Sobelow

v0.2.4

Sobelow v0.2.4 Mix.Tasks.Sobelow

Sobelow is a static analysis tool for discovering vulnerabilities in Phoenix applications.

This tool should be run in the root of the project directory with the following command:

mix sobelow

Command line options

  • --root -r - Specify application root directory
  • --with-code -v - Print vulnerable code snippets
  • --ignore -i - Ignore modules
  • --details -d - Get module details
  • --all-details - Get all module details
  • --private - Skip update checks

Ignoring modules

If specific modules, or classes of modules are not relevant to the scan, it is possible to ignore them with a comma-separated list.

mix sobelow -i XSS.Raw,Traversal

Supported modules

  • XSS
  • XSS.Raw
  • XSS.SendResp
  • SQL
  • SQL.Inject
  • Config
  • Config.CSRF
  • Config.HTTPS
  • Config.Secrets
  • Traversal
  • Traversal.SendFile
  • Traversal.FileModule
  • Misc
  • Misc.BinToTerm
  • CI
  • CI.System
  • CI.OS

Summary

Functions

run(argv)

A task needs to implement run which receives a list of command line args

set_env(key, value)

Functions

run(argv)

A task needs to implement run which receives a list of command line args.

Callback implementation for Mix.Task.run/1.

set_env(key, value)