Sobelow
- Top
- Summary
- Functions
Sobelow.CI
- Top
- Summary
- Functions
Sobelow.CI.OS
- Top
- Summary
- Functions
  - details/0
  - id/0
  - parse_def/1
  - rule/0
  - run/2
Sobelow.CI.System
- Top
- Summary
- Functions
  - details/0
  - id/0
  - parse_def/1
  - rule/0
  - run/2
Sobelow.Config
- Top
- Summary
- Functions
Sobelow.Config.CSP
- Top
- Summary
- Functions
  - check_vuln_pipeline/2
  - details/0
  - id/0
  - rule/0
  - run/1
Sobelow.Config.CSRF
- Top
- Summary
- Functions
  - details/0
  - id/0
  - rule/0
  - run/1
Sobelow.Config.CSRFRoute
- Top
- Summary
- Functions
  - combine_scopes/1
  - details/0
  - id/0
  - route_findings/2
  - rule/0
  - run/1
Sobelow.Config.CSWH
- Top
- Summary
- Functions
  - check_socket/1
  - details/0
  - id/0
  - rule/0
  - run/1
Sobelow.Config.HSTS
- Top
- Summary
- Functions
  - details/0
  - id/0
  - rule/0
  - run/2
Sobelow.Config.HTTPS
- Top
- Summary
- Functions
  - details/0
  - id/0
  - rule/0
  - run/2
Sobelow.Config.Headers
- Top
- Summary
- Functions
  - details/0
  - id/0
  - rule/0
  - run/1
Sobelow.Config.Secrets
- Top
- Summary
- Functions
  - details/0
  - id/0
  - is_env_var?/1
  - rule/0
  - run/2
Sobelow.DOS
- Top
- Summary
- Functions
Sobelow.DOS.BinToAtom
- Top
- Summary
- Functions
  - details/0
  - id/0
  - parse_def/1
  - rule/0
  - run/2
Sobelow.DOS.ListToAtom
- Top
- Summary
- Functions
  - details/0
  - id/0
  - parse_def/1
  - rule/0
  - run/2
Sobelow.DOS.StringToAtom
- Top
- Summary
- Functions
  - details/0
  - id/0
  - parse_def/1
  - rule/0
  - run/2
Sobelow.Finding
- Top
- Summary
- Functions
Sobelow.FindingLog
- Top
- Summary
- Functions
  - add/2
  - child_spec/1
  - format_json/1
  - init/1
  - json/1
  - log/0
  - quiet/0
  - sarif/1
  - sarif_results/0
  - start_link/0
Sobelow.FindingType
- Top
Sobelow.IO
- Top
- Summary
- Functions
  - error/1
  - info/1
  - yes?/1
Sobelow.MetaLog
- Top
- Summary
- Functions
Sobelow.Misc
- Top
- Summary
- Functions
Sobelow.Misc.BinToTerm
- Top
- Summary
- Functions
  - details/0
  - id/0
  - parse_def/1
  - rule/0
  - run/2
Sobelow.Misc.FilePath
- Top
Sobelow.RCE
- Top
- Summary
- Functions
Sobelow.RCE.CodeModule
- Top
- Summary
- Functions
  - details/0
  - id/0
  - parse_def/2
  - rule/0
  - run/2
Sobelow.RCE.EEx
- Top
- Summary
- Functions
  - details/0
  - id/0
  - parse_def/2
  - rule/0
  - run/2
Sobelow.SQL
- Top
- Summary
- Functions
Sobelow.SQL.Query
- Top
- Summary
- Functions
Sobelow.SQL.Stream
- Top
- Summary
- Functions
  - details/0
  - id/0
  - parse_sql_def/1
  - rule/0
  - run/2
Sobelow.Traversal
- Top
- Summary
- Functions
Sobelow.Traversal.FileModule
- Top
- Summary
- Functions
  - details/0
  - id/0
  - parse_def/2
  - parse_second_def/2
  - rule/0
  - run/2
Sobelow.Traversal.SendDownload
- Top
- Summary
- Functions
  - details/0
  - id/0
  - parse_def/1
  - rule/0
  - run/2
Sobelow.Traversal.SendFile
- Top
- Summary
- Functions
  - details/0
  - id/0
  - rule/0
  - run/2
Sobelow.Vuln
- Top
- Summary
- Functions
Sobelow.Vuln.Coherence
- Top
- Summary
- Functions
  - details/0
  - id/0
  - rule/0
  - run/1
Sobelow.Vuln.CookieRCE
- Top
- Summary
- Functions
  - details/0
  - id/0
  - rule/0
  - run/1
Sobelow.Vuln.Ecto
- Top
- Summary
- Functions
  - details/0
  - id/0
  - rule/0
  - run/1
Sobelow.Vuln.HeaderInject
- Top
- Summary
- Functions
  - details/0
  - id/0
  - rule/0
  - run/1
Sobelow.Vuln.PlugNull
- Top
- Summary
- Functions
  - details/0
  - id/0
  - rule/0
  - run/1
Sobelow.Vuln.Redirect
- Top
- Summary
- Functions
  - details/0
  - id/0
  - rule/0
  - run/1
Sobelow.XSS
- Top
- Summary
- Functions
Sobelow.XSS.ContentType
- Top
- Summary
- Functions
  - details/0
  - id/0
  - parse_def/1
  - rule/0
  - run/2
Sobelow.XSS.HTML
- Top
- Summary
- Functions
  - details/0
  - id/0
  - parse_def/1
  - rule/0
  - run/2
Sobelow.XSS.Raw
- Top
- Summary
- Functions
Sobelow.XSS.SendResp
- Top
- Summary
- Functions
  - details/0
  - id/0
  - parse_def/1
  - rule/0
  - run/2

Sobelow v0.11.0 Sobelow.Config.Headers View Source

Missing Secure HTTP Headers

By default, Phoenix HTTP responses contain a number of secure HTTP headers that attempt to mitigate XSS, click-jacking, and content-sniffing attacks.

Missing Secure HTTP Headers is flagged by sobelow when a pipeline accepts "html" requests, but does not implement the :put_secure_browser_headers plug.

Secure Headers checks can be ignored with the following command:

$ mix sobelow -i Config.Headers

Sobelow v0.11.0 Sobelow.Config.Headers View Source

Missing Secure HTTP Headers

Link to this section Summary

Functions

Link to this section Functions

details() View Source

id() View Source

rule() View Source

run(router) View Source