Sobelow v0.7.2 Sobelow.Misc.BinToTerm
Insecure use of binary_to_term
If user input is passed to Erlang’s binary_to_term
function
it may result in memory exhaustion or code execution. Even with
the :safe
option, binary_to_term
will deserialize functions,
and shouldn’t be considered safe to use with untrusted input.
binary_to_term
checks can be ignored with the following command:
$ mix sobelow -i Misc.BinToTerm
Link to this section Summary
Link to this section Functions
Link to this function
details()
Link to this function
parse_def(fun)
Link to this function
run(fun, meta_file)