diff --git a/.circleci/config.yml b/.circleci/config.yml index 780e0c87..2a9aac88 100644 --- a/.circleci/config.yml +++ b/.circleci/config.yml @@ -1,6 +1,6 @@ defaults: &defaults docker: - - image: birdofpreyru/mythril-integration-tests:0.0.3 + - image: birdofpreyru/mythril-integration-tests:0.0.4 version: 2 jobs: @@ -15,13 +15,28 @@ jobs: # path param in checkout command, and this symlink compenstates for that. # - run: ln -s /root/project /home/mythril + - restore-cache: + keys: + - tox-env-{{ checksum "/home/mythril/setup.py" }} + - run: name: Installing mythril tools - command: cd /home && ./install-mythril-tools.sh laser-ethereum + command: ./install-mythril-tools.sh laser-ethereum + working_directory: /home - run: - name: Install dependencies, in case any are missing in Docker image - command: pip3 install -r /home/mythril/requirements.txt + name: Install tox envs + command: tox -vv --notest + working_directory: /home/mythril + environment: + LC_ALL: C.UTF-8 + LANG: C.UTF-8 + + - save_cache: + key: tox-env-{{ checksum "/home/mythril/setup.py" }} + paths: + - .tox/py* + - /root/.cache/pip/wheels/ - run: background: true @@ -30,21 +45,27 @@ jobs: - run: name: Unit-testing - command: cd /home/mythril && ./all_tests.sh + command: tox + working_directory: /home/mythril + environment: + LC_ALL: C.UTF-8 + LANG: C.UTF-8 - store_test_results: - path: /tmp/test-reports + path: /home/mythril/.tox/output - store_artifacts: - path: /tmp/test-reports + path: /home/mythril/.tox/output - run: name: Ensuring that setup script is functional - command: cd /home/mythril && python3 setup.py install + command: python3 setup.py install + working_directory: /home/mythril - run: name: Integration tests - command: if [ -z "$CIRCLE_PR_NUMBER" ]; then cd /home && ./run-integration-tests.sh; fi + command: if [ -z "$CIRCLE_PR_NUMBER" ]; then ./run-integration-tests.sh; fi + working_directory: /home deploy: <<: *defaults @@ -53,13 +74,16 @@ jobs: path: /home/mythril - run: name: Verify Git tag vs. version - command: cd /home/mythril && python3 setup.py verify + command: python3 setup.py verify + working_directory: /home/mythril - run: name: Build - command: cd /home/mythril && python3 setup.py sdist + command: python3 setup.py sdist + working_directory: /home/mythril - run: name: Deploy - command: cd /home/mythril && twine upload dist/* + command: twine upload dist/* + working_directory: /home/mythril workflows: version: 2 diff --git a/.coveragerc b/.coveragerc deleted file mode 100644 index 20e1caf4..00000000 --- a/.coveragerc +++ /dev/null @@ -1,13 +0,0 @@ -[run] -source = - . - -[report] -omit = - *__init__.py - /usr/* - *_test.py - setup.py - -[html] -directory = coverage_html_report diff --git a/.gitignore b/.gitignore index b5eb4723..38981e78 100644 --- a/.gitignore +++ b/.gitignore @@ -1,20 +1,179 @@ -.DS_Store + +# Created by https://www.gitignore.io/api/linux,macos,python,windows + +### Linux ### +*~ + +# temporary files which can be created if a process still has a handle open of a deleted file +.fuse_hidden* + +# KDE directory preferences +.directory + +# Linux trash folder which might appear on any partition or disk +.Trash-* + +# .nfs files are created when an open file is removed but is still being accessed +.nfs* + +### macOS ### +*.DS_Store +.AppleDouble +.LSOverride + +# Icon must end with two \r +Icon + +# Thumbnails +._* + +# Files that might appear in the root of a volume +.DocumentRevisions-V100 +.fseventsd +.Spotlight-V100 +.TemporaryItems +.Trashes +.VolumeIcon.icns +.com.apple.timemachine.donotpresent + +# Directories potentially created on remote AFP share +.AppleDB +.AppleDesktop +Network Trash Folder +Temporary Items +.apdisk + +### Python ### +# Byte-compiled / optimized / DLL files +__pycache__/ +*.py[cod] +*$py.class + +# C extensions +*.so + +# Distribution / packaging +.Python +build/ +develop-eggs/ +dist/ +downloads/ +eggs/ +.eggs/ +lib/ +lib64/ +parts/ +sdist/ +var/ +wheels/ +*.egg-info/ +.installed.cfg +*.egg + +# PyInstaller +# Usually these files are written by a python script from a template +# before PyInstaller builds the exe, so as to inject date/other infos into it. +*.manifest +*.spec + +# Installer logs +pip-log.txt +pip-delete-this-directory.txt + +# Unit test / coverage reports +htmlcov/ +.tox/ +.coverage +.coverage.