@@ -21,26 +21,21 @@ private module Python_JWT {
2121 * * `getOptions()`'s result would be `none()`.
2222 * * `verifiesSignature()` predicate would succeed.
2323 */
24- private class Python_JWTProcessCall extends DataFlow:: CallCfgNode , JWTDecoding:: Range {
25- DataFlow:: CallCfgNode verifyCall ;
26- boolean verifiesSignature ;
27-
28- Python_JWTProcessCall ( ) {
29- this = API:: moduleImport ( "python_jwt" ) .getMember ( "process_jwt" ) .getACall ( ) and
30- (
31- verifyCall = API:: moduleImport ( "python_jwt" ) .getMember ( "verify_jwt" ) .getACall ( ) and
32- this .getArg ( 0 ) .getALocalSource ( ) .flowsTo ( verifyCall .getArg ( 0 ) ) and
33- verifiesSignature = true
34- or
35- verifiesSignature = false
36- )
24+ private class PythonJwtProcessCall extends DataFlow:: CallCfgNode , JWTDecoding:: Range {
25+ PythonJwtProcessCall ( ) {
26+ this = API:: moduleImport ( "python_jwt" ) .getMember ( "process_jwt" ) .getACall ( )
27+ }
28+
29+ DataFlow:: CallCfgNode verifyCall ( ) {
30+ result = API:: moduleImport ( "python_jwt" ) .getMember ( "verify_jwt" ) .getACall ( ) and
31+ this .getPayload ( ) .getALocalSource ( ) = result .getArg ( 0 ) .getALocalSource ( )
3732 }
3833
3934 override DataFlow:: Node getPayload ( ) { result = this .getArg ( 0 ) }
4035
41- override DataFlow:: Node getKey ( ) { result = verifyCall .getArg ( 1 ) }
36+ override DataFlow:: Node getKey ( ) { result = verifyCall ( ) .getArg ( 1 ) }
4237
43- override DataFlow:: Node getAlgorithm ( ) { result = verifyCall .getArg ( 2 ) }
38+ override DataFlow:: Node getAlgorithm ( ) { result = verifyCall ( ) .getArg ( 2 ) }
4439
4540 override string getAlgorithmString ( ) {
4641 exists ( StrConst str |
@@ -51,6 +46,6 @@ private module Python_JWT {
5146
5247 override DataFlow:: Node getOptions ( ) { none ( ) }
5348
54- override predicate verifiesSignature ( ) { verifiesSignature = true }
49+ override predicate verifiesSignature ( ) { exists ( verifyCall ( ) ) }
5550 }
5651}
0 commit comments