From c93202ebc7bd318572bcae6f7952a7ab501ca58e Mon Sep 17 00:00:00 2001 From: Porcupiney Hairs Date: Sat, 4 Mar 2023 03:11:13 +0530 Subject: [PATCH] Go: Add gogf Jwt sinks This is a small one line change. When merging goframe support in #9779, quite a but of the framework was modelled but for the JWT sinks. This PR fixes that. --- go/ql/src/experimental/CWE-321/HardcodedKeysLib.qll | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/go/ql/src/experimental/CWE-321/HardcodedKeysLib.qll b/go/ql/src/experimental/CWE-321/HardcodedKeysLib.qll index 5dc65a15098c..cc5a52573090 100644 --- a/go/ql/src/experimental/CWE-321/HardcodedKeysLib.qll +++ b/go/ql/src/experimental/CWE-321/HardcodedKeysLib.qll @@ -57,7 +57,8 @@ module HardcodedKeys { pkg = [ "github.com/golang-jwt/jwt/v4", "github.com/dgrijalva/jwt-go", - "github.com/form3tech-oss/jwt-go", "github.com/ory/fosite/token/jwt" + "github.com/form3tech-oss/jwt-go", "github.com/ory/fosite/token/jwt", + "github.com/gogf/gf-jwt/v2", "github.com/kataras/iris/v12/middleware/jwt", ] | exists(DataFlow::MethodCallNode m |