* +.cache +.pytest_cache/ +nosetests.xml +coverage.xml +*.cover +.hypothesis/ + +# Translations +*.mo +*.pot + +# Flask stuff: +instance/ +.webassets-cache + +# Scrapy stuff: +.scrapy + +# Sphinx documentation +docs/_build/ + +# PyBuilder +target/ + +# Jupyter Notebook +.ipynb_checkpoints + +# pyenv .python-version -__pycache__ -*.pyc + +# celery beat schedule file +celerybeat-schedule.* + +# SageMath parsed files +*.sage.py + +# Environments +.env +.venv +env/ +venv/ +ENV/ +env.bak/ +venv.bak/ + +# Spyder project settings +.spyderproject +.spyproject + +# Rope project settings +.ropeproject + +# mkdocs documentation +/site + +# mypy +.mypy_cache/ + +### Windows ### +# Windows thumbnail cache files +Thumbs.db +ehthumbs.db +ehthumbs_vista.db + +# Folder config file +Desktop.ini + +# Recycle Bin used on file shares +$RECYCLE.BIN/ + +# Windows Installer files +*.cab +*.msi +*.msm +*.msp + +# Windows shortcuts +*.lnk + + +# End of https://www.gitignore.io/api/linux,macos,python,windows + *.asm -mythril.egg-info -build -dist *.rst *.lock -!Pipfile.lock *.svg laser* lol* .idea* coverage_html_report/ -.coverage -.pytest_cache tests/testdata/outputs_current/ tests/mythril_dir/signatures.json diff --git a/Pipfile b/Pipfile index 63fe3b4e..753481aa 100644 --- a/Pipfile +++ b/Pipfile @@ -4,27 +4,16 @@ verify_ssl = true name = "pypi" [packages] -requests = "*" -plyvel = "*" -py-solc = "*" -coverage = "*" -BTrees = "*" -ethereum = ">=2.3.0" -zodb = ">=5.3.0" -eth-abi = "*" -"z3-solver" = ">=4.5" -eth-account = "*" -eth-tester = "*" -laser-ethereum = ">=0.5.20" -"jinja2" = "*" -rlp = "<1.0.0" +"e1839a8" = {path = ".", editable = true} + [dev-packages] pylint = "*" yapf = "*" pytest = "*" +pytest-mock = "*" +pytest-cov = "*" [requires] -python_version = "3.6" [pipenv] allow_prereleases = true diff --git a/coverage_report.sh b/coverage_report.sh index 3f97261b..795372ab 100755 --- a/coverage_report.sh +++ b/coverage_report.sh @@ -7,6 +7,7 @@ rm -rf ./tests/testdata/outputs_current/ mkdir -p ./tests/testdata/outputs_current/ rm -rf coverage_html_report -coverage run -m unittest discover -p "*_test.py" -coverage html -open coverage_html_report/index.html +py.test \ + --cov=mythril \ + --cov-config=tox.ini \ + --cov-report=html:coverage_html_report \ diff --git a/mythril/analysis/report.py b/mythril/analysis/report.py index d82a2530..1e61092a 100644 --- a/mythril/analysis/report.py +++ b/mythril/analysis/report.py @@ -1,5 +1,6 @@ import hashlib import json +import operator from jinja2 import PackageLoader, Environment class Issue: @@ -45,25 +46,28 @@ class Report: self.verbose = verbose pass + def sorted_issues(self): + issue_list = [issue.as_dict() for key, issue in self.issues.items()] + return sorted(issue_list, key=operator.itemgetter('address', 'title')) + def append_issue(self, issue): m = hashlib.md5() m.update((issue.contract + str(issue.address) + issue.title).encode('utf-8')) self.issues[m.digest()] = issue def as_text(self): - filename = self._file_name() + name = self._file_name() template = Report.environment.get_template('report_as_text.jinja2') - return template.render(filename=filename, issues=self.issues, verbose=self.verbose) + return template.render(filename=name, issues=self.sorted_issues(), verbose=self.verbose) def as_json(self): - issues = [issue.as_dict() for key, issue in self.issues.items()] - result = {'success': True, 'error': None, 'issues': issues} - return json.dumps(result) + result = {'success': True, 'error': None, 'issues': self.sorted_issues()} + return json.dumps(result, sort_keys=True) def as_markdown(self): filename = self._file_name() template = Report.environment.get_template('report_as_markdown.jinja2') - return template.render(filename=filename, issues=self.issues, verbose=self.verbose) + return template.render(filename=filename, issues=self.sorted_issues(), verbose=self.verbose) def _file_name(self): if len(self.issues.values()) > 0: diff --git a/mythril/analysis/templates/report_as_markdown.jinja2 b/mythril/analysis/templates/report_as_markdown.jinja2 index 9ceb80a7..3f83245f 100644 --- a/mythril/analysis/templates/report_as_markdown.jinja2 +++ b/mythril/analysis/templates/report_as_markdown.jinja2 @@ -1,6 +1,6 @@ # Analysis results for {{ filename }} {% if issues %} -{% for key, issue in issues.items() %} +{% for issue in issues %} ## {{ issue.title }} diff --git a/mythril/analysis/templates/report_as_text.jinja2 