rspec/rules/S5659/csharp/rule.adoc

include::../description.adoc[]

== Noncompliant Code Example

https://github.com/jwt-dotnet/jwt[jwt-dotnet] library:
----
var decodedtoken1 = decoder.Decode(token, secret, verify: false); // Noncompliant: signature should be verified

var decodedtoken2 = new JwtBuilder()
   .WithSecret(secret)
   .Decode(forgedtoken1); // Noncompliant: signature should be verified
----

== Compliant Solution

https://github.com/jwt-dotnet/jwt[jwt-dotnet] library:
----
var decodedtoken1 = decoder.Decode(forgedtoken1, secret, verify: true); // Compliant

var decodedtoken2 = new JwtBuilder()
   .WithSecret(secret)
   .MustVerifySignature()
   .Decode(token); // Compliant
----

include::../see.adoc[]
Add rules 5000-5999 2020-06-30 12:50:28 +02:00			`include::../description.adoc[]`

			`== Noncompliant Code Example`

			`https://github.com/jwt-dotnet/jwt[jwt-dotnet] library:`
			`----`
			`var decodedtoken1 = decoder.Decode(token, secret, verify: false); // Noncompliant: signature should be verified`

			`var decodedtoken2 = new JwtBuilder()`
			`.WithSecret(secret)`
			`.Decode(forgedtoken1); // Noncompliant: signature should be verified`
			`----`

			`== Compliant Solution`

			`https://github.com/jwt-dotnet/jwt[jwt-dotnet] library:`
			`----`
			`var decodedtoken1 = decoder.Decode(forgedtoken1, secret, verify: true); // Compliant`

			`var decodedtoken2 = new JwtBuilder()`
			`.WithSecret(secret)`
			`.MustVerifySignature()`
			`.Decode(token); // Compliant`
			`----`

			`include::../see.adoc[]`