Sobelow: Static analysis for the Phoenix Framework
Sobelow is the ﬁrst security‐focused static analysis tool for the Phoenix framework. For security researchers, it is a useful tool for getting a quick view of points‐of‐interest. For project maintainers, it can be used to prevent the introduction of a number of common vulnerabilities.
Currently Sobelow detects some types of the following security issues:
- Insecure Conﬁguration
- Known‐Vulnerable Dependencies Cross‐Site Scripting
- SQL Injection
- Command Injection
- Denial of Service
- Directory Traversal
- Unsafe Serialization
Potential vulnerabilities are ﬂagged in diﬀerent colors according to conﬁdence in their insecurity. High conﬁdence is red, medium conﬁdence is yellow, and low conﬁdence is green.
For more information on Sobelow, read the blog post from Griffin Byatt.