diff --git a/lib/sobelow.ex b/lib/sobelow.ex index 7df0516..4d86d0a 100644 --- a/lib/sobelow.ex +++ b/lib/sobelow.ex @@ -324,7 +324,7 @@ defmodule Sobelow do phoenix_files = Enum.reduce(meta_files, %{routers: [], endpoints: []}, fn meta_file, acc -> cond do - meta_file.is_router? -> + meta_file.router? -> Map.update!(acc, :routers, &[meta_file.file_path | &1]) meta_file.endpoint? -> @@ -368,7 +368,7 @@ defmodule Sobelow do filename: filename, raw: raw, ast: [ast], - is_controller?: false + controller?: false } } end @@ -391,8 +391,8 @@ defmodule Sobelow do filename: Utils.normalize_path(filename), file_path: Path.expand(filename), def_funs: def_funs, - is_controller?: Utils.is_controller?(use_funs), - is_router?: Utils.is_router?(use_funs), + controller?: Utils.controller?(use_funs), + router?: Utils.router?(use_funs), is_endpoint?: Utils.endpoint?(use_funs) } end diff --git a/lib/sobelow/ci/os.ex b/lib/sobelow/ci/os.ex index a6fc7c3..c06b42c 100644 --- a/lib/sobelow/ci/os.ex +++ b/lib/sobelow/ci/os.ex @@ -17,7 +17,7 @@ defmodule Sobelow.CI.OS do use Sobelow.Finding def run(fun, meta_file) do - confidence = if !meta_file.is_controller?, do: :low + confidence = if !meta_file.controller?, do: :low Finding.init(@finding_type, meta_file.filename, confidence) |> Finding.multi_from_def(fun, parse_def(fun)) diff --git a/lib/sobelow/ci/system.ex b/lib/sobelow/ci/system.ex index 1499cc1..be029eb 100644 --- a/lib/sobelow/ci/system.ex +++ b/lib/sobelow/ci/system.ex @@ -17,7 +17,7 @@ defmodule Sobelow.CI.System do use Sobelow.Finding def run(fun, meta_file) do - confidence = if !meta_file.is_controller?, do: :low + confidence = if !meta_file.controller?, do: :low Finding.init(@finding_type, meta_file.filename, confidence) |> Finding.multi_from_def(fun, parse_def(fun)) diff --git a/lib/sobelow/config/csp.ex b/lib/sobelow/config/csp.ex index 1acffcd..2253e5f 100644 --- a/lib/sobelow/config/csp.ex +++ b/lib/sobelow/config/csp.ex @@ -46,15 +46,15 @@ defmodule Sobelow.Config.CSP do def check_vuln_pipeline({:pipeline, _, [_name, [do: block]]} = pipeline, meta_file) do {vuln?, conf, plug} = Config.get_plug_list(block) - |> Enum.find(&is_header_plug?/1) + |> Enum.find(&header_plug?/1) |> missing_csp_status(meta_file) {vuln?, conf, plug, pipeline} end - defp is_header_plug?({:plug, _, [:put_secure_browser_headers]}), do: true - defp is_header_plug?({:plug, _, [:put_secure_browser_headers, _]}), do: true - defp is_header_plug?(_), do: false + defp header_plug?({:plug, _, [:put_secure_browser_headers]}), do: true + defp header_plug?({:plug, _, [:put_secure_browser_headers, _]}), do: true + defp header_plug?(_), do: false defp missing_csp_status({_, _, [:put_secure_browser_headers]} = plug, _), do: {true, :high, plug} diff --git a/lib/sobelow/config/secrets.ex b/lib/sobelow/config/secrets.ex index aaa06f4..df52515 100644 --- a/lib/sobelow/config/secrets.ex +++ b/lib/sobelow/config/secrets.ex @@ -40,7 +40,7 @@ defmodule Sobelow.Config.Secrets do defp enumerate_secrets(secrets, file) do Enum.each(secrets, fn {fun, key, val} -> - if is_binary(val) && String.length(val) > 0 && !is_env_var?(val) do + if is_binary(val) && String.length(val) > 0 && !env_var?(val) do add_finding(file, Parse.get_fun_line(fun), fun, key, val) end end) @@ -49,18 +49,18 @@ defmodule Sobelow.Config.Secrets do defp enumerate_fuzzy_secrets(secrets, file) do Enum.each(secrets, fn {fun, vals} -> Enum.each(vals, fn {k, v} -> - if is_binary(v) && String.length(v) > 0 && !is_env_var?