[Bug] Duplicate or Unreachable code found inside JsonSerializerPrimitives and ConfigurationRetriever

[Mayank-Soni-89]

Which version of Microsoft.IdentityModel are you using? Note that to get help, you need to run the latest version.

Where is the issue?

• [X] M.IM.JsonWebTokens
• [ ] M.IM.KeyVaultExtensions
• [ ] M.IM.Logging
• [ ] M.IM.ManagedKeyVaultSecurityKey
• [ ] M.IM.Protocols
• [ ] M.IM.Protocols.OpenIdConnect
• [ ] M.IM.Protocols.SignedHttpRequest
• [ ] M.IM.Protocols.WsFederation
• [ ] M.IM.TestExtensions
• [ ] M.IM.Tokens
• [ ] M.IM.Tokens.Saml
• [ ] M.IM.Validators
• [ ] M.IM.Xml
• [X] S.IM.Tokens.Jwt
• Other (please describe)

Is this a new or an existing app?

The app is in production and I have upgraded to a new version of Microsoft.IdentityModel.* and this code I used for work around for serialization issue and reported by security team.

Repro

var your = (code) => here;

Expected behavior A clear and concise description of what you expected to happen (or code). Duplicate code should not have to present.

Actual behavior A clear and concise description of what happens, e.g. an exception is thrown, UI freezes. Found duplicate code and cause the security alarm for that code.

Possible solution

Additional context / logs / screenshots / links to code

Add any other context about the problem here, such as logs and screenshots or links to code.

[brentschmaltz]

@Mayank-Soni-89 we need some additional detail here.

[pmaytak]

@Mayank-Soni-89 Can you provide more information on what the issue is with the code you mentioned?

[Mayank-Soni-89]

Hello,

In JsonSerializerPrimitives.cs file, there is a method called TryCreateTypeFromJsonElement. Inside that method, "if else" condition statement is written. There is a elseif statement which is unreachable code. check line number 216 and 476. If 216 is suttisfied then it will not reach to 476 linenumber i.e. else if statement in line number 476 will never be execute because 216 and 476 is same condition.

Similiar case for ConfigurationRetriever file.