Packages
sobelow
0.3.12
0.14.1
0.14.0
0.13.0
0.12.2
0.12.1
0.12.0
0.11.1
0.11.0
0.10.6
0.10.5
0.10.4
0.10.3
0.10.2
0.10.1
0.10.0
0.9.3
0.9.2
0.9.1
0.9.0
0.8.0
0.7.8
0.7.7
0.7.6
0.7.5
0.7.4
0.7.3
0.7.2
0.7.1
0.7.0
0.6.9
0.6.8
0.6.7
0.6.6
0.6.5
0.6.4
0.6.3
0.6.2
0.6.1
0.6.0
0.5.4
0.5.3
0.5.2
0.5.1
0.5.0
0.4.9
0.4.8
0.4.7
0.4.6
0.4.5
0.4.4
0.4.3
0.4.2
0.4.1
0.4.0
0.3.12
0.3.11
0.3.10
0.3.9
0.3.8
0.3.7
0.3.6
0.3.5
0.3.4
0.3.3
0.3.2
0.3.1
0.3.0
0.2.8
0.2.7
0.2.6
0.2.5
0.2.4
0.2.3
Security-focused static analysis for Elixir & the Phoenix framework
Current section
Files
Jump to
Current section
Files
lib/sobelow/vuln.ex
defmodule Sobelow.Vuln do
@moduledoc """
# Known Vulnerable Dependencies
An application with known vulnerabilities is more easily subjected
to automated or targeted attacks.
Known Vulnerable checks can be ignored with the following command:
$ mix sobelow -i Vuln
"""
@submodules [Sobelow.Vuln.PlugNull, Sobelow.Vuln.CookieRCE, Sobelow.Vuln.HeaderInject, Sobelow.Vuln.Redirect]
use Sobelow.Finding
def get_vulns(root) do
allowed = @submodules -- Sobelow.get_ignored()
Enum.each allowed, fn mod ->
apply(mod, :run, [root])
end
end
def print_finding(vsn, package, detail, cve \\ "TBA") do
type = "Known Vulnerable Dependency - #{package} v#{vsn}"
case Sobelow.format() do
"json" ->
finding = [type: type, details: detail, cve: cve]
Sobelow.log_finding(finding, :high)
_ ->
Sobelow.log_finding(type, :high)
IO.puts IO.ANSI.red() <> type <> IO.ANSI.reset()
if Sobelow.get_env(:with_code), do: print_detail(detail, cve)
IO.puts "\n-----------------------------------------------\n"
end
end
defp print_detail(detail, cve) do
IO.puts("Details: #{detail}")
IO.puts("CVE: #{cve}")
end
end