Packages
sobelow
0.3.10
0.14.1
0.14.0
0.13.0
0.12.2
0.12.1
0.12.0
0.11.1
0.11.0
0.10.6
0.10.5
0.10.4
0.10.3
0.10.2
0.10.1
0.10.0
0.9.3
0.9.2
0.9.1
0.9.0
0.8.0
0.7.8
0.7.7
0.7.6
0.7.5
0.7.4
0.7.3
0.7.2
0.7.1
0.7.0
0.6.9
0.6.8
0.6.7
0.6.6
0.6.5
0.6.4
0.6.3
0.6.2
0.6.1
0.6.0
0.5.4
0.5.3
0.5.2
0.5.1
0.5.0
0.4.9
0.4.8
0.4.7
0.4.6
0.4.5
0.4.4
0.4.3
0.4.2
0.4.1
0.4.0
0.3.12
0.3.11
0.3.10
0.3.9
0.3.8
0.3.7
0.3.6
0.3.5
0.3.4
0.3.3
0.3.2
0.3.1
0.3.0
0.2.8
0.2.7
0.2.6
0.2.5
0.2.4
0.2.3
Security-focused static analysis for Elixir & the Phoenix framework
Current section
Files
Jump to
Current section
Files
lib/sobelow/config/https.ex
defmodule Sobelow.Config.HTTPS do
@moduledoc """
# HTTPS
Without HTTPS, attackers in a priveleged network position can
intercept and modify traffic.
Sobelow detects missing HTTPS by checking the prod
configuration.
HTTPS checks can be ignored with the following command:
$ mix sobelow -i Config.HTTPS
"""
alias Sobelow.Config
alias Sobelow.Utils
use Sobelow.Finding
def run(dir_path, configs) do
path = dir_path <> "prod.exs"
if File.exists?(path) do
Config.get_configs_by_file(:https, path)
|> handle_https()
end
end
defp handle_https(opts) do
if length(opts) === 0 do
add_finding()
end
end
defp add_finding() do
type = "HTTPS Not Enabled"
case Sobelow.format() do
"json" ->
finding = [type: type]
Sobelow.log_finding(finding, :high)
_ ->
Sobelow.log_finding(type, :high)
IO.puts IO.ANSI.red() <> type <> " - High Confidence" <> IO.ANSI.reset()
if Sobelow.get_env(:with_code), do: print_info()
IO.puts "\n-----------------------------------------------\n"
end
end
defp print_info() do
IO.puts "\nHTTPS configuration details could not be found in `prod.exs`."
end
end