Sobelow v0.10.6 Sobelow.SQL View Source

SQL Injection

SQL injection occurs when untrusted input is interpolated directly into a SQL query. In a typical Phoenix application, this would mean using the Ecto.Adapters.SQL.query method and not using the parameterization feature.

Read more about SQL injection here: https://www.owasp.org/index.php/SQL_Injection

SQL injection checks can be ignored with the following command:

$ mix sobelow -i SQL

Link to this section Summary

Link to this section Functions

Link to this function

get_vulns(fun, meta_file, web_root, skip_mods \\ []) View Source