We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
There was an error while loading. Please reload this page.
1 parent 75e7148 commit f85c01cCopy full SHA for f85c01c
java/ql/src/experimental/Security/CWE/CWE-321/HardcodedJwtKey.qll
@@ -77,7 +77,7 @@ abstract class JwtTokenSink extends DataFlow::Node { }
77
* A hardcoded string literal as a source for JWT token signing vulnerabilities.
78
*/
79
class HardcodedKeyStringSource extends JwtKeySource {
80
- HardcodedKeyStringSource() { this.asExpr() instanceof CompileTimeConstantExpr }
+ HardcodedKeyStringSource() { exists(this.asExpr().(CompileTimeConstantExpr).getStringValue()) }
81
}
82
83
/**
0 commit comments