2021-01-26 04:07:35 +00:00
|
|
|
include::../description.adoc[]
|
|
|
|
|
|
|
|
|
|
== Noncompliant Code Examples
|
|
|
|
|
|
|
|
|
|
For https://github.com/GehirnInc/python-jwt[jwt] module:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
jwt.decode(token, verify = False) # Noncompliant
|
|
|
|
|
----
|
|
|
|
|
|
2021-02-02 15:02:10 +01:00
|
|
|
|
2021-01-26 04:07:35 +00:00
|
|
|
----
|
|
|
|
|
try:
|
|
|
|
|
jwt.decode(token, key, algo) # Noncompliant; generic exception catch
|
|
|
|
|
except:
|
|
|
|
|
pass
|
|
|
|
|
----
|
|
|
|
|
|
2021-02-02 15:02:10 +01:00
|
|
|
|
2021-01-26 04:07:35 +00:00
|
|
|
For https://github.com/davedoesdev/python-jwt[python_jwt] module:
|
|
|
|
|
|
|
|
|
|
----
|
|
|
|
|
jwt.process_jwt(token) # Noncompliant
|
|
|
|
|
----
|
|
|
|
|
|
|
|
|
|
== Compliant Solution
|
|
|
|
|
|
|
|
|
|
For https://github.com/GehirnInc/python-jwt[jwt] module:
|
|
|
|
|
|
|
|
|
|
----
|
2021-01-28 15:53:33 +01:00
|
|
|
jwt.decode(token, key, algo)
|
2021-01-26 04:07:35 +00:00
|
|
|
----
|
|
|
|
|
|
2021-02-02 15:02:10 +01:00
|
|
|
|
2021-01-26 04:07:35 +00:00
|
|
|
----
|
|
|
|
|
try:
|
|
|
|
|
jwt.decode(token, key, algo)
|
2021-01-28 15:53:33 +01:00
|
|
|
except jwt.InvalidSignatureError:
|
2021-01-26 04:07:35 +00:00
|
|
|
pass
|
|
|
|
|
----
|
|
|
|
|
|
2021-02-02 15:02:10 +01:00
|
|
|
|
2021-01-26 04:07:35 +00:00
|
|
|
For https://github.com/davedoesdev/python-jwt[python_jwt] module:
|
|
|
|
|
|
|
|
|
|
----
|
2021-01-28 15:53:33 +01:00
|
|
|
jwt.process_jwt(token) # Compliant because followed by verify_jwt()
|
|
|
|
|
jwt.verify_jwt(token, key, algo)
|
2021-01-26 04:07:35 +00:00
|
|
|
----
|
|
|
|
|
|
|
|
|
|
include::../see.adoc[]
|
