Jaroslav Lobačevski
Jaroslav Lobačevski
Closing as documented
We have already https://github.com/github/codeql/blob/main/java/ql/src/Security/CWE/CWE-347/MissingJWTSignatureCheck.ql (Which **doesn't** detect the CVE), but I'll leave it to the CodeQL team to decide if it is better to merge in this PR or later.
@am0o0 Could you please mark this pull request as ready for review? Have you looked already how tests for java are made in https://github.com/github/codeql/tree/main/java/ql/test/query-tests/security/CWE-347?
@am0o0 We are [sunsetting our codeql bug bounty program](https://github.com/github/securitylab/discussions/828). To be eligible for the reward please work on the pull request ASAP.
Hi, it still doesn't work. Here is the database https://we.tl/t-WOpOJykqkl On Wed, Jul 31, 2024 at 11:07 AM Am ***@***.***> wrote: > [image: am0o0]*am0o0* left a comment (github/codeql#14089) > >...
Maybe my codeql branch is outdated. I'll check out the pr branch and try again. On Wed, Jul 31, 2024 at 2:11 PM Am ***@***.***> wrote: > [image: am0o0]*am0o0* left...
I have opened your branch in a codespace and got 0 results:  On Wed, Jul 31, 2024 at 2:20 PM Jaroslav Lobacevski ***@***.***> wrote: > Maybe my codeql branch...
Ah, I missed that local.ql. I can only blame GitHub UI for cutting the file list :) It gives the result. > Message ID: ***@***.***> >>> >>
Yes, it is.
No-verification query should be under CWE-347.