(v) do + if is_binary(v) && String.length(v) > 0 && !env_var?(v) do add_finding(file, Parse.get_fun_line(fun), fun, k, v) end end) end) end - def is_env_var?("${" <> rest) do + def env_var?("${" <> rest) do String.ends_with?(rest, "}") end - def is_env_var?(_), do: false + def env_var?(_), do: false defp add_finding(file, line_no, fun, key, val) do {vuln_line_no, vuln_line_col} = get_vuln_line(file, line_no, val) diff --git a/lib/sobelow/dos/binary_to_atom.ex b/lib/sobelow/dos/binary_to_atom.ex index 1489a68..6010602 100644 --- a/lib/sobelow/dos/binary_to_atom.ex +++ b/lib/sobelow/dos/binary_to_atom.ex @@ -17,7 +17,7 @@ defmodule Sobelow.DOS.BinToAtom do use Sobelow.Finding def run(fun, meta_file) do - confidence = if !meta_file.is_controller?, do: :low + confidence = if !meta_file.controller?, do: :low Finding.init(@finding_type, meta_file.filename, confidence) |> Finding.multi_from_def(fun, parse_def(fun)) diff --git a/lib/sobelow/dos/list_to_atom.ex b/lib/sobelow/dos/list_to_atom.ex index 8181443..6957195 100644 --- a/lib/sobelow/dos/list_to_atom.ex +++ b/lib/sobelow/dos/list_to_atom.ex @@ -17,7 +17,7 @@ defmodule Sobelow.DOS.ListToAtom do use Sobelow.Finding def run(fun, meta_file) do - confidence = if !meta_file.is_controller?, do: :low + confidence = if !meta_file.controller?, do: :low Finding.init(@finding_type, meta_file.filename, confidence) |> Finding.multi_from_def(fun, parse_def(fun)) diff --git a/lib/sobelow/dos/string_to_atom.ex b/lib/sobelow/dos/string_to_atom.ex index 263e179..e288794 100644 --- a/lib/sobelow/dos/string_to_atom.ex +++ b/lib/sobelow/dos/string_to_atom.ex @@ -17,7 +17,7 @@ defmodule Sobelow.DOS.StringToAtom do use Sobelow.Finding def run(fun, meta_file) do - confidence = if !meta_file.is_controller?, do: :low + confidence = if !meta_file.controller?, do: :low Finding.init(@finding_type, meta_file.filename, confidence) |> Finding.multi_from_def(fun, parse_def(fun)) diff --git a/lib/sobelow/parse.ex b/lib/sobelow/parse.ex index 7c031d1..27d1d26 100644 --- a/lib/sobelow/parse.ex +++ b/lib/sobelow/parse.ex @@ -681,7 +681,7 @@ defmodule Sobelow.Parse do reflected_vars = Enum.filter(vars, fn var -> - (is_reflected_var?(var) && is_in_params?(var, params)) || is_conn_params?(var) + (reflected_var?(var) && in_params?(var, params)) || conn_params?(var) end) var_keys = @@ -705,16 +705,16 @@ defmodule Sobelow.Parse do end end - defp is_reflected_var?({_, {_, _, nil}}), do: true - defp is_reflected_var?(_), do: false + defp reflected_var?({_, {_, _, nil}}), do: true + defp reflected_var?(_), do: false - defp is_in_params?({_, {var, _, _}}, params) do + defp in_params?({_, {var, _, _}}, params) do Enum.member?(params, var) end - def is_conn_params?({_, {{:., _, [Access, :get]}, _, access_opts}}), - do: is_conn_params?(access_opts) + def conn_params?({_, {{:., _, [Access, :get]}, _, access_opts}}), + do: conn_params?(access_opts) - def is_conn_params?([{{:., _, [{:conn, _, nil}, :params]}, _, []}, _]), do: true - def is_conn_params?(_), do: false + def conn_params?([{{:., _, [{:conn, _, nil}, :params]}, _, []}, _]), do: true + def conn_params?(_), do: false end diff --git a/lib/sobelow/rce/code_module.ex b/lib/sobelow/rce/code_module.ex index f2c28bc..e497c68 100644 --- a/lib/sobelow/rce/code_module.ex +++ b/lib/sobelow/rce/code_module.ex @@ -22,7 +22,7 @@ defmodule Sobelow.RCE.CodeModule do @code_funs [:eval_string, :eval_file, :eval_quoted] def run(fun, meta_file) do - confidence = if !meta_file.is_controller?, do: :low + confidence = if !meta_file.controller?, do: :low Enum.each(@code_funs, fn code_fun -> "RCE.CodeModule: Code Execution in `Code.