ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5659/csharp/rule.adoc
Alban Auzeill 0329b1564c Add rules 5000-5999
2020-06-30 17:16:12 +02:00

27 lines
689 B
Plaintext
Raw Blame History

include::../description.adoc[]
== Noncompliant Code Example
https://github.com/jwt-dotnet/jwt[jwt-dotnet] library:
----
var decodedtoken1 = decoder.Decode(token, secret, verify: false); // Noncompliant: signature should be verified
var decodedtoken2 = new JwtBuilder()
.WithSecret(secret)
.Decode(forgedtoken1); // Noncompliant: signature should be verified
----
== Compliant Solution
https://github.com/jwt-dotnet/jwt[jwt-dotnet] library:
----
var decodedtoken1 = decoder.Decode(forgedtoken1, secret, verify: true); // Compliant
var decodedtoken2 = new JwtBuilder()
.WithSecret(secret)
.MustVerifySignature()
.Decode(token); // Compliant
----
include::../see.adoc[]
Reference in New Issue View Git Blame Copy Permalink