Skip to content

Prevent atom DoS vulnerabilities by avoiding String.to_atom/1 #41

New issue
New issue
Open
Open
Prevent atom DoS vulnerabilities by avoiding String.to_atom/1#41
Assignees
Kavignon
Labels
securityPreventing misuse or vulnerabilities in software
Milestone
ver 1.0.0
@Kavignon

Description

@Kavignon
Kavignon
opened on Dec 8, 2024

Description

Atoms are not garbage-collected, which can lead to memory exhaustion if many unique atoms are created dynamically.
It poses a security risk, as an attacker could exploit this to crash the application via a denial-of-service (DoS) attack.
To mitigate this, we should enforce safer practices in the template and educate developers on the risks and alternatives. The String.to_atom/1 function can lead to atom DoS vulnerabilities when used with untrusted or dynamic input, as atoms are not garbage-collected and can exhaust the BEAM's atom table.

For more information, see the Paraxial.io blog: Atom DoS: Exploiting the BEAM's Atom Table.

Tasks

  • Configure credo to warn developers about String.to_atom/1.
  • Add a CI step to check for occurrences of String.to_atom/1
  • Find a way to propose using String.to_existing_atom/1 instead of String.to_atom/1.
  • The blog suggests using a predefined map or ETS for safe string-to-atom conversions. Incorporate this as a utility in the template.
  • Document the risks and alternatives in the README

Metadata

Metadata

Assignees

Labels

securityPreventing misuse or vulnerabilities in software

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions