Packages
sobelow
0.3.8
0.14.1
0.14.0
0.13.0
0.12.2
0.12.1
0.12.0
0.11.1
0.11.0
0.10.6
0.10.5
0.10.4
0.10.3
0.10.2
0.10.1
0.10.0
0.9.3
0.9.2
0.9.1
0.9.0
0.8.0
0.7.8
0.7.7
0.7.6
0.7.5
0.7.4
0.7.3
0.7.2
0.7.1
0.7.0
0.6.9
0.6.8
0.6.7
0.6.6
0.6.5
0.6.4
0.6.3
0.6.2
0.6.1
0.6.0
0.5.4
0.5.3
0.5.2
0.5.1
0.5.0
0.4.9
0.4.8
0.4.7
0.4.6
0.4.5
0.4.4
0.4.3
0.4.2
0.4.1
0.4.0
0.3.12
0.3.11
0.3.10
0.3.9
0.3.8
0.3.7
0.3.6
0.3.5
0.3.4
0.3.3
0.3.2
0.3.1
0.3.0
0.2.8
0.2.7
0.2.6
0.2.5
0.2.4
0.2.3
Security-focused static analysis for Elixir & the Phoenix framework
Current section
Files
Jump to
Current section
Files
lib/sobelow/misc/bin_to_term.ex
defmodule Sobelow.Misc.BinToTerm do
@moduledoc """
# Insecure use of `binary_to_term`
If user input is passed to Erlang's `binary_to_term` function
it may result in memory exhaustion or code execution. Even with
the `:safe` option, `binary_to_term` will deserialize functions,
and shouldn't be considered safe to use with untrusted input.
`binary_to_term` checks can be ignored with the following command:
$ mix sobelow -i Misc.BinToTerm
"""
alias Sobelow.Utils
use Sobelow.Finding
def run(fun, filename) do
{vars, _params, {fun_name, [{_, line_no}]}} = parse_binary_term_def(fun)
Enum.each vars, fn var ->
print_finding(line_no, filename, fun_name, fun, var, :high)
end
end
defp print_finding(line_no, filename, fun_name, fun, var, severity) do
Utils.add_finding(line_no, filename, fun,
fun_name, var, severity,
"Unsafe `binary_to_term`", :binary_to_term, :erlang)
end
def parse_binary_term_def(fun) do
{params, {fun_name, line_no}} = Utils.get_fun_declaration(fun)
pipefuns = Utils.get_pipe_funs(fun)
|> Enum.map(fn {_, _, opts} -> Enum.at(opts, 1) end)
|> Enum.flat_map(&Utils.get_erlang_funs_of_type(&1, :binary_to_term))
pipeerls = Enum.flat_map(pipefuns, &Utils.get_pipe_val(fun, &1))
|> List.flatten
erls = Utils.get_erlang_funs_of_type(fun, :binary_to_term) -- pipefuns
|> Enum.map(&Utils.extract_opts(&1, 0))
|> List.flatten
{erls ++ pipeerls, params, {fun_name, line_no}}
end
end