Compare commits
1 Commits
master
...
sonarjava-
| Author | SHA1 | Date | |
|---|---|---|---|
|
11918dbf3c |
@ -50,6 +50,7 @@
|
||||
* Spring Data Redis
|
||||
* SQLCipher
|
||||
* Thymeleaf
|
||||
* Nimbus
|
||||
// JS
|
||||
* Flow.js
|
||||
* Node.js
|
||||
|
||||
63
rules/S5659/java/how-to-fix-it/nimbus.adoc
Normal file
63
rules/S5659/java/how-to-fix-it/nimbus.adoc
Normal file
@ -0,0 +1,63 @@
|
||||
== How to fix it in Nimbus
|
||||
|
||||
=== Code examples
|
||||
|
||||
include::../../common/fix/code-rationale.adoc[]
|
||||
|
||||
==== Noncompliant code example
|
||||
|
||||
[source,java,diff-id=21,diff-type=noncompliant]
|
||||
----
|
||||
import com.nimbusds.jwt.PlainJWT;
|
||||
|
||||
public void encode(JWTClaimsSet claimsSet) {
|
||||
PlainJWT jwt = new PlainJWT(claimsSet); // Noncompliant
|
||||
}
|
||||
----
|
||||
|
||||
[source,java,diff-id=22,diff-type=noncompliant]
|
||||
----
|
||||
import com.nimbusds.jwt.PlainJWT;
|
||||
|
||||
public void decode(String jwtString) {
|
||||
PlainJWT jwt = PlainJWT.parse(jwtString); // Noncompliant
|
||||
}
|
||||
----
|
||||
|
||||
==== Compliant solution
|
||||
|
||||
[source,java,diff-id=21,diff-type=compliant]
|
||||
----
|
||||
import com.nimbusds.jwt.SignedJWT;
|
||||
|
||||
public void encode(JWTClaimsSet claimsSet) {
|
||||
SignedJWT jwt = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), claimsSet);
|
||||
jwt.sign(new MACSigner(sharedSecret));
|
||||
}
|
||||
----
|
||||
|
||||
[source,java,diff-id=22,diff-type=compliant]
|
||||
----
|
||||
import com.nimbusds.jwt.SignedJWT;
|
||||
|
||||
public void decode(String jwtString) {
|
||||
SignedJWT jwt = SignedJWT.parse(jwtString);
|
||||
|
||||
if (!jwt.verify(new MACVerifier(sharedSecret))) {
|
||||
throw new JOSEException("JWT signature does not match");
|
||||
}
|
||||
}
|
||||
----
|
||||
|
||||
=== How does this work?
|
||||
|
||||
include::../../common/fix/encode.adoc[]
|
||||
|
||||
include::../../common/fix/decode.adoc[]
|
||||
|
||||
=== Going the extra mile
|
||||
|
||||
include::../../common/extra-mile/key-storage.adoc[]
|
||||
|
||||
include::../../common/extra-mile/key-rotation.adoc[]
|
||||
|
||||
@ -12,6 +12,8 @@ include::how-to-fix-it/jjwt.adoc[]
|
||||
|
||||
include::how-to-fix-it/java-jwt.adoc[]
|
||||
|
||||
include::how-to-fix-it/nimbus.adoc[]
|
||||
|
||||
== Resources
|
||||
|
||||
include::../common/resources/standards.adoc[]
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user