forked from potsda.mn/mobilizon
Some sobelow fixes
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
21698f754d
commit
7b91367145
|
@ -2,11 +2,11 @@
|
||||||
verbose: true,
|
verbose: true,
|
||||||
private: false,
|
private: false,
|
||||||
skip: true,
|
skip: true,
|
||||||
router: "",
|
router: "lib/web/router.ex",
|
||||||
exit: "false",
|
exit: "low",
|
||||||
format: "txt",
|
format: "txt",
|
||||||
out: "",
|
out: "",
|
||||||
threshold: "low",
|
threshold: "medium",
|
||||||
ignore: ["Config.Secrets", "XSS", "Config.HTTPS"],
|
ignore: ["Config.HTTPS"],
|
||||||
ignore_files: [""]
|
ignore_files: ["config/dev.1.secret.exs", "config/dev.2.secret.exs", "config/dev.3.secret.exs", "config/dev.secret.exs", "config/e2e.secret.exs", "config/prod.secret.exs", "config/test.secret.exs"]
|
||||||
]
|
]
|
||||||
|
|
2
.sobelow-skips
Normal file
2
.sobelow-skips
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
|
||||||
|
AACA51671C4B3C803ACBCA3FADE84CDE
|
|
@ -76,10 +76,11 @@ defmodule Mobilizon do
|
||||||
:ok
|
:ok
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# sobelow_skip ["DOS.StringToAtom"]
|
||||||
@spec cachex_spec(atom, integer, integer, integer, function | nil) :: Supervisor.child_spec()
|
@spec cachex_spec(atom, integer, integer, integer, function | nil) :: Supervisor.child_spec()
|
||||||
defp cachex_spec(name, limit, default, interval, fallback \\ nil) do
|
defp cachex_spec(name, limit, default, interval, fallback \\ nil) do
|
||||||
%{
|
%{
|
||||||
id: :"cache_#{name}",
|
id: String.to_atom("cache_#{to_string(name)}"),
|
||||||
start:
|
start:
|
||||||
{Cachex, :start_link,
|
{Cachex, :start_link,
|
||||||
[
|
[
|
||||||
|
|
|
@ -58,6 +58,7 @@ defmodule Mobilizon.Discussions do
|
||||||
@doc """
|
@doc """
|
||||||
Callback for Absinthe Ecto Dataloader
|
Callback for Absinthe Ecto Dataloader
|
||||||
"""
|
"""
|
||||||
|
# sobelow_skip ["SQL.Query"]
|
||||||
@spec data :: Dataloader.Ecto.t()
|
@spec data :: Dataloader.Ecto.t()
|
||||||
def data do
|
def data do
|
||||||
Dataloader.Ecto.new(Repo, query: &query/2)
|
Dataloader.Ecto.new(Repo, query: &query/2)
|
||||||
|
|
|
@ -185,6 +185,7 @@ defmodule Mobilizon.Resources do
|
||||||
end)
|
end)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# sobelow_skip ["SQL.Query"]
|
||||||
@spec update_children(Multi.t(), Resource.t(), map()) :: Multi.t()
|
@spec update_children(Multi.t(), Resource.t(), map()) :: Multi.t()
|
||||||
defp update_children(
|
defp update_children(
|
||||||
%Multi{} = multi,
|
%Multi{} = multi,
|
||||||
|
|
|
@ -4,6 +4,7 @@ defmodule Mobilizon.Web.Auth.ErrorHandler do
|
||||||
"""
|
"""
|
||||||
import Plug.Conn
|
import Plug.Conn
|
||||||
|
|
||||||
|
# sobelow_skip ["XSS.SendResp"]
|
||||||
def auth_error(conn, {type, _reason}, _opts) do
|
def auth_error(conn, {type, _reason}, _opts) do
|
||||||
body = Jason.encode!(%{message: to_string(type)})
|
body = Jason.encode!(%{message: to_string(type)})
|
||||||
send_resp(conn, 401, body)
|
send_resp(conn, 401, body)
|
||||||
|
|
|
@ -145,6 +145,7 @@ defmodule Mobilizon.Web.ReverseProxy do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# sobelow_skip ["XSS.SendResp"]
|
||||||
def call(conn, _, _) do
|
def call(conn, _, _) do
|
||||||
conn
|
conn
|
||||||
|> send_resp(400, Conn.Status.reason_phrase(400))
|
|> send_resp(400, Conn.Status.reason_phrase(400))
|
||||||
|
@ -223,6 +224,7 @@ defmodule Mobilizon.Web.ReverseProxy do
|
||||||
|> send_resp(code, "")
|
|> send_resp(code, "")
|
||||||
end
|
end
|
||||||
|
|
||||||
|
# sobelow_skip ["XSS.SendResp"]
|
||||||
defp error_or_redirect(conn, url, code, body, opts) do
|
defp error_or_redirect(conn, url, code, body, opts) do
|
||||||
if Keyword.get(opts, :redirect_on_failure, false) do
|
if Keyword.get(opts, :redirect_on_failure, false) do
|
||||||
conn
|
conn
|
||||||
|
|
|
@ -163,8 +163,8 @@ defmodule Mobilizon.Web.Router do
|
||||||
get("/interact", PageController, :interact)
|
get("/interact", PageController, :interact)
|
||||||
|
|
||||||
get("/auth/:provider", AuthController, :request)
|
get("/auth/:provider", AuthController, :request)
|
||||||
# sobelow_skip ["Config.CSRFRoute"]
|
# Have a look at https://github.com/ueberauth/ueberauth/issues/125 some day
|
||||||
# Possibly related to https://github.com/ueberauth/ueberauth/issues/125
|
# Also possible CSRF issue
|
||||||
get("/auth/:provider/callback", AuthController, :callback)
|
get("/auth/:provider/callback", AuthController, :callback)
|
||||||
post("/auth/:provider/callback", AuthController, :callback)
|
post("/auth/:provider/callback", AuthController, :callback)
|
||||||
end
|
end
|
||||||
|
|
|
@ -5,6 +5,7 @@ defmodule Mobilizon.Web.Views.Utils do
|
||||||
|
|
||||||
alias Mobilizon.Service.Metadata.Utils, as: MetadataUtils
|
alias Mobilizon.Service.Metadata.Utils, as: MetadataUtils
|
||||||
|
|
||||||
|
# sobelow_skip ["Traversal.FileModule"]
|
||||||
@spec inject_tags(Enum.t(), String.t()) :: {:safe, String.t()}
|
@spec inject_tags(Enum.t(), String.t()) :: {:safe, String.t()}
|
||||||
def inject_tags(tags, locale \\ "en") do
|
def inject_tags(tags, locale \\ "en") do
|
||||||
with {:ok, index_content} <- File.read(index_file_path()) do
|
with {:ok, index_content} <- File.read(index_file_path()) do
|
||||||
|
|
Loading…
Reference in a new issue