Bylaw.Credo.Check.Phoenix.URIDecodeQuery (bylaw_credo v0.1.0-alpha.1)

Copy Markdown View Source

Basics

This check is disabled by default.

Learn how to enable it via .credo.exs.

This check has a base priority of higher and works with any version of Elixir.

Explanation

Use Plug.Conn.Query.decode/1 instead of URI.decode_query/1 for query strings handled by Phoenix or Plug.

Examples

Avoid:

  URI.decode_query("ids[]=1&ids[]=2")

Prefer:

  Plug.Conn.Query.decode("ids[]=1&ids[]=2")

Notes

URI.decode_query/1 does not decode Plug-style array and nested parameters the same way Phoenix controllers and LiveViews receive them. That can make hand-parsed query strings disagree with request params.

Plug.Conn.Query.decode/1 follows Plug's query parser semantics, so the decoded data matches the rest of the Phoenix request stack.

This check uses static AST analysis, so it favors clear source-level patterns over runtime behavior.

Options

This check has no check-specific options. Configure it with an empty option list.

Usage

Add this check to Credo's checks: list in .credo.exs:

%{
  configs: [
    %{
      name: "default",
      checks: [
        {Bylaw.Credo.Check.Phoenix.URIDecodeQuery, []}
      ]
    }
  ]
}

Check-Specific Parameters

There are no specific parameters for this check.

General Parameters

Like with all checks, general params can be applied.

Parameters can be configured via the .credo.exs config file.