Insecure Use of Language/Framework API

Why is this important?

Elixir, like any other programming language, has powerful or security related APIs. If these APIs are not used properly, it can have a catastrophic impact on your app.

Insecure Use of binary_to_term

If user input is passed to Erlang's binary_to_term function it may result in memory exhaustion or code execution. Even with the :safe option, binary_to_term will deserialize functions, and shouldn't be considered safe to use with untrusted input.

Fixing Insecure Use of binary_to_term

Option A: Avoid user input in binary_to_term

Go through the issues that GuardRails identified in the PR

Identify the following patterns:

def index(conn, %{"test" => test}) do
  :erlang.binary_to_term(test)
end

Where possible, avoid the function entirely, or only allow certain allowed user-input.
```
def index(conn, %{"test" => test}) do
  :erlang.binary_to_term(test, [safe])
end
```
Test it and ensure the functionality works as expected
Ship it 🚢 and relax 🌴

Why is this important?​

Insecure Use of binary_to_term​

Fixing Insecure Use of binary_to_term​

Option A: Avoid user input in binary_to_term​

More information​

Why is this important?

Insecure Use of binary_to_term

Fixing Insecure Use of binary_to_term

Option A: Avoid user input in binary_to_term

More information