Closed Helpys closed 4 years ago
Hi, thanks for opening this issue!
Sorry about the problem, it looks like this is related to some backwards compatibility features for some older phoenix directory structures. This will be a good time to simplify all of that since it's no longer relevant; I should have a fix on GitHub in the the next day or so :)
This change has been pushed to master! You can check it out by installing with mix archive.install nccgroup/sobelow
.
It won't flag HTTPS, since that is managed outside of the root directory, but will appropriately flag the other two findings.
I will push this to Hex later on this week, unless I hear otherwise. Thanks again!
If I generate a default phoenix project from scratch
mix phx.new simple
then sobelow finds three problems in the phoenix configuration fileconfig.exs
in the first run:But if I generate a default phoenix umbrella project from scratch
mix phx.new complex --umbrella
then sobelow does not find the tree problems in the phoenix configuration fileconfig.exs
in the first run. (Probably because the configuration file is in the root folder of the umbrella project not in the selected app-folder.)