From 4a066456ee6a882f1502e17d89b2805577939855 Mon Sep 17 00:00:00 2001 From: Nitin Nayar <119853191+nnayar-r2c@users.noreply.github.com> Date: Sun, 21 May 2023 16:56:09 +0100 Subject: [PATCH] Create vuln-25.java --- vuln-25.java | 59 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 59 insertions(+) create mode 100644 vuln-25.java diff --git a/vuln-25.java b/vuln-25.java new file mode 100644 index 0000000..acbd059 --- /dev/null +++ b/vuln-25.java @@ -0,0 +1,59 @@ +package jwt_test.jwt_test_1; + +import com.auth0.jwt.JWT; +import com.auth0.jwt.algorithms.Algorithm; +import com.auth0.jwt.exceptions.JWTCreationException; + +public class App +{ + + static String secret = "secret"; + + private static void bad1() { + try { + // ruleid: java-jwt-hardcoded-secret + Algorithm algorithm = Algorithm.HMAC256("secret"); + String token = JWT.create() + .withIssuer("auth0") + .sign(algorithm); + } catch (JWTCreationException exception){ + //Invalid Signing configuration / Couldn't convert Claims. + } + } + + private static void ok1(String secretKey) { + try { + // ok: java-jwt-hardcoded-secret + Algorithm algorithm = Algorithm.HMAC256(secretKey); + String token = JWT.create() + .withIssuer("auth0") + .sign(algorithm); + } catch (JWTCreationException exception){ + //Invalid Signing configuration / Couldn't convert Claims. + } + } + + public static void main( String[] args ) + { + bad1(); + ok1(args[0]); + } +} + +abstract class App2 +{ +// ruleid: java-jwt-hardcoded-secret + static String secret = "secret"; + + public void bad2() { + try { + Algorithm algorithm = Algorithm.HMAC256(secret); + String token = JWT.create() + .withIssuer("auth0") + .sign(algorithm); + } catch (JWTCreationException exception){ + //Invalid Signing configuration / Couldn't convert Claims. + } + } + +}