b/mythril/analysis/templates/report_as_text.jinja2 index 1fb18e1a..7e7e1482 100644 --- a/mythril/analysis/templates/report_as_text.jinja2 +++ b/mythril/analysis/templates/report_as_text.jinja2 @@ -1,5 +1,5 @@ {% if issues %} -{% for key, issue in issues.items() %} +{% for issue in issues %} ==== {{ issue.title }} ==== Type: {{ issue.type }} Contract: {{ issue.contract | default("Unknown") }} diff --git a/tests/analysis/test_delegatecall.py b/tests/analysis/test_delegatecall.py index 2f5c1a61..8849fb8d 100644 --- a/tests/analysis/test_delegatecall.py +++ b/tests/analysis/test_delegatecall.py @@ -3,8 +3,7 @@ from mythril.analysis.ops import Call, Variable, VarType from mythril.analysis.symbolic import SymExecWrapper from laser.ethereum.svm import GlobalState, Node, Environment, Account import pytest -import mock -from mock import patch +from unittest.mock import MagicMock, patch import pytest_mock @@ -185,7 +184,7 @@ def test_delegate_call(sym_mock, concrete_mock, curr_instruction): to = Variable("storage_1", VarType.SYMBOLIC) call = Call(node, state, None, "DELEGATECALL", to, None) - statespace = mock.MagicMock() + statespace = MagicMock() statespace.calls = [call] # act @@ -211,7 +210,7 @@ def test_delegate_call_not_delegate(sym_mock, concrete_mock): to = Variable("storage_1", VarType.SYMBOLIC) call = Call(node, None, None, "NOT_DELEGATECALL", to, None) - statespace = mock.MagicMock() + statespace = MagicMock() statespace.calls = [call] # act @@ -238,7 +237,7 @@ def test_delegate_call_not_fallback(sym_mock, concrete_mock): to = Variable("storage_1", VarType.SYMBOLIC) call = Call(node, None, None, "DELEGATECALL", to, None) - statespace = mock.MagicMock() + statespace = MagicMock() statespace.calls = [call] # act diff --git a/tests/report_test.py b/tests/report_test.py index dae6cc4e..88d4c777 100644 --- a/tests/report_test.py +++ b/tests/report_test.py @@ -19,7 +19,7 @@ def _fix_debug_data(json_str): read_json = json.loads(json_str) for issue in read_json["issues"]: issue["debug"] = "" - return json.dumps(read_json, indent=4) + return json.dumps(read_json, sort_keys=True) def _generate_report(input_file): @@ -56,6 +56,29 @@ def _assert_empty(changed_files, postfix): assert message == "", message +def _assert_empty_json(changed_files): + """ Asserts there are no changed files and otherwise builds error message""" + postfix = ".json" + expected = [] + actual = [] + + def ordered(obj): + if isinstance(obj, dict): + return sorted((k, ordered(v)) for k, v in obj.items()) + elif isinstance(obj, list): + return sorted(ordered(x) for x in obj) + else: + return obj + + for input_file in changed_files: + output_expected = json.loads((TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix)).read_text()) + output_current = json.loads((TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix)).read_text()) + + if not ordered(output_expected.items()) == ordered(output_current.items()): + expected.append(output_expected) + actual.append(output_current) + + assert expected == actual def _get_changed_files(postfix, report_builder, reports): """ @@ -74,8 +97,27 @@ def _get_changed_files(postfix, report_builder, reports): yield input_file +def _get_changed_files_json(report_builder, reports): + postfix = ".json" + def ordered(obj): + if isinstance(obj, dict): + return sorted((k, ordered(v)) for k, v in obj.items()) + elif isinstance(obj, list): + return sorted(ordered(x) for x in obj) + else: + return obj + + for report, input_file in reports: + output_expected = TESTDATA_OUTPUTS_EXPECTED / (input_file.name + postfix) + output_current = TESTDATA_OUTPUTS_CURRENT / (input_file.name + postfix) + output_current.write_text(report_builder(report)) + + if not ordered(json.loads(output_expected.read_text())) == ordered(json.loads(output_current.read_text())): + yield input_file + + def test_json_report(reports): - _assert_empty(_get_changed_files('.json', lambda report: _fix_path(_fix_debug_data(report.as_json())).strip(), reports), '.json') + _assert_empty_json(_get_changed_files_json(lambda report: _fix_path(_fix_debug_data(report.as_json())).strip(), reports)) def test_markdown_report(reports): diff --git a/tests/testdata/outputs_expected/calls.sol.o.markdown b/tests/testdata/outputs_expected/calls.sol.o.markdown index 7c75e616..02e69173 100644 --- a/tests/testdata/outputs_expected/calls.sol.o.markdown +++ b/tests/testdata/outputs_expected/calls.sol.o.markdown @@ -11,49 +11,27 @@ This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. -## Message call to external contract - -- Type: Warning -- Contract: Unknown -- Function name: `_function_0xd24b08cc` -- PC address: 779 - -### Description - -This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. - -## Message call to external contract +## Unchecked CALL return value - Type: Informational - Contract: Unknown -- Function name: `_function_0xe11f493e` -- PC address: 858 - -### Description - -This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. - -## State change after external call - -- Type: Warning -- Contract: Unknown -- Function name: `_function_0xe11f493e` -- PC address: 869 +- Function name: `_function_0x5a6814ec` +- PC address: 661 ### Description -The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. +The return value of an external call is not checked. Note that execution continue even if the called contract throws. ## Message call to external contract - Type: Warning - Contract: Unknown -- Function name: `_function_0xe1d10f79` -- PC address: 912 +- Function name: `_function_0xd24b08cc` +- PC address: 779 ### Description -This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. +This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. ## Transaction order dependence @@ -70,23 +48,23 @@ A possible transaction order independence vulnerability exists in function _func - Type: Informational - Contract: Unknown -- Function name: `_function_0x5a6814ec` -- PC address: 661 +- Function name: `_function_0xd24b08cc` +- PC address: 779 ### Description The return value of an external call is not checked. Note that execution continue even if the called contract throws. -## Unchecked CALL return value +## Message call to external contract - Type: Informational - Contract: Unknown -- Function name: `_function_0xd24b08cc` -- PC address: 779 +- Function name: `_function_0xe11f493e` +- PC address: 858 ### Description -The return value of an external call is not checked. Note that execution continue even if the called contract throws. +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. ## Unchecked CALL return value @@ -99,6 +77,28 @@ The return value of an external call is not checked. Note that execution continu The return value of an external call is not checked. Note that execution continue even if the called contract throws. +## State change after external call + +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xe11f493e` +- PC address: 869 + +### Description + +The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. + +## Message call to external contract + +- Type: Warning +- Contract: Unknown +- Function name: `_function_0xe1d10f79` +- PC address: 912 + +### Description + +This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. + ## Unchecked CALL return value - Type: Informational diff --git a/tests/testdata/outputs_expected/calls.sol.o.text b/tests/testdata/outputs_expected/calls.sol.o.text index c327fc14..efdfd1e4 100644 --- a/tests/testdata/outputs_expected/calls.sol.o.text +++ b/tests/testdata/outputs_expected/calls.sol.o.text @@ -6,36 +6,20 @@ PC address: 661 This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. -------------------- -==== Message call to external contract ==== -Type: Warning -Contract: Unknown -Function name: _function_0xd24b08cc -PC address: 779 -This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. --------------------- - -==== Message call to external contract ==== +==== Unchecked CALL return value ==== Type: Informational Contract: Unknown -Function name: _function_0xe11f493e -PC address: 858 -This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. --------------------- - -==== State change after external call ==== -Type: Warning -Contract: Unknown -Function name: _function_0xe11f493e -PC address: 869 -The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. +Function name: _function_0x5a6814ec +PC address: 661 +The return value of an external call is not checked. Note that execution continue even if the called contract throws. -------------------- ==== Message call to external contract ==== Type: Warning Contract: Unknown -Function name: _function_0xe1d10f79 -PC address: 912 -This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. +Function name: _function_0xd24b08cc +PC address: 779 +This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `_function_0x2776b163`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. -------------------- ==== Transaction order dependence ==== @@ -49,17 +33,17 @@ A possible transaction order independence vulnerability exists in function _func ==== Unchecked CALL return value ==== Type: Informational Contract: Unknown -Function name: _function_0x5a6814ec -PC address: 661 +Function name: _function_0xd24b08cc +PC address: 779 The return value of an external call is not checked. Note that execution continue even if the called contract throws. -------------------- -==== Unchecked CALL return value ==== +==== Message call to external contract ==== Type: Informational Contract: Unknown -Function name: _function_0xd24b08cc -PC address: 779 -The return value of an external call is not checked. Note that execution continue even if the called contract throws. +Function name: _function_0xe11f493e +PC address: 858 +This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code. -------------------- ==== Unchecked CALL return value ==== @@ -70,6 +54,22 @@ PC address: 858 The return value of an external call is not checked. Note that execution continue even if the called contract throws. -------------------- +==== State change after external call ==== +Type: Warning +Contract: Unknown +Function name: _function_0xe11f493e +PC address: 869 +The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities. +-------------------- + +==== Message call to external contract ==== +Type: Warning +Contract: Unknown +Function name: _function_0xe1d10f79 +PC address: 912 +This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state. +-------------------- + ==== Unchecked CALL return value ==== Type: Informational Contract: Unknown diff --git a/tests/testdata/outputs_expected/overflow.sol.o.markdown b/tests/testdata/outputs_expected/overflow.sol.o.markdown index d2c8f9e6..07d375b8 100644 --- a/tests/testdata/outputs_expected/overflow.sol.o.markdown +++ b/tests/testdata/outputs_expected/overflow.sol.o.markdown @@ -5,33 +5,33 @@ - Type: Warning - Contract: Unknown - Function name: `sendeth(address,uint256)` -- PC address: 649 +- PC address: 567 ### Description A possible integer underflow exists in the function `sendeth(address,uint256)`. The subtraction may result in a value < 0. -## Integer Overflow +## Integer Underflow - Type: Warning - Contract: Unknown - Function name: `sendeth(address,uint256)` -- PC address: 725 +- PC address: 649 ### Description -A possible integer overflow exists in the function `sendeth(address,uint256)`. -The addition or multiplication may result in a value higher than the maximum representable integer. +A possible integer underflow exists in the function `sendeth(address,uint256)`. +The subtraction may result in a value < 0. -## Integer Underflow +## Integer Overflow - Type: Warning - Contract: Unknown - Function name: `sendeth(address,uint256)` -- PC address: 567 +- PC address: 725 ### Description -A possible integer underflow exists in the function `sendeth(address,uint256)`. -The subtraction may result in a value < 0. +A possible integer overflow exists in the function `sendeth(address,uint256)`. +The addition or multiplication may result in a value higher than the maximum representable integer. diff --git a/tests/testdata/outputs_expected/overflow.sol.o.text b/tests/testdata/outputs_expected/overflow.sol.o.text index a3ec68c4..f15d633f 100644 --- a/tests/testdata/outputs_expected/overflow.sol.o.text +++ b/tests/testdata/outputs_expected/overflow.sol.o.text @@ -2,26 +2,26 @@ Type: Warning Contract: Unknown Function name: sendeth(address,uint256) -PC address: 649 +PC address: 567 A possible integer underflow exists in the function `sendeth(address,uint256)`. The subtraction may result in a value < 0. -------------------- -==== Integer Overflow ==== +==== Integer Underflow ==== Type: Warning Contract: Unknown Function name: sendeth(address,uint256) -PC address: 725 -A possible integer overflow exists in the function `sendeth(address,uint256)`. -The addition or multiplication may result in a value higher than the maximum representable integer. +PC address: 649 +A possible integer underflow exists in the function `sendeth(address,uint256)`. +The subtraction may result in a value < 0. -------------------- -==== Integer Underflow ==== +==== Integer Overflow ==== Type: Warning Contract: