ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S5659/vbnet/rule.adoc

48 lines
1.0 KiB
Plaintext
Raw Blame History

This file contains invisible Unicode characters

This file contains invisible Unicode characters that are indistinguishable to humans but may be processed differently by a computer. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

== Why is this an issue?
include::../description.adoc[]
=== Noncompliant code example
https://github.com/jwt-dotnet/jwt[jwt-dotnet] library:
[source,vbnet]
----
Dim decodedtoken1 As String = decoder.Decode(token, secret, verify:= false) ' Noncompliant: signature should be verified
Dim decodedtoken2 As String = new JwtBuilder().
    WithSecret(secret).
    Decode(forgedtoken1) ' Noncompliant: signature should be verified
----
=== Compliant solution
https://github.com/jwt-dotnet/jwt[jwt-dotnet] library:
[source,vbnet]
----
Dim decodedtoken1 As String = decoder.Decode(forgedtoken1, secret, verify:= true) ' Compliant
Dim decodedtoken2 As String = new JwtBuilder().
    WithSecret(secret).
    MustVerifySignature().
    Decode(token) ' Compliant
----
include::../see.adoc[]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
'''
== Comments And Links
(visible only on this page)
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink