elixir
Privilege Escalation Vulnerability - Elixir
Need Prevent unauthorized access to information and operations Context Usage of Elixir (1.10 and above) for building scalable and fault-tolerant applications Usage of plain maps for role management Description Non compliant code defmodule User do ...
Authentication Mechanism Absence or Evasion Vulnerability - Elixir
Need Prevent unauthorized access to protected resources Context Usage of Elixir (1.10 and above) for building scalable and fault-tolerant applications Usage of plain maps for user management Description Non compliant code defmodule User do defstruct ...
Sensitive Information in Source Code - Elixir
Need Avoid exposure of sensitive data Context Usage of Elixir (1.10 and above) for building scalable and fault-tolerant applications Usage of generic packages or server types Description Non compliant code defmodule MySensitiveInfo do @password ...
Use of Software with Known Vulnerabilities - Elixir
Need Prevent exploitation of known vulnerabilities in dependencies Context Usage of Elixir (1.10 and above) for building scalable and fault-tolerant applications Usage of mix for dependency management Description Non compliant code defp deps do ...
Insecure Object Reference - Elixir
Need Prevent unauthorized access to user data Context Usage of Elixir (1.10 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework for building web applications Usage of Ecto ORM for data access Description Non ...
Insecure Functionality - Elixir
Need Prevent unauthorized password change Context Usage of Elixir (1.10 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework for building scalable web applications Description Non compliant code def ...
Insecure Authentication Method - Basic - Elixir
Need Securely authenticate user requests Context Usage of Elixir (1.10 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework for building web applications Usage of Guardian library for JWT authentication ...
Insecure Encryption Algorithm - SSL/TLS - Elixir
Need Secure data transfer between client and server Context Usage of Elixir (1.10 and above) for building scalable and fault-tolerant applications Usage of Cowboy for HTTP request and response handling Usage of Plug package for building web ...
Sensitive Information Sent Insecurely - Elixir
Need Secure transfer of sensitive data Context Usage of Elixir (1.10 and above) for building scalable and fault-tolerant applications Usage of Phoenix web framework for building scalable and fault-tolerant web applications Description Non compliant ...
Administrative Credentials Stored in Cache Memory - Elixir
Need Prevent unauthorized access to administrative credentials Context Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications Usage of ETS for caching Description Non compliant code defmodule MyApp.Cache do def ...
Non-encrypted Confidential Information - Elixir
Need Protect sensitive information from unauthorized access Context Usage of Elixir (version 1.11 and above) for building scalable and concurrent applications Usage of File module for file handling Description Non compliant code defmodule MyApp.Data ...
Use of an Insecure Channel - Elixir
Need Ensure data confidentiality and integrity during transmission Context Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications Usage of HTTPoison for making HTTP requests Description Non compliant code defmodule ...
User Enumeration Vulnerability - Elixir
Need Prevent attackers from enumerating valid usernames in the system Context Usage of Elixir (1.11 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework (1.5 and above) for building web applications Description ...
Insecure Temporary Files - Elixir
Need Securely store sensitive information Context Usage of Elixir (1.11 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework (1.5+) for building web applications Description Non compliant code defmodule ...
Sensitive Information Sent Via URL Parameters - Elixir
Need Secure transmission of sensitive information Context Usage of Elixir (1.11 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework for building web applications (version 1.5 and above) Description Non ...
Insecure Generation of Random Numbers - Elixir
Need Prevent predictable sequences of random numbers Context Usage of Elixir (1.11 and above) for building scalable and fault-tolerant applications Usage of Erlang/OTP for building scalable and fault-tolerant systems Description Non compliant code ...
Technical Information Leak - Elixir
Need To prevent unauthorized access to sensitive system and configuration data Context Usage of Elixir (1.10 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework for the application Description Non compliant ...
Business Information Leak - Elixir
Need Prevention of unauthorized access to sensitive business data. Context Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications Usage of Phoenix Framework for building web applications Description Non compliant code def ...
