Applying Security Checks to Elixir Code

Melinda Tóth, an associate professor and researcher, elaborates on the journey her team undertook to adapt their security checkers from Erlang to Elixir. Initially presented at Code Beam Europe in Berlin, the team utilized their static analysis tool 'Refactor' to build a security auditing tool known as 'Safe'. This tool helps in identifying various vulnerabilities in Erlang code using extensive static analysis to reduce false positives. The team has now successfully extended these features to Elixir, identifying potential vulnerabilities in Elixir applications by leveraging semantic program graph representations from beam files. Through extensive data flow analysis and contextual checks, they managed to pinpoint numerous issues within Elixir projects as well. Additionally, the Erlang Ecosystem Foundation's Security Working Group guidelines have been followed to ensure secure coding practices. Melinda also touches on mapping vulnerabilities back to the source code and the challenges of maintaining accuracy. The talk concludes with mentions of ongoing and future enhancements, including working on web application issues like cross-site scripting and remote code execution.