Some sobelow fixes

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2021-01-22 19:11:13 +01:00
parent 21698f754d
commit 7b91367145
No known key found for this signature in database
GPG Key ID: A061B9DDE0CA0773
9 changed files with 17 additions and 8 deletions

View File

@ -2,11 +2,11 @@
verbose: true,
private: false,
skip: true,
router: "",
exit: "false",
router: "lib/web/router.ex",
exit: "low",
format: "txt",
out: "",
threshold: "low",
ignore: ["Config.Secrets", "XSS", "Config.HTTPS"],
ignore_files: [""]
threshold: "medium",
ignore: ["Config.HTTPS"],
ignore_files: ["config/dev.1.secret.exs", "config/dev.2.secret.exs", "config/dev.3.secret.exs", "config/dev.secret.exs", "config/e2e.secret.exs", "config/prod.secret.exs", "config/test.secret.exs"]
]

2
.sobelow-skips Normal file
View File

@ -0,0 +1,2 @@
AACA51671C4B3C803ACBCA3FADE84CDE

View File

@ -76,10 +76,11 @@ defmodule Mobilizon do
:ok
end
# sobelow_skip ["DOS.StringToAtom"]
@spec cachex_spec(atom, integer, integer, integer, function | nil) :: Supervisor.child_spec()
defp cachex_spec(name, limit, default, interval, fallback \\ nil) do
%{
id: :"cache_#{name}",
id: String.to_atom("cache_#{to_string(name)}"),
start:
{Cachex, :start_link,
[

View File

@ -58,6 +58,7 @@ defmodule Mobilizon.Discussions do
@doc """
Callback for Absinthe Ecto Dataloader
"""
# sobelow_skip ["SQL.Query"]
@spec data :: Dataloader.Ecto.t()
def data do
Dataloader.Ecto.new(Repo, query: &query/2)

View File

@ -185,6 +185,7 @@ defmodule Mobilizon.Resources do
end)
end
# sobelow_skip ["SQL.Query"]
@spec update_children(Multi.t(), Resource.t(), map()) :: Multi.t()
defp update_children(
%Multi{} = multi,

View File

@ -4,6 +4,7 @@ defmodule Mobilizon.Web.Auth.ErrorHandler do
"""
import Plug.Conn
# sobelow_skip ["XSS.SendResp"]
def auth_error(conn, {type, _reason}, _opts) do
body = Jason.encode!(%{message: to_string(type)})
send_resp(conn, 401, body)

View File

@ -145,6 +145,7 @@ defmodule Mobilizon.Web.ReverseProxy do
end
end
# sobelow_skip ["XSS.SendResp"]
def call(conn, _, _) do
conn
|> send_resp(400, Conn.Status.reason_phrase(400))
@ -223,6 +224,7 @@ defmodule Mobilizon.Web.ReverseProxy do
|> send_resp(code, "")
end
# sobelow_skip ["XSS.SendResp"]
defp error_or_redirect(conn, url, code, body, opts) do
if Keyword.get(opts, :redirect_on_failure, false) do
conn

View File

@ -163,8 +163,8 @@ defmodule Mobilizon.Web.Router do
get("/interact", PageController, :interact)
get("/auth/:provider", AuthController, :request)
# sobelow_skip ["Config.CSRFRoute"]
# Possibly related to https://github.com/ueberauth/ueberauth/issues/125
# Have a look at https://github.com/ueberauth/ueberauth/issues/125 some day
# Also possible CSRF issue
get("/auth/:provider/callback", AuthController, :callback)
post("/auth/:provider/callback", AuthController, :callback)
end

View File

@ -5,6 +5,7 @@ defmodule Mobilizon.Web.Views.Utils do
alias Mobilizon.Service.Metadata.Utils, as: MetadataUtils
# sobelow_skip ["Traversal.FileModule"]
@spec inject_tags(Enum.t(), String.t()) :: {:safe, String.t()}
def inject_tags(tags, locale \\ "en") do
with {:ok, index_content} <- File.read(index_file_path()) do