Basics

This check has a base priority of high and works with any version of Elixir.

Explanation

Plug.Crypto.non_executable_binary_to_term/2 must be called with the :safe option when the input could be attacker-controlled.

Without :safe, the decoder interns every atom in the payload into the BEAM's fixed (~1M, never-GC'd) atom table. A crafted binary full of distinct atoms exhausts the table and crashes the node. :safe makes decoding an unknown atom raise instead of creating it.

Bad

Plug.Crypto.non_executable_binary_to_term(binary, []) Plug.Crypto.non_executable_binary_to_term(binary)

Good

Plug.Crypto.non_executable_binary_to_term(binary, [:safe])

Check-Specific Parameters

There are no specific parameters for this check.

General Parameters

Like with all checks, general params can be applied.

Parameters can be configured via the .credo.exs config file.