Packages
sobelow
0.11.0
0.14.1
0.14.0
0.13.0
0.12.2
0.12.1
0.12.0
0.11.1
0.11.0
0.10.6
0.10.5
0.10.4
0.10.3
0.10.2
0.10.1
0.10.0
0.9.3
0.9.2
0.9.1
0.9.0
0.8.0
0.7.8
0.7.7
0.7.6
0.7.5
0.7.4
0.7.3
0.7.2
0.7.1
0.7.0
0.6.9
0.6.8
0.6.7
0.6.6
0.6.5
0.6.4
0.6.3
0.6.2
0.6.1
0.6.0
0.5.4
0.5.3
0.5.2
0.5.1
0.5.0
0.4.9
0.4.8
0.4.7
0.4.6
0.4.5
0.4.4
0.4.3
0.4.2
0.4.1
0.4.0
0.3.12
0.3.11
0.3.10
0.3.9
0.3.8
0.3.7
0.3.6
0.3.5
0.3.4
0.3.3
0.3.2
0.3.1
0.3.0
0.2.8
0.2.7
0.2.6
0.2.5
0.2.4
0.2.3
Security-focused static analysis for Elixir & the Phoenix framework
Current section
Files
Jump to
Current section
Files
lib/sobelow/traversal.ex
defmodule Sobelow.Traversal do @moduledoc """ # Path Traversal Path traversal vulnerabilities are a result of interacting with the filesystem using untrusted input. This class of vulnerability may result in file disclosure, code execution, denial of service, and other issues. Read more about Path Traversal here: https://www.owasp.org/index.php/Path_Traversal Path Traversal checks can be ignored with the following command: $ mix sobelow -i Traversal """ @submodules [ Sobelow.Traversal.SendFile, Sobelow.Traversal.FileModule, Sobelow.Traversal.SendDownload ] use Sobelow.FindingType def get_vulns(fun, meta_file, _web_root, skip_mods \\ []) do allowed = @submodules -- (Sobelow.get_ignored() ++ skip_mods) Enum.each(allowed, fn mod -> apply(mod, :run, [fun, meta_file]) end) end def details() do @moduledoc endend