Closed JLLeitschuh closed 8 months ago
CodeQL was flagging the current use of JWT as being vulnerable as validateBrokerToken wasn't actually performing validlidation of the signature.
validateBrokerToken
Since the logic is unused, except for in test, the entire chunk of logic has been moved exclusively to tests.
Explain here the context, and why you're making that change. What is the problem you're trying to solve.
Move JwtServiceImpl#validateBrokerToken logic into BrokerTokensServiceImplTest
JwtServiceImpl#validateBrokerToken
BrokerTokensServiceImplTest
./gradlew build
Motivation
CodeQL was flagging the current use of JWT as being vulnerable as
validateBrokerTokenwasn't actually performing validlidation of the signature.Since the logic is unused, except for in test, the entire chunk of logic has been moved exclusively to tests.
Explain here the context, and why you're making that change. What is the problem you're trying to solve.
Modifications
Move
JwtServiceImpl#validateBrokerTokenlogic intoBrokerTokensServiceImplTestVerifying this change
./gradlew buildchecks.