random" );
30
+ sink ("random:" + random ) ; // $ hasRemoteTaintFlow
31
+
15
32
return new byte [0 ];
16
33
}
17
34
}
You can’t perform that action at this time.
0 commit comments