Improper Authorization Control for Web Services - Elixir
Need Proper validation of user sessions or tokens to secure web services. Context Usage of Elixir (version 1.11 and above) for building scalable and fault-tolerant applications Usage of Phoenix Framework for building web applications Description Non ...
Enabled Default Credentials - Elixir
Need Prevent unauthorized access to system resources using default credentials. Context Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications Usage of PostgreSQL Database for data storage and retrieval Description Non ...
Insecurely Generated Cookies - Elixir
Need Prevent cookie exposure over insecure channels or to unauthorized users. Context Usage of Elixir (v1.11+) for building scalable and concurrent applications Usage of Plug library for handling HTTP requests Description Non compliant code def ...
Guessed Weak Credentials - Elixir
Need Prevent brute force attacks by enforcing a strong password policy. Context Usage of Elixir (version 1.11 and above) for building scalable and fault-tolerant applications Usage of Ecto library for data validation Description Non compliant code ...
Cracked Weak Credentials - Elixir
Need Prevent unauthorized access by securely hashing and storing passwords. Context Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications Usage of Comeonin library for hashing Description Non compliant code def ...
Insecure Encryption Algorithm - Elixir
Need Prevent unauthorized access and tampering of encrypted data. Context Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications Usage of crypto library for encryption Description Non compliant code def encrypt(data, key) do ...
Sensitive Information Stored in Logs - Elixir
Need Prevent unauthorized access to sensitive data Context Usage of Elixir (version 1.11 and above) for building scalable and fault-tolerant applications Usage of Plug library for request handling Description Non compliant code def ...
Traceability Loss - Server's Clock - Elixir
Need Accurate timestamping for traceability Context Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications Usage of Logger module for logging Description Non compliant code def log_event(event) do ...
Technical Information Leak - Console Functions - Elixir
Need Avoid leaking technical information via console functions Context Usage of Elixir (version 1.11 and above) for building scalable and fault-tolerant applications Usage of IO library for input/output operations Description Non compliant code ...
Improper Resource Allocation - Elixir
Need Prevent unnecessary resource consumption due to inefficient algorithms or improper programming practices Context Usage of Elixir (v1.11+) for building scalable and concurrent applications Description Non compliant code defmodule Vulnerable do ...
Insecurely Generated Token - Elixir
Need Create secure, unpredictable session tokens to prevent reuse Context Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications Usage of Phoenix.Token for token generation and verification Description Non compliant code ...
Non-upgradable Dependencies - Elixir
Need Use a dependency manager to ensure smooth updates and maintainability Context Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications Usage of Mix as the package manager Description Non compliant code defmodule ...
Business Information Leak - Customers or Providers - Elixir
Need Ensure the privacy and security of sensitive business information Context Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications Usage of Plug for creating middleware Usage of Phoenix Framework for web interface ...
Insecure Encryption Algorithm - Anonymous Cipher Suites - Elixir
Need To ensure secure encrypted connections that are not vulnerable to MitM attacks Context Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications Usage of Erlang/OTP's ssl application for secure communication Description Non ...
Hidden Fields Manipulation - Elixir
Need To prevent users from manipulating hidden fields in the application that could lead to undesired behaviors Context Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications Usage of Phoenix Framework for building web ...
Insecure Encryption Algorithm - Cipher Block Chaining - Elixir
Need To ensure that data encryption and decryption processes are secure, minimizing the risk of data being compromised Context Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications Usage of Elixir's :crypto module for ...
Server-side Request Forgery (SSRF) - Elixir
Need To prevent unauthorized network requests performed by the server due to user input manipulation Context Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications Usage of Plug.Adapters.Cowboy2.Http module for handling HTTP ...
NoSQL Injection - Elixir
Need To prevent unauthorized data access and manipulation through NoSQL Injection attacks Context Usage of Elixir (v1.11+) for building scalable and fault-tolerant applications Usage of MongoDB driver for interacting with MongoDB database Description ...
LDAP Injection - Elixir
Need To prevent unauthorized data access and manipulation through LDAP Injection attacks Context Usage of Elixir (v1.11+) with Erlang/OTP (v23+) Usage of eldap library for LDAP operations in Erlang Description Non compliant code defmodule ...