#{code_fun}`" diff --git a/lib/sobelow/rce/eex.ex b/lib/sobelow/rce/eex.ex index d049001..f902b88 100644 --- a/lib/sobelow/rce/eex.ex +++ b/lib/sobelow/rce/eex.ex @@ -17,7 +17,7 @@ defmodule Sobelow.RCE.EEx do @eex_funs [:eval_string, :eval_file] def run(fun, meta_file) do - confidence = if !meta_file.is_controller?, do: :low + confidence = if !meta_file.controller?, do: :low Enum.each(@eex_funs, fn eex_fun -> "RCE.EEx: Code Execution in `EEx.#{eex_fun}`" diff --git a/lib/sobelow/sql/query.ex b/lib/sobelow/sql/query.ex index 3cc575a..249d927 100644 --- a/lib/sobelow/sql/query.ex +++ b/lib/sobelow/sql/query.ex @@ -19,7 +19,7 @@ defmodule Sobelow.SQL.Query do use Sobelow.Finding def run(fun, meta_file) do - confidence = if !meta_file.is_controller?, do: :low + confidence = if !meta_file.controller?, do: :low Enum.each(@query_funcs, fn query_func -> Finding.init(@finding_type, meta_file.filename, confidence) diff --git a/lib/sobelow/sql/stream.ex b/lib/sobelow/sql/stream.ex index 302f245..ae8770b 100644 --- a/lib/sobelow/sql/stream.ex +++ b/lib/sobelow/sql/stream.ex @@ -17,7 +17,7 @@ defmodule Sobelow.SQL.Stream do use Sobelow.Finding def run(fun, meta_file) do - confidence = if !meta_file.is_controller?, do: :low + confidence = if !meta_file.controller?, do: :low Finding.init(@finding_type, meta_file.filename, confidence) |> Finding.multi_from_def(fun, parse_sql_def(fun)) diff --git a/lib/sobelow/traversal/file_module.ex b/lib/sobelow/traversal/file_module.ex index a179954..4f847fc 100644 --- a/lib/sobelow/traversal/file_module.ex +++ b/lib/sobelow/traversal/file_module.ex @@ -40,7 +40,7 @@ defmodule Sobelow.Traversal.FileModule do @double_file_funcs [:cp, :copy, :cp!, :copy!, :cp_r, :cp_r!, :ln, :ln!, :ln_s, :ln_s!] def run(fun, meta_file) do - confidence = if !meta_file.is_controller?, do: :low + confidence = if !meta_file.controller?, do: :low Enum.each(@file_funcs ++ @double_file_funcs, fn file_func -> "Traversal.FileModule: Directory Traversal in `File.#{file_func}`" diff --git a/lib/sobelow/traversal/send_download.ex b/lib/sobelow/traversal/send_download.ex index 6b2c229..b8c7359 100644 --- a/lib/sobelow/traversal/send_download.ex +++ b/lib/sobelow/traversal/send_download.ex @@ -17,7 +17,7 @@ defmodule Sobelow.Traversal.SendDownload do use Sobelow.Finding def run(fun, meta_file) do - confidence = if !meta_file.is_controller?, do: :low + confidence = if !meta_file.controller?, do: :low Finding.init(@finding_type, meta_file.filename, confidence) |> Finding.multi_from_def(fun, parse_def(fun)) diff --git a/lib/sobelow/traversal/send_file.ex b/lib/sobelow/traversal/send_file.ex index 0008b06..8d56d97 100644 --- a/lib/sobelow/traversal/send_file.ex +++ b/lib/sobelow/traversal/send_file.ex @@ -17,7 +17,7 @@ defmodule Sobelow.Traversal.SendFile do use Sobelow.Finding def run(fun, meta_file) do - confidence = if !meta_file.is_controller?, do: :low + confidence = if !meta_file.controller?, do: :low Finding.init(@finding_type, meta_file.filename, confidence) |> Finding.multi_from_def(fun, parse_def(fun)) diff --git a/lib/sobelow/utils.ex b/lib/sobelow/utils.ex index 6ea6523..59f5877 100644 --- a/lib/sobelow/utils.ex +++ b/lib/sobelow/utils.ex @@ -3,11 +3,11 @@ defmodule Sobelow.Utils do alias Sobelow.Parse - def is_controller?(uses) do + def controller?(uses) do has_use_type?(uses, :controller) end - def is_router?