Some sobelow fixes

Signed-off-by: Thomas Citharel <tcit@tcit.fr>

lib/web/auth/error_handler.ex

@@ -4,6 +4,7 @@ defmodule Mobilizon.Web.Auth.ErrorHandler do
   """
   import Plug.Conn
 
+  # sobelow_skip ["XSS.SendResp"]
   def auth_error(conn, {type, _reason}, _opts) do
     body = Jason.encode!(%{message: to_string(type)})
     send_resp(conn, 401, body)

lib/web/proxy/reverse_proxy.ex

@@ -145,6 +145,7 @@ defmodule Mobilizon.Web.ReverseProxy do
     end
   end
 
+  # sobelow_skip ["XSS.SendResp"]
   def call(conn, _, _) do
     conn
     |> send_resp(400, Conn.Status.reason_phrase(400))
@@ -223,6 +224,7 @@ defmodule Mobilizon.Web.ReverseProxy do
     |> send_resp(code, "")
   end
 
+  # sobelow_skip ["XSS.SendResp"]
   defp error_or_redirect(conn, url, code, body, opts) do
     if Keyword.get(opts, :redirect_on_failure, false) do
       conn

lib/web/router.ex

@@ -163,8 +163,8 @@ defmodule Mobilizon.Web.Router do
     get("/interact", PageController, :interact)
 
     get("/auth/:provider", AuthController, :request)
-    # sobelow_skip ["Config.CSRFRoute"]
-    # Possibly related to https://github.com/ueberauth/ueberauth/issues/125
+    # Have a look at https://github.com/ueberauth/ueberauth/issues/125 some day
+    # Also possible CSRF issue
     get("/auth/:provider/callback", AuthController, :callback)
     post("/auth/:provider/callback", AuthController, :callback)
   end

lib/web/views/utils.ex

@@ -5,6 +5,7 @@ defmodule Mobilizon.Web.Views.Utils do
 
   alias Mobilizon.Service.Metadata.Utils, as: MetadataUtils
 
+  # sobelow_skip ["Traversal.FileModule"]
   @spec inject_tags(Enum.t(), String.t()) :: {:safe, String.t()}
   def inject_tags(tags, locale \\ "en") do
     with {:ok, index_content} <- File.read(index_file_path()) do