Skip to content

Commit f85c01c

Browse files
committed
Correct string source
1 parent 75e7148 commit f85c01c

File tree

1 file changed

+1
-1
lines changed

1 file changed

+1
-1
lines changed

java/ql/src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.qll

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -77,7 +77,7 @@ abstract class JwtTokenSink extends DataFlow::Node { }
7777
* A hardcoded string literal as a source for JWT token signing vulnerabilities.
7878
*/
7979
class HardcodedKeyStringSource extends JwtKeySource {
80-
HardcodedKeyStringSource() { this.asExpr() instanceof CompileTimeConstantExpr }
80+
HardcodedKeyStringSource() { exists(this.asExpr().(CompileTimeConstantExpr).getStringValue()) }
8181
}
8282

8383
/**

0 commit comments

Comments
 (0)