PyJWT decodes and validates JWTs. jwt.decode() with algorithms=['none'] or options={'verify_signature': False} accepts unsigned tokens — major finding. Always pass algorithms explicitly.
.decode()Sanitizerjwt.decode(jwt: str, key=None, algorithms=None, options=None, audience=None, issuer=None, leeway=0) -> dict
Verifies and decodes. Finding on algorithms=['none'] or verify_signature=False.
return.encode()Neutraljwt.encode(payload: dict, key: str | bytes, algorithm='HS256', headers=None, json_encoder=None) -> str
Signs a JWT. Safe with a proper algorithm.
| FQN | Field | |
|---|---|---|
| jwt | fqns[0] |
Wrong FQN → 0 findings. Verify with: change fqns to garbage → must produce 0 results.
from codepathfinder.go_rule import PyPyjwt