Skip to content

Commit 5c10d42

Browse files
committed
More test cases for io.jsonwebtoken.SigningKeyResolverAdapter
1 parent a4fa1ec commit 5c10d42

File tree

1 file changed

+17
-0
lines changed

1 file changed

+17
-0
lines changed

java/ql/test/library-tests/dataflow/taintsources/JwsSigningKeyResolverAdapter.java

Lines changed: 17 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,5 @@
1+
import java.security.Key;
2+
13
import io.jsonwebtoken.Claims;
24
import io.jsonwebtoken.JwsHeader;
35
import io.jsonwebtoken.SigningKeyResolverAdapter;
@@ -6,12 +8,27 @@ public class JwsSigningKeyResolverAdapter extends SigningKeyResolverAdapter {
68
private void sink(Object o) {
79
}
810

11+
@Override
12+
public Key resolveSigningKey(JwsHeader header, Claims claims) {
13+
final String keyId = header.getKeyId();
14+
String example = "example:" + keyId;
15+
sink(example); // $ hasRemoteTaintFlow
16+
return null;
17+
}
18+
919
@Override
1020
public byte[] resolveSigningKeyBytes(JwsHeader header, Claims claims) {
1121
final String keyId = header.getKeyId();
1222
String example = "example:" + keyId;
23+
1324
sink(example); // $ hasRemoteTaintFlow
1425

26+
final String algorithm = header.getAlgorithm();
27+
sink("algo:" + algorithm); // $ hasRemoteTaintFlow
28+
29+
final String random = (String)header.get("random");
30+
sink("random:" + random) ; // $ hasRemoteTaintFlow
31+
1532
return new byte[0];
1633
}
1734
}

0 commit comments

Comments
 (0)