Packages
sobelow
0.12.1
0.14.1
0.14.0
0.13.0
0.12.2
0.12.1
0.12.0
0.11.1
0.11.0
0.10.6
0.10.5
0.10.4
0.10.3
0.10.2
0.10.1
0.10.0
0.9.3
0.9.2
0.9.1
0.9.0
0.8.0
0.7.8
0.7.7
0.7.6
0.7.5
0.7.4
0.7.3
0.7.2
0.7.1
0.7.0
0.6.9
0.6.8
0.6.7
0.6.6
0.6.5
0.6.4
0.6.3
0.6.2
0.6.1
0.6.0
0.5.4
0.5.3
0.5.2
0.5.1
0.5.0
0.4.9
0.4.8
0.4.7
0.4.6
0.4.5
0.4.4
0.4.3
0.4.2
0.4.1
0.4.0
0.3.12
0.3.11
0.3.10
0.3.9
0.3.8
0.3.7
0.3.6
0.3.5
0.3.4
0.3.3
0.3.2
0.3.1
0.3.0
0.2.8
0.2.7
0.2.6
0.2.5
0.2.4
0.2.3
Security-focused static analysis for Elixir & the Phoenix framework
Current section
Files
Jump to
Current section
Files
lib/sobelow/vuln/coherence.ex
defmodule Sobelow.Vuln.Coherence do
alias Sobelow.Config
alias Sobelow.Vuln
@uid 22
@finding_type "Vuln.Coherence: Known Vulnerable Dependency - Update Coherence"
use Sobelow.Finding
@vuln_vsn ["<=0.5.1"]
def run(root) do
plug_conf = root <> "/deps/coherence/mix.exs"
if File.exists?(plug_conf) do
vsn = Config.get_version(plug_conf)
case Version.parse(vsn) do
{:ok, vsn} ->
if Enum.any?(@vuln_vsn, fn v -> Version.match?(vsn, v) end) do
Vuln.print_finding(
plug_conf,
vsn,
"Coherence",
"Permissive parameters and privilege escalation",
"TBA - https://github.com/smpallen99/coherence/issues/270",
"Coherence"
)
end
_ ->
nil
end
end
end
def details() do
Sobelow.Vuln.details()
end
end