I have used Sobelow before without issue (many thanks for all the work that is being done here).
On a new installation of Elixir/Erlang and creation of project using Phoenix Framework Sobelow crashes when run as a standalone script or as a dependency to my project. I suspect it may be Windows related. Upon review of the code I didn't see any recent changes to any code I reviewed. I also did a quick check of the Sobelow history for recent changes, but nothing stood out as a cause.
*I tried other versions of Sobelow including the latest tag 0.10, I found it interesting that the logs say 0.11.1. I care about the release tags than what is printed, but I didn't know where v0.11.1 what it is trying to express and don't want it to cause confusion. Please let me know if I need to clarify.
Details
$ mix sobelow -r apps/myapp_web
##############################################
# #
# Running Sobelow - v0.11.1 #
# Created by Griffin Byatt - @griffinbyatt #
# NCC Group - https://nccgroup.trust #
# #
##############################################
** (FunctionClauseError) no function clause matching in Path.absname_vr/3
The following arguments were given to Path.absname_vr/3:
# 1
["/", "lib", "myapp_web", "router.ex"]
# 2
[]
# 3
""
Attempted function clauses (showing 3 out of 3):
defp absname_vr(+["/" | rest]+, -[volume | _]-, +_relative+)
defp absname_vr(-[<<x, 58>> | rest]-, -[<<x, _::binary()>> | _]-, +relative+)
defp absname_vr(-[<<x, 58>> | name]-, +_+, +_relative+)
(elixir 1.12.3) lib/path.ex:81: Path.absname_vr/3
(elixir 1.12.3) lib/path.ex:190: Path.expand/2
lib/sobelow/utils.ex:24: Sobelow.Utils.normalize_path/1
lib/sobelow/finding.ex:51: Sobelow.Finding.fingerprint/1
lib/sobelow/finding.ex:43: Sobelow.Finding.fetch_fingerprint/1
lib/sobelow/config/csp.ex:117: Sobelow.Config.CSP.add_finding/1
(elixir 1.12.3) lib/enum.ex:930: Enum."-each/2-lists^foreach/1-0-"/2
lib/sobelow.ex:94: Sobelow.run/0
$ cd apps/myapp_web/;mix sobelow
##############################################
# #
# Running Sobelow - v0.11.1 #
# Created by Griffin Byatt - @griffinbyatt #
# NCC Group - https://nccgroup.trust #
# #
##############################################
←[31mConfig.CSP: Missing Content-Security-Policy - High Confidence←[0m
File: c:/lib/myapp_web/router.ex
Pipeline: browser
Line: 12
-----------------------------------------------
** (FunctionClauseError) no function clause matching in Path.absname_vr/3
The following arguments were given to Path.absname_vr/3:
# 1
["/", "templates", "page", "index.html.eex"]
# 2
[]
# 3
""
Attempted function clauses (showing 3 out of 3):
defp absname_vr(+["/" | rest]+, -[volume | _]-, +_relative+)
defp absname_vr(-[<<x, 58>> | rest]-, -[<<x, _::binary()>> | _]-, +relative+)
defp absname_vr(-[<<x, 58>> | name]-, +_+, +_relative+)
(elixir 1.12.3) lib/path.ex:81: Path.absname_vr/3
(elixir 1.12.3) lib/path.ex:190: Path.expand/2
lib/sobelow/utils.ex:24: Sobelow.Utils.normalize_path/1
lib/sobelow/xss/raw.ex:41: anonymous fn/8 in Sobelow.XSS.Raw.run/4
(elixir 1.12.3) lib/enum.ex:930: Enum."-each/2-lists^foreach/1-0-"/2
lib/sobelow.ex:99: Sobelow.run/0
(mix 1.12.3) lib/mix/task.ex:394: anonymous fn/3 in Mix.Task.run_task/3
(mix 1.12.3) lib/mix/cli.ex:84: Mix.CLI.run_task/2
I am not clear on reason for different files resulted in similar crashes, I decided to focus on the why the path associated with the file was incorrect. Based on my inspection was able to resolve by changing to a relative path instead of attempting to expand to an absolute path by updating Sobelow.Utils.normalized_path from
def normalize_path(filename) do
filename
|> Path.expand("")
|> String.replace_prefix("/", "")
end
to
def normalize_path(filename) do
filename
|> String.replace_prefix("/", "")
end
$ cd ../..;mix deps.compile sobelow; mix sobelow -r apps/myapp_web
I am hopeful that this is just a configuration problem on my current environment, but I am not clear as to what is wrong. Any guidance would be greatly appreciated.
I have used Sobelow before without issue (many thanks for all the work that is being done here).
On a new installation of Elixir/Erlang and creation of project using Phoenix Framework Sobelow crashes when run as a standalone script or as a dependency to my project. I suspect it may be Windows related. Upon review of the code I didn't see any recent changes to any code I reviewed. I also did a quick check of the Sobelow history for recent changes, but nothing stood out as a cause.
Environment Windows 10 Phoenix 1.6.2 Elixir 1.12.3 Erlang/OTP 22 [erts-10.7] Sobelow (0.8)*
*I tried other versions of Sobelow including the latest tag 0.10, I found it interesting that the logs say 0.11.1. I care about the release tags than what is printed, but I didn't know where v0.11.1 what it is trying to express and don't want it to cause confusion. Please let me know if I need to clarify.
Details $ mix sobelow -r apps/myapp_web
$ cd apps/myapp_web/;mix sobelow
I am not clear on reason for different files resulted in similar crashes, I decided to focus on the why the path associated with the file was incorrect. Based on my inspection was able to resolve by changing to a relative path instead of attempting to expand to an absolute path by updating Sobelow.Utils.normalized_path from
to
$ cd ../..;mix deps.compile sobelow; mix sobelow -r apps/myapp_web
$ cd apps/myapp_web;mix sobelow
I am hopeful that this is just a configuration problem on my current environment, but I am not clear as to what is wrong. Any guidance would be greatly appreciated.