I have some false positives on the code, which is not in my control. Can you stop analysis, if the error occurs in 3rd party libraries?
Example
import (
"github.com/lestrrat-go/jwx/jwt"
...
)
func verifyTokenFormat(bearerToken string) error {
_, err := jwt.ParseString(bearerToken, jwt.WithValidate(true), jwt.WithAcceptableSkew(time.Second))
return err
}This is source of ParseString, still does not accept context, but is already in 3rd party code:
https://github.com/lestrrat-go/jwx/blob/develop/v2/jwt/jwt.go#L87
func ParseString(s string, options ...ParseOption) (Token, error) {
return parseBytes([]byte(s), options...)
}And here is code of parseBytes which does not accept context, but has variable named ctx.
https://github.com/lestrrat-go/jwx/blob/develop/v2/jwt/jwt.go#L158
func parseBytes(data []byte, options ...ParseOption) (Token, error) {
var ctx parseCtx
// Validation is turned on by default. You need to specify
// jwt.WithValidate(false) if you want to disable it
ctx.validate = true
...Error
The code above is causing this issue
identity/authorization.go:123:30: Function `verifyTokenFormat->parseBytes` should pass the context parameter (contextcheck)
if err := verifyTokenFormat(sub.AccessToken); err != nil {
I have some false positives on the code, which is not in my control. Can you stop analysis, if the error occurs in 3rd party libraries?
Example
This is source of
ParseString, still does not accept context, but is already in 3rd party code:https://github.com/lestrrat-go/jwx/blob/develop/v2/jwt/jwt.go#L87
And here is code of
parseByteswhich does not accept context, but has variable namedctx.https://github.com/lestrrat-go/jwx/blob/develop/v2/jwt/jwt.go#L158
Error
The code above is causing this issue