Jump.
View Source
Basics
This check is disabled by default.
Learn how to enable it via .credo.exs.
This check has a base priority of high and works with any version of Elixir.
Explanation
Some functions may be hazardous if used directly. Use this check to forbid specific functions while allowing the module itself.
For example, :erlang.binary_to_term/1 is vulnerable to arbitrary code
execution exploits when deserializing untrusted data. Use
Plug.Crypto.non_executable_binary_to_term/2 instead, which disallows
anonymous functions in the deserialized term.
Check-Specific Parameters
Use the following parameters to configure this check:
:functions
List of {module, function, message} tuples specifying forbidden functions.
Example:
functions: [
{:erlang, :binary_to_term, "Use Plug.Crypto.non_executable_binary_to_term/2 instead."}
]This parameter defaults to [].
General Parameters
Like with all checks, general params can be applied.
Parameters can be configured via the .credo.exs config file.