xubowenW

Results 6 comments of xubowenW

Using predictable/constant cryptographic key when creating and verifing Json Web Token.

### screenshot ![image](https://user-images.githubusercontent.com/40926753/188398260-b333f94c-4139-4e6d-8a37-970f0a12ffd0.png) ![image](https://user-images.githubusercontent.com/40926753/188398290-58dde78f-706c-4b3b-8b03-4218648aa877.png)

Using predictable/constant cryptographic key when creating and verifing Json Web Token.

First of all, any hardcoded(predictable/constant) cryptographic key (private key or symmetric key for signing or encryption) is not secure, it can be see [CWE-321](https://cwe.mitre.org/data/definitions/321.html), [NIST Special Publication 800-57](https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final) and other...

Using predictable/constant cryptographic key when creating and verifing Json Web Token.

First of all, any hardcoded(predictable/constant) cryptographic key (private key or symmetric key for signing or encryption) is not secure, it can be see [CWE-321](https://cwe.mitre.org/data/definitions/321.html), [NIST Special Publication 800-57](https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final) and other...

Using predictable/constant cryptographic key when creating and verifing Json Web Token.

This is only a security enhancement suggestion, because our detector only detects the implementation security of JWT. Using a hard-coded secret does not conform to the security implementation specification of...

SourceDirCallGraph.main run error

Thanks a lot! Now I can run the `SourceDirCallGraph.java` in the WALA_Start project successfully. But in my maven project, the problem still exist when I run the `SourceDirCallGraph.java` . I...

SourceDirCallGraph.main run error

Thanks for your advice!!!! I added the dependencies in my ``` pom.xml``` (on the top of the dependencies list) and solved the problem.