Packages
sobelow
0.11.0
0.14.1
0.14.0
0.13.0
0.12.2
0.12.1
0.12.0
0.11.1
0.11.0
0.10.6
0.10.5
0.10.4
0.10.3
0.10.2
0.10.1
0.10.0
0.9.3
0.9.2
0.9.1
0.9.0
0.8.0
0.7.8
0.7.7
0.7.6
0.7.5
0.7.4
0.7.3
0.7.2
0.7.1
0.7.0
0.6.9
0.6.8
0.6.7
0.6.6
0.6.5
0.6.4
0.6.3
0.6.2
0.6.1
0.6.0
0.5.4
0.5.3
0.5.2
0.5.1
0.5.0
0.4.9
0.4.8
0.4.7
0.4.6
0.4.5
0.4.4
0.4.3
0.4.2
0.4.1
0.4.0
0.3.12
0.3.11
0.3.10
0.3.9
0.3.8
0.3.7
0.3.6
0.3.5
0.3.4
0.3.3
0.3.2
0.3.1
0.3.0
0.2.8
0.2.7
0.2.6
0.2.5
0.2.4
0.2.3
Security-focused static analysis for Elixir & the Phoenix framework
Current section
Files
Jump to
Current section
Files
lib/sobelow/vuln.ex
defmodule Sobelow.Vuln do
@moduledoc """
# Known Vulnerable Dependencies
An application with known vulnerabilities is more easily subjected
to automated or targeted attacks.
Known Vulnerable checks can be ignored with the following command:
$ mix sobelow -i Vuln
"""
@submodules [
Sobelow.Vuln.PlugNull,
Sobelow.Vuln.CookieRCE,
Sobelow.Vuln.HeaderInject,
Sobelow.Vuln.Redirect,
Sobelow.Vuln.Coherence,
Sobelow.Vuln.Ecto
]
alias Sobelow.{Finding, Utils, Print}
use Sobelow.FindingType
def get_vulns(root) do
allowed = @submodules -- Sobelow.get_ignored()
Enum.each(allowed, fn mod ->
apply(mod, :run, [root])
end)
end
def print_finding(file, vsn, package, detail, cve \\ "TBA", mod) do
type = "Vuln.#{mod}: Known Vulnerable Dependency - #{package} v#{vsn}"
finding =
%Finding{
type: type,
filename: Utils.normalize_path(file),
fun_source: nil,
vuln_source: nil,
vuln_line_no: 0,
vuln_col_no: 0,
confidence: :high
}
|> Finding.fetch_fingerprint()
case Sobelow.format() do
"json" ->
json_finding = [
type: finding.type,
details: detail,
file: finding.filename,
cve: cve,
line: 0
]
Sobelow.log_finding(json_finding, finding)
"txt" ->
Sobelow.log_finding(finding)
Print.print_custom_finding_metadata(finding, [
"Details: #{detail}",
"File: #{finding.filename}",
"CVE: #{cve}"
])
"compact" ->
Print.log_compact_finding(finding)
_ ->
Sobelow.log_finding(finding)
end
end
def details() do
@moduledoc
end
end