JWT must always be verified
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。
翻訳に関してご質問やご意見ございましたら、
お気軽にご連絡ください。
ID: csharp-security/jwt-verify
Language: C#
Severity: Warning
Category: Security
CWE: 347
Description
Preventing JWT validation may lead to unauthorized access. Make sure that tokens are always verified.
Learn More
Non-Compliant Code Examples
using System.Xml;
class MyClass {
public static void decodePayload()
{
JwtDecoder decoder = null;
decoder.Decode(token, secret, false);
decoder.Decode(token, secret, verify: false);
}
}
Compliant Code Examples
using System.Xml;
class MyClass {
public static void decodePayload()
{
JwtDecoder decoder = null;
decoder.Decode(token, secret, true);
decoder.Decode(token, secret, verify: true);
}
}
Seamless integrations. Try Datadog Code Analysis