code refactoring - 1

Checkmarx · Nov 25, 2024 · 93c48d6 · 93c48d6
1 parent 346912d
commit 93c48d6
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 7 deletions.
diff --git a/internal/wrappers/client.go b/internal/wrappers/client.go
@@ -15,8 +15,8 @@ import (
 	"time"
 
 	applicationErrors "github.com/checkmarx/ast-cli/internal/constants/errors"
-	"github.com/golang-jwt/jwt/v5"
 	"github.com/checkmarx/ast-cli/internal/logger"
+	"github.com/golang-jwt/jwt/v5"
 
 	"github.com/pkg/errors"
 	"github.com/spf13/viper"
@@ -732,15 +732,20 @@ func GetURL(path, accessToken string) (string, error) {
 
 func ExtractFromTokenClaims(accessToken, claim string) (string, error) {
 	var value string
-	token, _, err := new(jwt.Parser).ParseUnverified(accessToken, jwt.MapClaims{})
+
+	parser := jwt.NewParser(jwt.WithoutClaimsValidation())
+
+	token, _, err := parser.ParseUnverified(accessToken, jwt.MapClaims{})
 	if err != nil {
 		return "", errors.Errorf(APIKeyDecodeErrorFormat, err)
 	}
+
 	if claims, ok := token.Claims.(jwt.MapClaims); ok && claims[claim] != nil {
 		value = strings.TrimSpace(claims[claim].(string))
 	} else {
 		return "", errors.Errorf(jwtError, claim)
 	}
+
 	return value, nil
 }
 

diff --git a/internal/wrappers/codebashing-http.go b/internal/wrappers/codebashing-http.go
@@ -8,8 +8,8 @@ import (
 
 	commonParams "github.com/checkmarx/ast-cli/internal/params"
 	"github.com/checkmarx/ast-cli/internal/wrappers/utils"
-	"github.com/pkg/errors"
 	"github.com/golang-jwt/jwt/v5"
+	"github.com/pkg/errors"
 	"github.com/spf13/viper"
 )
 
@@ -92,11 +92,15 @@ func (r *CodeBashingHTTPWrapper) GetCodeBashingURL(field string) (string, error)
 	if err != nil {
 		return "", errors.Errorf(failedGettingCodeBashingURL)
 	}
-	token, _, err := new(jwt.Parser).ParseUnverified(accessToken, jwt.MapClaims{})
+
+	parser := jwt.NewParser(jwt.WithoutClaimsValidation())
+
+	token, _, err := parser.ParseUnverified(accessToken, jwt.MapClaims{})
 	if err != nil {
 		return "", NewAstError(licenseNotFoundExitCode, errors.Errorf(failedGettingCodeBashingURL))
 	}
-	var url = ""
+
+	var url string
 	if claims, ok := token.Claims.(jwt.MapClaims); ok && claims[field] != nil {
 		url = claims[field].(string)
 	}

diff --git a/internal/wrappers/jwt-helper.go b/internal/wrappers/jwt-helper.go
@@ -17,7 +17,7 @@ type JWTStruct struct {
 			AllowedEngines []string `json:"allowedEngines"`
 		} `json:"LicenseData"`
 	} `json:"ast-license"`
-	jwt.Claims
+	jwt.RegisteredClaims // Embedding the standard claims
 }
 
 var enabledEngines = []string{"sast", "sca", "api-security", "iac-security", "scs", "containers", "enterprise-secrets"}
@@ -98,8 +98,10 @@ func prepareEngines(engines []string) map[string]bool {
 }
 
 func extractFromTokenToJwtStruct(accessToken string) (*JWTStruct, error) {
+	// Create a new Parser instance
+	parser := jwt.NewParser(jwt.WithoutClaimsValidation())
 
-	token, _, err := new(jwt.Parser).ParseUnverified(accessToken, &JWTStruct{})
+	token, _, err := parser.ParseUnverified(accessToken, &JWTStruct{})
 	if err != nil {
 		return nil, errors.Errorf(APIKeyDecodeErrorFormat, err)
 	}