sdk/golang/Auth & Config/GoJWTToken

GoJWTToken

Represents jwt.Token from github.com/golang-jwt/jwt v5. The Valid field and Parse function are critical — rules detect patterns where signature verification is skipped.

1 sink

Taint flow0 sources → 1 sink

Sinks — dangerous call

.ParseWithClaims()Parses and validates JWT

Sinks

— dangerous functions taint must not reach

.ParseWithClaims()Sink

Signature

ParseWithClaims(tokenString string, claims Claims, keyFunc Keyfunc, options ...ParserOption) (*Token, error)

Parses and validates JWT. keyFunc returning nil skips signature verification.

tracks:0

Other Methods

.Valid()Neutral

Signature

Valid bool (field)

True if the token was validated. Accessing claims without checking Valid is a finding.

Fully-Qualified Names

FQN	Field
github.com/golang-jwt/jwt/v5.Token	fqns[0]
*.Token	patterns

Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.

Import

go.mod

require github.com/golang-jwt/jwt/v5 v5.2.0

rule.py

from codepathfinder.go_rule import GoJWTToken

Rules Using This Class

GO-JWT-002

← PreviousGoGoUberOrgZap

Next →GoPelletierGoToml