OeditusCredo.Check.Security.ImproperInputValidation (OeditusCredo v0.5.0)

View Source

Basics

This check is disabled by default.

Learn how to enable it via .credo.exs.

This check has a base priority of high and works with any version of Elixir.

Explanation

Detects potential improper input validation patterns (CWE-20).

Controller actions should validate/sanitize user input before using it in sensitive operations.

Bad:

def create(conn, %{"name" => name}) do
  Repo.insert!(%User{name: name})
end

Good:

changeset =
  User.changeset(%User{}, params)
  |> validate_required([:name])

Check-Specific Parameters

Use the following parameters to configure this check:

:exclude_test_files

Set to true to skip test files (default: false)

This parameter defaults to nil.

General Parameters

Like with all checks, general params can be applied.

Parameters can be configured via the .credo.exs config file.