Packages
sobelow
0.8.0
0.14.1
0.14.0
0.13.0
0.12.2
0.12.1
0.12.0
0.11.1
0.11.0
0.10.6
0.10.5
0.10.4
0.10.3
0.10.2
0.10.1
0.10.0
0.9.3
0.9.2
0.9.1
0.9.0
0.8.0
0.7.8
0.7.7
0.7.6
0.7.5
0.7.4
0.7.3
0.7.2
0.7.1
0.7.0
0.6.9
0.6.8
0.6.7
0.6.6
0.6.5
0.6.4
0.6.3
0.6.2
0.6.1
0.6.0
0.5.4
0.5.3
0.5.2
0.5.1
0.5.0
0.4.9
0.4.8
0.4.7
0.4.6
0.4.5
0.4.4
0.4.3
0.4.2
0.4.1
0.4.0
0.3.12
0.3.11
0.3.10
0.3.9
0.3.8
0.3.7
0.3.6
0.3.5
0.3.4
0.3.3
0.3.2
0.3.1
0.3.0
0.2.8
0.2.7
0.2.6
0.2.5
0.2.4
0.2.3
Security-focused static analysis for Elixir & the Phoenix framework
Current section
Files
Jump to
Current section
Files
lib/sobelow/xss/html.ex
defmodule Sobelow.XSS.HTML do
alias Sobelow.{Parse, Print}
use Sobelow.Finding
@finding_type "XSS.HTML: XSS in `html`"
def run(fun, meta_file) do
severity = if meta_file.is_controller?, do: false, else: :low
{findings, params, {fun_name, [{_, line_no}]}} = parse_def(fun)
Enum.each(findings, fn {finding, var} ->
Print.add_finding(
line_no,
meta_file.filename,
fun,
fun_name,
var,
Print.get_sev(params, var, severity),
finding,
@finding_type
)
end)
end
def parse_def(fun) do
Parse.get_fun_vars_and_meta(fun, 1, :html)
end
def details() do
Sobelow.XSS.details()
end
end