• Home
• io.codemodder
• core-codemods
• 0.96.0
• source code
• description.md

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

io.codemodder.codemods.UnverifiedJwtCodemod.description.md Maven / Gradle / Ivy

This change switches to Json Web Token (JWT) parsing APIs that perform signature validation.

Unfortunately the method names in JWT parsing with the `io.jsonwebtoken.jjwt` library don't convey the risk difference in usage. Although the `parseClaimsJws()` and `parseClaimsJwt()` methods perform signature validation, the `parse()` method does not.

Changing out these methods is easy and our changes look something like this:

```diff
  JwtParser parser = Jwts.parser();
  JwtParser jwtParser = parser.setSigningKey(JWT_PASSWORD);
- Jwt jwt = jwtParser.parse(token);
+ Jwt jwt = jwtParser.parseClaimsJwt(token);
```