Sobelow v0.13.0

View Source Sobelow.RCE.EEx (Sobelow v0.13.0)

Insecure EEx evaluation

If user input is passed to EEx eval functions, it may result in arbitrary code execution. The root cause of these issues is often directory traversal.

EEx checks can be ignored with the following command:

$ mix sobelow -i RCE.EEx

Link to this section Summary

Functions

details()
id()
parse_def(fun, eex_fun)
rule()
run(fun, meta_file)

Link to this section Functions

Link to this function

details()

View Source
Link to this function

id()

View Source
Link to this function

parse_def(fun, eex_fun)

View Source
Link to this function

rule()

View Source
Link to this function

run(fun, meta_file)

View Source