mirror of
https://framagit.org/framasoft/mobilizon.git
synced 2024-12-22 07:52:43 +00:00
Some sobelow fixes
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
21698f754d
commit
7b91367145
9 changed files with 17 additions and 8 deletions
|
@ -2,11 +2,11 @@
|
|||
verbose: true,
|
||||
private: false,
|
||||
skip: true,
|
||||
router: "",
|
||||
exit: "false",
|
||||
router: "lib/web/router.ex",
|
||||
exit: "low",
|
||||
format: "txt",
|
||||
out: "",
|
||||
threshold: "low",
|
||||
ignore: ["Config.Secrets", "XSS", "Config.HTTPS"],
|
||||
ignore_files: [""]
|
||||
threshold: "medium",
|
||||
ignore: ["Config.HTTPS"],
|
||||
ignore_files: ["config/dev.1.secret.exs", "config/dev.2.secret.exs", "config/dev.3.secret.exs", "config/dev.secret.exs", "config/e2e.secret.exs", "config/prod.secret.exs", "config/test.secret.exs"]
|
||||
]
|
||||
|
|
2
.sobelow-skips
Normal file
2
.sobelow-skips
Normal file
|
@ -0,0 +1,2 @@
|
|||
|
||||
AACA51671C4B3C803ACBCA3FADE84CDE
|
|
@ -76,10 +76,11 @@ defmodule Mobilizon do
|
|||
:ok
|
||||
end
|
||||
|
||||
# sobelow_skip ["DOS.StringToAtom"]
|
||||
@spec cachex_spec(atom, integer, integer, integer, function | nil) :: Supervisor.child_spec()
|
||||
defp cachex_spec(name, limit, default, interval, fallback \\ nil) do
|
||||
%{
|
||||
id: :"cache_#{name}",
|
||||
id: String.to_atom("cache_#{to_string(name)}"),
|
||||
start:
|
||||
{Cachex, :start_link,
|
||||
[
|
||||
|
|
|
@ -58,6 +58,7 @@ defmodule Mobilizon.Discussions do
|
|||
@doc """
|
||||
Callback for Absinthe Ecto Dataloader
|
||||
"""
|
||||
# sobelow_skip ["SQL.Query"]
|
||||
@spec data :: Dataloader.Ecto.t()
|
||||
def data do
|
||||
Dataloader.Ecto.new(Repo, query: &query/2)
|
||||
|
|
|
@ -185,6 +185,7 @@ defmodule Mobilizon.Resources do
|
|||
end)
|
||||
end
|
||||
|
||||
# sobelow_skip ["SQL.Query"]
|
||||
@spec update_children(Multi.t(), Resource.t(), map()) :: Multi.t()
|
||||
defp update_children(
|
||||
%Multi{} = multi,
|
||||
|
|
|
@ -4,6 +4,7 @@ defmodule Mobilizon.Web.Auth.ErrorHandler do
|
|||
"""
|
||||
import Plug.Conn
|
||||
|
||||
# sobelow_skip ["XSS.SendResp"]
|
||||
def auth_error(conn, {type, _reason}, _opts) do
|
||||
body = Jason.encode!(%{message: to_string(type)})
|
||||
send_resp(conn, 401, body)
|
||||
|
|
|
@ -145,6 +145,7 @@ defmodule Mobilizon.Web.ReverseProxy do
|
|||
end
|
||||
end
|
||||
|
||||
# sobelow_skip ["XSS.SendResp"]
|
||||
def call(conn, _, _) do
|
||||
conn
|
||||
|> send_resp(400, Conn.Status.reason_phrase(400))
|
||||
|
@ -223,6 +224,7 @@ defmodule Mobilizon.Web.ReverseProxy do
|
|||
|> send_resp(code, "")
|
||||
end
|
||||
|
||||
# sobelow_skip ["XSS.SendResp"]
|
||||
defp error_or_redirect(conn, url, code, body, opts) do
|
||||
if Keyword.get(opts, :redirect_on_failure, false) do
|
||||
conn
|
||||
|
|
|
@ -163,8 +163,8 @@ defmodule Mobilizon.Web.Router do
|
|||
get("/interact", PageController, :interact)
|
||||
|
||||
get("/auth/:provider", AuthController, :request)
|
||||
# sobelow_skip ["Config.CSRFRoute"]
|
||||
# Possibly related to https://github.com/ueberauth/ueberauth/issues/125
|
||||
# Have a look at https://github.com/ueberauth/ueberauth/issues/125 some day
|
||||
# Also possible CSRF issue
|
||||
get("/auth/:provider/callback", AuthController, :callback)
|
||||
post("/auth/:provider/callback", AuthController, :callback)
|
||||
end
|
||||
|
|
|
@ -5,6 +5,7 @@ defmodule Mobilizon.Web.Views.Utils do
|
|||
|
||||
alias Mobilizon.Service.Metadata.Utils, as: MetadataUtils
|
||||
|
||||
# sobelow_skip ["Traversal.FileModule"]
|
||||
@spec inject_tags(Enum.t(), String.t()) :: {:safe, String.t()}
|
||||
def inject_tags(tags, locale \\ "en") do
|
||||
with {:ok, index_content} <- File.read(index_file_path()) do
|
||||
|
|
Loading…
Reference in a new issue