Packages
sobelow
0.6.1
0.14.1
0.14.0
0.13.0
0.12.2
0.12.1
0.12.0
0.11.1
0.11.0
0.10.6
0.10.5
0.10.4
0.10.3
0.10.2
0.10.1
0.10.0
0.9.3
0.9.2
0.9.1
0.9.0
0.8.0
0.7.8
0.7.7
0.7.6
0.7.5
0.7.4
0.7.3
0.7.2
0.7.1
0.7.0
0.6.9
0.6.8
0.6.7
0.6.6
0.6.5
0.6.4
0.6.3
0.6.2
0.6.1
0.6.0
0.5.4
0.5.3
0.5.2
0.5.1
0.5.0
0.4.9
0.4.8
0.4.7
0.4.6
0.4.5
0.4.4
0.4.3
0.4.2
0.4.1
0.4.0
0.3.12
0.3.11
0.3.10
0.3.9
0.3.8
0.3.7
0.3.6
0.3.5
0.3.4
0.3.3
0.3.2
0.3.1
0.3.0
0.2.8
0.2.7
0.2.6
0.2.5
0.2.4
0.2.3
Security-focused static analysis for Elixir & the Phoenix framework
Current section
Files
Jump to
Current section
Files
lib/sobelow/sql/query.ex
defmodule Sobelow.SQL.Query do
alias Sobelow.Utils
use Sobelow.Finding
@finding_type "SQL injection"
def run(fun, filename) do
{findings, params, {fun_name, [{_, line_no}]}} = parse_sql_def(fun)
severity = if String.ends_with?(filename, "_controller.ex"), do: false, else: :low
Enum.each(findings, fn {finding, var} ->
Utils.add_finding(line_no, filename, fun, fun_name,
var, Utils.get_sev(params, var, severity),
finding, @finding_type)
end)
{findings, params, {fun_name, [{_, line_no}]}} = parse_repo_query_def(fun)
Enum.each(findings, fn {finding, var} ->
Utils.add_finding(line_no, filename, fun, fun_name,
var, Utils.get_sev(params, var, severity),
finding, @finding_type)
end)
end
## query(repo, sql, params \\ [], opts \\ [])
def parse_sql_def(fun) do
Utils.get_fun_vars_and_meta(fun, 1, :query, :SQL)
end
def parse_repo_query_def(fun) do
Utils.get_fun_vars_and_meta(fun, 0, :query, :Repo)
end
def details() do
Sobelow.SQL.details()
end
end