Open halostatue opened 5 months ago
Great idea! Thanks for flagging this @halostatue! I will try to work on this when I can, but PRs are welcome 🙂
For help getting started, there's a bit of prior art found in #118 for adding a new CLI argument (just make sure to also take into consideration the needed hotfix for that feature in #124 😅)
If we specify --no-router
(or maybe --no-phoenix
) and there are routers and endpoints present, should we throw an error? Or should we just skip the code that even bothers to look for them? I'm leaning toward the latter.
It looks like the practical difference is that we look up Phoenix endpoints and check them for certain web app vulnerabilities like CSRF.
There could be multiple variants: --skip-phoenix
(no checking for phoenix features, suppress the messages) and --no-phoenix
(declarative that there are no phoenix features, throw an error if there are routers).
I see the
cannot found the router
warning in my umbrella applications which do not have Phoenix routers, and I would also like to use Sobelow in some libraries that I maintain without seeing this warning.If a
--no-router
flag is specified (or is present in configuration), then theno_router
message should not be printed.