Chapril/mobilizon.chapril.org-mobilizon
Chapril
/
mobilizon.chapril.org-mobilizon
24
0
Fork 0
Code Issues Pull Requests Releases Activity

Some sobelow fixes 

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel 2021-01-22 19:11:13 +01:00
parent 21698f754d
commit 7b91367145
No known key found for this signature in database
GPG Key ID: A061B9DDE0CA0773
9 changed files with 17 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
.sobelow-conf
View File

@ -2,11 +2,11 @@
verbose: true, verbose: true,
private: false, private: false,
skip: true, skip: true,
router: "", router: "lib/web/router.ex",
exit: "false", exit: "low",
format: "txt", format: "txt",
out: "", out: "",
threshold: "low", threshold: "medium",
ignore: ["Config.Secrets", "XSS", "Config.HTTPS"], ignore: ["Config.HTTPS"],
ignore_files: [""] ignore_files: ["config/dev.1.secret.exs", "config/dev.2.secret.exs", "config/dev.3.secret.exs", "config/dev.secret.exs", "config/e2e.secret.exs", "config/prod.secret.exs", "config/test.secret.exs"]
] ]

2
.sobelow-skips Normal file
View File

@ -0,0 +1,2 @@
AACA51671C4B3C803ACBCA3FADE84CDE

3
lib/mobilizon.ex
View File

@ -76,10 +76,11 @@ defmodule Mobilizon do
:ok :ok
end end
# sobelow_skip ["DOS.StringToAtom"]
@spec cachex_spec(atom, integer, integer, integer, function | nil) :: Supervisor.child_spec() @spec cachex_spec(atom, integer, integer, integer, function | nil) :: Supervisor.child_spec()
defp cachex_spec(name, limit, default, interval, fallback \\ nil) do defp cachex_spec(name, limit, default, interval, fallback \\ nil) do
%{ %{
id: :"cache_#{name}", id: String.to_atom("cache_#{to_string(name)}"),
start: start:
{Cachex, :start_link, {Cachex, :start_link,
[ [

1
lib/mobilizon/discussions/discussions.ex
View File

@ -58,6 +58,7 @@ defmodule Mobilizon.Discussions do
@doc """ @doc """
Callback for Absinthe Ecto Dataloader Callback for Absinthe Ecto Dataloader
""" """
# sobelow_skip ["SQL.Query"]
@spec data :: Dataloader.Ecto.t() @spec data :: Dataloader.Ecto.t()
def data do def data do
Dataloader.Ecto.new(Repo, query: &query/2) Dataloader.Ecto.new(Repo, query: &query/2)

1
lib/mobilizon/resources/resources.ex
View File

@ -185,6 +185,7 @@ defmodule Mobilizon.Resources do
end) end)
end end
# sobelow_skip ["SQL.Query"]
@spec update_children(Multi.t(), Resource.t(), map()) :: Multi.t() @spec update_children(Multi.t(), Resource.t(), map()) :: Multi.t()
defp update_children( defp update_children(
%Multi{} = multi, %Multi{} = multi,

1
lib/web/auth/error_handler.ex
View File

@ -4,6 +4,7 @@ defmodule Mobilizon.Web.Auth.ErrorHandler do
""" """
import Plug.Conn import Plug.Conn
# sobelow_skip ["XSS.SendResp"]
def auth_error(conn, {type, _reason}, _opts) do def auth_error(conn, {type, _reason}, _opts) do
body = Jason.encode!(%{message: to_string(type)}) body = Jason.encode!(%{message: to_string(type)})
send_resp(conn, 401, body) send_resp(conn, 401, body)

2
lib/web/proxy/reverse_proxy.ex
View File

@ -145,6 +145,7 @@ defmodule Mobilizon.Web.ReverseProxy do
end end
end end
# sobelow_skip ["XSS.SendResp"]
def call(conn, _, _) do def call(conn, _, _) do
conn conn
|> send_resp(400, Conn.Status.reason_phrase(400)) |> send_resp(400, Conn.Status.reason_phrase(400))
@ -223,6 +224,7 @@ defmodule Mobilizon.Web.ReverseProxy do
|> send_resp(code, "") |> send_resp(code, "")
end end
# sobelow_skip ["XSS.SendResp"]
defp error_or_redirect(conn, url, code, body, opts) do defp error_or_redirect(conn, url, code, body, opts) do
if Keyword.get(opts, :redirect_on_failure, false) do if Keyword.get(opts, :redirect_on_failure, false) do
conn conn

4
lib/web/router.ex
View File

@ -163,8 +163,8 @@ defmodule Mobilizon.Web.Router do
get("/interact", PageController, :interact) get("/interact", PageController, :interact)
get("/auth/:provider", AuthController, :request) get("/auth/:provider", AuthController, :request)
# sobelow_skip ["Config.CSRFRoute"] # Have a look at https://github.com/ueberauth/ueberauth/issues/125 some day
# Possibly related to https://github.com/ueberauth/ueberauth/issues/125 # Also possible CSRF issue
get("/auth/:provider/callback", AuthController, :callback) get("/auth/:provider/callback", AuthController, :callback)
post("/auth/:provider/callback", AuthController, :callback) post("/auth/:provider/callback", AuthController, :callback)
end end

1
lib/web/views/utils.ex
View File

@ -5,6 +5,7 @@ defmodule Mobilizon.Web.Views.Utils do
alias Mobilizon.Service.Metadata.Utils, as: MetadataUtils alias Mobilizon.Service.Metadata.Utils, as: MetadataUtils
# sobelow_skip ["Traversal.FileModule"]
@spec inject_tags(Enum.t(), String.t()) :: {:safe, String.t()} @spec inject_tags(Enum.t(), String.t()) :: {:safe, String.t()}
def inject_tags(tags, locale \\ "en") do def inject_tags(tags, locale \\ "en") do
with {:ok, index_content} <- File.read(index_file_path()) do with {:ok, index_content} <- File.read(index_file_path()) do