(uses) do + def router?(uses) do has_use_type?(uses, :router) end diff --git a/lib/sobelow/xss.ex b/lib/sobelow/xss.ex index 47fe168..5ec2fae 100644 --- a/lib/sobelow/xss.ex +++ b/lib/sobelow/xss.ex @@ -30,7 +30,7 @@ defmodule Sobelow.XSS do def get_vulns(fun, meta_file, web_root, skip_mods \\ []) do controller = - if meta_file.is_controller? do + if meta_file.controller? do String.replace_suffix(meta_file.filename, "_controller.ex", "") |> Path.basename() end diff --git a/lib/sobelow/xss/content_type.ex b/lib/sobelow/xss/content_type.ex index 6c66383..6f8381d 100644 --- a/lib/sobelow/xss/content_type.ex +++ b/lib/sobelow/xss/content_type.ex @@ -27,7 +27,7 @@ defmodule Sobelow.XSS.ContentType do use Sobelow.Finding def run(fun, meta_file) do - confidence = if !meta_file.is_controller?, do: :low + confidence = if !meta_file.controller?, do: :low Finding.init(@finding_type, meta_file.filename, confidence) |> Finding.multi_from_def(fun, parse_def(fun)) diff --git a/lib/sobelow/xss/html.ex b/lib/sobelow/xss/html.ex index 8b38638..24725ac 100644 --- a/lib/sobelow/xss/html.ex +++ b/lib/sobelow/xss/html.ex @@ -15,7 +15,7 @@ defmodule Sobelow.XSS.HTML do use Sobelow.Finding def run(fun, meta_file) do - confidence = if !meta_file.is_controller?, do: :low + confidence = if !meta_file.controller?, do: :low Finding.init(@finding_type, meta_file.filename, confidence) |> Finding.multi_from_def(fun, parse_def(fun)) diff --git a/lib/sobelow/xss/raw.ex b/lib/sobelow/xss/raw.ex index 151d115..71d2962 100644 --- a/lib/sobelow/xss/raw.ex +++ b/lib/sobelow/xss/raw.ex @@ -15,7 +15,7 @@ defmodule Sobelow.XSS.Raw do use Sobelow.Finding def run(fun, meta_file, _, nil) do - confidence = if !meta_file.is_controller?, do: :low + confidence = if !meta_file.controller?, do: :low Finding.init(@finding_type, meta_file.filename, confidence) |> Finding.multi_from_def(fun, parse_raw_def(fun)) diff --git a/test/format_test.exs b/test/format_test.exs index e24be3c..037fecd 100644 --- a/test/format_test.exs +++ b/test/format_test.exs @@ -2,7 +2,7 @@ defmodule SobelowTest.FormatTest do use ExUnit.Case alias Sobelow.RCE.CodeModule - @metafile %{filename: "test.ex", is_controller?: true} + @metafile %{filename: "test.ex", controller?: true} setup do Application.put_env(:sobelow, :format, "json") diff --git a/test/parser_test.exs b/test/parser_test.exs index 3a7a7f2..0a41551 100644 --- a/test/parser_test.exs +++ b/test/parser_test.exs @@ -3,7 +3,7 @@ defmodule SobelowTest.ParserTest do import ExUnit.CaptureIO alias Sobelow.RCE.CodeModule - @metafile %{filename: "test.ex", is_controller?: true} + @metafile %{filename: "test.ex", controller?: true} setup do Application.put_env(:sobelow, :format, "txt") diff --git a/test/print_test.exs b/test/print_test.exs index e8f1ee0..a1f7fbe 100644 --- a/test/print_test.exs +++ b/test/print_test.exs @@ -3,7 +3,7 @@ defmodule SobelowTest.PrintTest do import ExUnit.CaptureIO alias Sobelow.RCE.CodeModule - @metafile %{filename: "test.ex", is_controller?: true} + @metafile %{filename: "test.ex", controller?: true} setup do Application.put_env(:sobelow, :format, "txt") diff --git a/test/sarif_test.exs b/test/sarif_test.exs index 423de1e..8b5bbc3 100644 --- a/test/sarif_test.exs +++ b/test/sarif_test.exs @@ -3,7 +3,7 @@ defmodule SobelowTest.SarifTest do alias Sobelow.RCE.CodeModule - @metafile %{filename: "test.ex", is_controller?: true} + @metafile %{filename: "test.ex", controller?: true} setup do Application.put_env(:sobelow, :format, "sarif")