Elixir Security Review
Quick Reference
| Issue Type | Reference | |------------|-----------| | Code.eval_string, binary_to_term | references/code-injection.md | | String.to_atom dangers | references/atom-exhaustion.md | | Config, environment variables | references/secrets.md | | ETS visibility, process dictionary | references/process-exposure.md |
Review Checklist
Critical (Block Merge)
- [ ] No
Code.eval_string/1on user input - [ ] No
:erlang.binary_to_term/1without:safeon untrusted data - [ ] No
String.to_atom/1on external input - [ ] No hardcoded secrets in source code
Major
- [ ] ETS tables use appropriate access controls
- [ ] No sensitive data in process dictionary
- [ ] No dynamic module creation from user input
- [ ] Path traversal prevented in file operations
Configuration
- [ ] Secrets loaded from environment
- [ ] No secrets in config/*.exs committed to git
- [ ] Runtime config used for deployment secrets
Valid Patterns (Do NOT Flag)
- String.to_atom on compile-time constants - Atoms created at compile time are safe
- Code.eval_string in dev/test - May be needed for tooling
- ETS :public tables - Valid when intentionally shared
- binary_to_term with :safe - Explicitly safe option used
Context-Sensitive Rules
| Issue | Flag ONLY IF | |-------|--------------| | String.to_atom | Input comes from external source (user, API, file) | | binary_to_term | Data comes from untrusted source | | ETS :public | Contains sensitive data |
Before Submitting Findings
Use the issue format: [FILE:LINE] ISSUE_TITLE for each finding.
Load and follow review-verification-protocol before reporting any issue.