Unknown Function name: sendeth(address,uint256) -PC address: 567 -A possible integer underflow exists in the function `sendeth(address,uint256)`. -The subtraction may result in a value < 0. +PC address: 725 +A possible integer overflow exists in the function `sendeth(address,uint256)`. +The addition or multiplication may result in a value higher than the maximum representable integer. -------------------- diff --git a/tests/testdata/outputs_expected/underflow.sol.o.markdown b/tests/testdata/outputs_expected/underflow.sol.o.markdown index d2c8f9e6..07d375b8 100644 --- a/tests/testdata/outputs_expected/underflow.sol.o.markdown +++ b/tests/testdata/outputs_expected/underflow.sol.o.markdown @@ -5,33 +5,33 @@ - Type: Warning - Contract: Unknown - Function name: `sendeth(address,uint256)` -- PC address: 649 +- PC address: 567 ### Description A possible integer underflow exists in the function `sendeth(address,uint256)`. The subtraction may result in a value < 0. -## Integer Overflow +## Integer Underflow - Type: Warning - Contract: Unknown - Function name: `sendeth(address,uint256)` -- PC address: 725 +- PC address: 649 ### Description -A possible integer overflow exists in the function `sendeth(address,uint256)`. -The addition or multiplication may result in a value higher than the maximum representable integer. +A possible integer underflow exists in the function `sendeth(address,uint256)`. +The subtraction may result in a value < 0. -## Integer Underflow +## Integer Overflow - Type: Warning - Contract: Unknown - Function name: `sendeth(address,uint256)` -- PC address: 567 +- PC address: 725 ### Description -A possible integer underflow exists in the function `sendeth(address,uint256)`. -The subtraction may result in a value < 0. +A possible integer overflow exists in the function `sendeth(address,uint256)`. +The addition or multiplication may result in a value higher than the maximum representable integer. diff --git a/tests/testdata/outputs_expected/underflow.sol.o.text b/tests/testdata/outputs_expected/underflow.sol.o.text index a3ec68c4..f15d633f 100644 --- a/tests/testdata/outputs_expected/underflow.sol.o.text +++ b/tests/testdata/outputs_expected/underflow.sol.o.text @@ -2,26 +2,26 @@ Type: Warning Contract: Unknown Function name: sendeth(address,uint256) -PC address: 649 +PC address: 567 A possible integer underflow exists in the function `sendeth(address,uint256)`. The subtraction may result in a value < 0. -------------------- -==== Integer Overflow ==== +==== Integer Underflow ==== Type: Warning Contract: Unknown Function name: sendeth(address,uint256) -PC address: 725 -A possible integer overflow exists in the function `sendeth(address,uint256)`. -The addition or multiplication may result in a value higher than the maximum representable integer. +PC address: 649 +A possible integer underflow exists in the function `sendeth(address,uint256)`. +The subtraction may result in a value < 0. -------------------- -==== Integer Underflow ==== +==== Integer Overflow ==== Type: Warning Contract: Unknown Function name: sendeth(address,uint256) -PC address: 567 -A possible integer underflow exists in the function `sendeth(address,uint256)`. -The subtraction may result in a value < 0. +PC address: 725 +A possible integer overflow exists in the function `sendeth(address,uint256)`. +The addition or multiplication may result in a value higher than the maximum representable integer. -------------------- diff --git a/tox.ini b/tox.ini new file mode 100644 index 00000000..9d95022d --- /dev/null +++ b/tox.ini @@ -0,0 +1,39 @@ +[tox] +envlist = py36 + +[testenv] +deps = + pytest + pytest-mock +whitelist_externals = mkdir +commands = + mkdir -p {toxinidir}/tests/testdata/outputs_current/ + py.test -v \ + --junitxml={toxworkdir}/output/{envname}/junit.xml \ + {posargs} + +[testenv:py36] +basepython = python3.6 +setenv = + COVERAGE_FILE = .coverage.{envname} +deps = + pytest + pytest-mock + pytest-cov +whitelist_externals = mkdir +commands = + mkdir -p {toxinidir}/tests/testdata/outputs_current/ + py.test -v \ + --cov=mythril \ + --cov-config=tox.ini \ + --cov-report=xml:{toxworkdir}/output/{envname}/coverage.xml \ + --cov-report=html:{toxworkdir}/output/{envname}/covhtml \ + --junitxml={toxworkdir}/output/{envname}/junit.xml \ + {posargs} + +[coverage:report] +omit = + *__init__.py + /usr/* + *_test.py + setup.py