Sobelow v0.13.0

View Source Sobelow.DOS.BinToAtom (Sobelow v0.13.0)

Denial of Service via Unsafe Atom Interpolation

In Elixir, atoms are not garbage collected. As such, if user input is used to create atoms (as in :"foo#{bar}", or in :erlang.binary_to_atom), it may result in memory exhaustion. Prefer the String.to_existing_atom function for untrusted user input.

Atom interpolation checks can be ignored with the following command:

$ mix sobelow -i DOS.BinToAtom

Link to this section Summary

Functions

details()
id()
parse_def(fun)
rule()
run(fun, meta_file)

Link to this section Functions

Link to this function

details()

View Source
Link to this function

id()

View Source
Link to this function

parse_def(fun)

View Source
Link to this function

rule()

View Source
Link to this function

run(fun, meta_file)

View Source