Sobelow v0.13.0

View Source Sobelow.RCE.CodeModule (Sobelow v0.13.0)

Code Execution in eval function

Arbitrary strings passed to the Code.eval_* functions can be executed as malicious code.

Ensure the the code passed to the function is not user-controlled or remove the function call completely.

Read more about Elixir RCE here: https://erlef.github.io/security-wg/secure_coding_and_deployment_hardening/sandboxing

Code Execution checks can be ignored with the following command:

$ mix sobelow -i RCE.CodeModule

Link to this section Summary

Functions

details()
id()
parse_def(fun, code_fun)
rule()
run(fun, meta_file)

Link to this section Functions

Link to this function

details()

View Source
Link to this function

id()

View Source
Link to this function

parse_def(fun, code_fun)

View Source
Link to this function

rule()

View Source
Link to this function

run(fun, meta_file)

View Source