Configure Sobelow to scan for vulnerabilities

7 years ago · ee9177b88e
parent 63efe24b36
commit ee9177b88e
6 changed files with 24 additions and 2 deletions
--- a/.gitignore
+++ b/.gitignore
@ -28,3 +28,6 @@ npm-debug.log
 # Wallaby screenshots
 screenshots/
 # Sobelow
 .sobelow
--- a/.sobelow-conf
+++ b/.sobelow-conf
@ -0,0 +1,10 @@
 [
  verbose: false,
  private: true,
  skip: false,
  router: "",
  exit: "low",
  format: "compact",
  ignore: [""],
  ignore_files: [""]
 ]
--- a/circle.yml
+++ b/circle.yml
@ -42,7 +42,8 @@ dependencies:
 test:
  pre:
-    - mix credo --strict
+    - mix credo
    - mix sobelow --private --compact --exit Low
    - cd assets && npm run eslint -- --format=junit --output-file="$CIRCLE_TEST_REPORTS/eslint/junit.xml" && cd ..
  override:
    - mix test
--- a/lib/explorer_web/router.ex
+++ b/lib/explorer_web/router.ex
@ -6,7 +6,13 @@ defmodule ExplorerWeb.Router do
    plug :fetch_session
    plug :fetch_flash
    plug :protect_from_forgery
-    plug :put_secure_browser_headers
+    plug :put_secure_browser_headers, %{
      "content-security-policy" => "\
        default-src 'self';\
        script-src 'self' 'unsafe-inline' 'unsafe-eval';\
        style-src 'self' 'unsafe-inline' 'unsafe-eval'\
      "
    }
    plug SetLocale, gettext: ExplorerWeb.Gettext, default_locale: "en"
  end
--- a/mix.exs
+++ b/mix.exs
@ -54,6 +54,7 @@ defmodule Explorer.Mixfile do
      {:phoenix_pubsub_redis, "~> 2.1.0", only: [:prod]},
      {:postgrex, ">= 0.0.0"},
      {:set_locale, github: "minifast/set_locale", branch: "master"}, # Waiting on https://github.com/smeevil/set_locale/pull/9
      {:sobelow, ">= 0.0.0", only: [:dev, :test], runtime: false},
      {:timex, "~> 3.1.24"},
      {:timex_ecto, "~> 3.2.1"},
      {:wallaby, "~> 0.19.2", only: [:test], runtime: false},
--- a/mix.lock
+++ b/mix.lock
@ -34,6 +34,7 @@
  "redix": {:hex, :redix, "0.6.1", "20986b0e02f02b13e6f53c79a1ae70aa83147488c408f40275ec261f5bb0a6d0", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}], "hexpm"},
  "redix_pubsub": {:hex, :redix_pubsub, "0.4.1", "26e6a69129072ac2226be49139019bdf951bb1e9e210a773c1372acf88100936", [:mix], [{:connection, "~> 1.0", [hex: :connection, repo: "hexpm", optional: false]}, {:redix, "~> 0.6.0", [hex: :redix, repo: "hexpm", optional: false]}], "hexpm"},
  "set_locale": {:git, "https://github.com/minifast/set_locale.git", "da9ae029642bc0fbd9212c2aaf86c0adca70c084", [branch: "master"]},
  "sobelow": {:hex, :sobelow, "0.6.6", "04a2850fe31d241ef8c53b83ab9216f7659c19eb94bfb271d2b664e6953b4965", [:mix], [], "hexpm"},
  "ssl_verify_fun": {:hex, :ssl_verify_fun, "1.1.1", "28a4d65b7f59893bc2c7de786dec1e1555bd742d336043fe644ae956c3497fbe", [:make, :rebar], [], "hexpm"},
  "timex": {:hex, :timex, "3.1.24", "d198ae9783ac807721cca0c5535384ebdf99da4976be8cefb9665a9262a1e9e3", [:mix], [{:combine, "~> 0.7", [hex: :combine, repo: "hexpm", optional: false]}, {:gettext, "~> 0.10", [hex: :gettext, repo: "hexpm", optional: false]}, {:tzdata, "~> 0.1.8 or ~> 0.5", [hex: :tzdata, repo: "hexpm", optional: false]}], "hexpm"},
  "timex_ecto": {:hex, :timex_ecto, "3.2.1", "461140751026e1ca03298fab628f78ab189e78784175f5e301eefa034ee530aa", [:mix], [{:ecto, "~> 2.2", [hex: :ecto, repo: "hexpm", optional: false]}, {:timex, "~> 3.1", [hex: :timex, repo: "hexpm", optional: false]}], "hexpm"},