Packages
sobelow
0.10.2
0.14.1
0.14.0
0.13.0
0.12.2
0.12.1
0.12.0
0.11.1
0.11.0
0.10.6
0.10.5
0.10.4
0.10.3
0.10.2
0.10.1
0.10.0
0.9.3
0.9.2
0.9.1
0.9.0
0.8.0
0.7.8
0.7.7
0.7.6
0.7.5
0.7.4
0.7.3
0.7.2
0.7.1
0.7.0
0.6.9
0.6.8
0.6.7
0.6.6
0.6.5
0.6.4
0.6.3
0.6.2
0.6.1
0.6.0
0.5.4
0.5.3
0.5.2
0.5.1
0.5.0
0.4.9
0.4.8
0.4.7
0.4.6
0.4.5
0.4.4
0.4.3
0.4.2
0.4.1
0.4.0
0.3.12
0.3.11
0.3.10
0.3.9
0.3.8
0.3.7
0.3.6
0.3.5
0.3.4
0.3.3
0.3.2
0.3.1
0.3.0
0.2.8
0.2.7
0.2.6
0.2.5
0.2.4
0.2.3
Security-focused static analysis for Elixir & the Phoenix framework
Current section
Files
Jump to
Current section
Files
lib/sobelow/dos/list_to_atom.ex
defmodule Sobelow.DOS.ListToAtom do @moduledoc """ # Denial of Service via `List.to_atom` In Elixir, atoms are not garbage collected. As such, if user input is passed to the `List.to_atom` function, it may result in memory exhaustion. Prefer the `List.to_existing_atom` function for untrusted user input. `List.to_atom` checks can be ignored with the following command: $ mix sobelow -i DOS.ListToAtom """ use Sobelow.Finding @finding_type "DOS.ListToAtom: Unsafe `List.to_atom`" def run(fun, meta_file) do confidence = if !meta_file.is_controller?, do: :low Finding.init(@finding_type, meta_file.filename, confidence) |> Finding.multi_from_def(fun, parse_def(fun)) |> Enum.each(&Print.add_finding(&1)) end def parse_def(fun) do Parse.get_fun_vars_and_meta(fun, 0, :to_atom, [:List]) endend