sobelow icon indicating copy to clipboard operation
sobelow copied to clipboard
verified publisher icon nccgroup

`--no-router` flag for use in non-Phoenix projects

Open halostatue opened this issue 1 year ago • 3 comments

I see the cannot found the router warning in my umbrella applications which do not have Phoenix routers, and I would also like to use Sobelow in some libraries that I maintain without seeing this warning.

If a --no-router flag is specified (or is present in configuration), then the no_router message should not be printed.

halostatue avatar May 03 '24 21:05 halostatue

Great idea! Thanks for flagging this @halostatue! I will try to work on this when I can, but PRs are welcome 🙂

For help getting started, there's a bit of prior art found in #118 for adding a new CLI argument (just make sure to also take into consideration the needed hotfix for that feature in #124 😅)

houllette avatar May 19 '24 18:05 houllette

If we specify --no-router (or maybe --no-phoenix) and there are routers and endpoints present, should we throw an error? Or should we just skip the code that even bothers to look for them? I'm leaning toward the latter.

It looks like the practical difference is that we look up Phoenix endpoints and check them for certain web app vulnerabilities like CSRF.

mikebveil avatar Aug 20 '24 19:08 mikebveil

There could be multiple variants: --skip-phoenix (no checking for phoenix features, suppress the messages) and --no-phoenix (declarative that there are no phoenix features, throw an error if there are routers).

halostatue avatar Aug 21 '24 01:08 halostatue