Update tests

pull/757/head
Bernhard Mueller 6 years ago
parent 4ccc0d70e8
commit d41b6e2676
  1. 2
      tests/cmd_line_test.py
  2. 127
      tests/testdata/outputs_expected/calls.sol.o.json
  3. 60
      tests/testdata/outputs_expected/calls.sol.o.markdown
  4. 50
      tests/testdata/outputs_expected/calls.sol.o.text
  5. 31
      tests/testdata/outputs_expected/ether_send.sol.o.json
  6. 26
      tests/testdata/outputs_expected/ether_send.sol.o.markdown
  7. 22
      tests/testdata/outputs_expected/ether_send.sol.o.text
  8. 43
      tests/testdata/outputs_expected/overflow.sol.o.json
  9. 12
      tests/testdata/outputs_expected/overflow.sol.o.markdown
  10. 11
      tests/testdata/outputs_expected/overflow.sol.o.text
  11. 43
      tests/testdata/outputs_expected/returnvalue.sol.o.json
  12. 24
      tests/testdata/outputs_expected/returnvalue.sol.o.markdown
  13. 20
      tests/testdata/outputs_expected/returnvalue.sol.o.text
  14. 43
      tests/testdata/outputs_expected/underflow.sol.o.json
  15. 12
      tests/testdata/outputs_expected/underflow.sol.o.markdown
  16. 11
      tests/testdata/outputs_expected/underflow.sol.o.text

@ -28,7 +28,7 @@ class CommandLineToolTestCase(BaseTestCase):
class TruffleTestCase(BaseTestCase): class TruffleTestCase(BaseTestCase):
def test_analysis_truffle_project(self): def test_analysis_truffle_project(self):
truffle_project_root = str(TESTS_DIR / "truffle_project") truffle_project_root = str(TESTS_DIR / "truffle_project")
command = "cd {}; truffle compile; python3 {} --truffle -t 1".format( command = "cd {}; truffle compile; python3 {} --truffle -t 2".format(
truffle_project_root, MYTH truffle_project_root, MYTH
) )
self.assertIn("=== Ether thief ====", output_of(command)) self.assertIn("=== Ether thief ====", output_of(command))

@ -1,126 +1 @@
{ {"error": null, "issues": [{"address": 666, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "thisisfine()", "max_gas_used": 35963, "min_gas_used": 1352, "swc-id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 784, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "callstoredaddress()", "max_gas_used": 36007, "min_gas_used": 1396, "swc-id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 871, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "_function_0xe11f493e", "max_gas_used": 61043, "min_gas_used": 6432, "swc-id": "104", "title": "Unchecked CALL return value", "type": "Informational"}, {"address": 912, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.", "function": "calluseraddress(address)", "max_gas_used": 616, "min_gas_used": 335, "swc-id": "107", "title": "Message call to external contract", "type": "Warning"}, {"address": 918, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "calluseraddress(address)", "max_gas_used": 35327, "min_gas_used": 1046, "swc-id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true}
"error": null,
"issues": [
{
"address": 661,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.",
"function": "thisisfine()",
"swc-id": "107",
"min_gas_used": 643,
"max_gas_used": 1254,
"title": "Message call to external contract",
"type": "Informational"
},
{
"address": 666,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.",
"function": "thisisfine()",
"swc-id": "104",
"min_gas_used": 1352,
"max_gas_used": 35963,
"title": "Unchecked CALL return value",
"type": "Informational"
},
{
"address": 779,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `setstoredaddress(address)`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.",
"function": "callstoredaddress()",
"swc-id": "107",
"min_gas_used": 687,
"max_gas_used": 1298,
"title": "Message call to external contract",
"type": "Warning"
},
{
"address": 779,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location.",
"function": "callstoredaddress()",
"swc-id": "114",
"min_gas_used": 687,
"max_gas_used": 1298,
"title": "Transaction order dependence",
"type": "Warning"
},
{
"address": 784,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.",
"function": "callstoredaddress()",
"swc-id": "104",
"min_gas_used": 1396,
"max_gas_used": 36007,
"title": "Unchecked CALL return value",
"type": "Informational"
},
{
"address": 858,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.",
"function": "_function_0xe11f493e",
"swc-id": "107",
"min_gas_used": 709,
"max_gas_used": 1320,
"title": "Message call to external contract",
"type": "Informational"
},
{
"address": 869,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.",
"function": "_function_0xe11f493e",
"swc-id": "107",
"min_gas_used": 709,
"max_gas_used": 1320,
"title": "State change after external call",
"type": "Warning"
},
{
"address": 871,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.",
"function": "_function_0xe11f493e",
"swc-id": "104",
"min_gas_used": 6432,
"max_gas_used": 61043,
"title": "Unchecked CALL return value",
"type": "Informational"
},
{
"address": 912,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "This contract executes a message call to an address provided as a function argument. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.",
"function": "calluseraddress(address)",
"swc-id": "107",
"min_gas_used": 335,
"max_gas_used": 616,
"title": "Message call to external contract",
"type": "Warning"
},
{
"address": 918,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.",
"function": "calluseraddress(address)",
"swc-id": "104",
"min_gas_used": 1046,
"max_gas_used": 35327,
"title": "Unchecked CALL return value",
"type": "Informational"
}
],
"success": true
}

@ -1,17 +1,5 @@
# Analysis results for test-filename.sol # Analysis results for test-filename.sol
## Message call to external contract
- SWC ID: 107
- Type: Informational
- Contract: Unknown
- Function name: `thisisfine()`
- PC address: 661
- Estimated Gas Usage: 643 - 1254
### Description
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
## Unchecked CALL return value ## Unchecked CALL return value
- SWC ID: 104 - SWC ID: 104
- Type: Informational - Type: Informational
@ -24,30 +12,6 @@ This contract executes a message call to to another contract. Make sure that the
The return value of an external call is not checked. Note that execution continue even if the called contract throws. The return value of an external call is not checked. Note that execution continue even if the called contract throws.
## Message call to external contract
- SWC ID: 107
- Type: Warning
- Contract: Unknown
- Function name: `callstoredaddress()`
- PC address: 779
- Estimated Gas Usage: 687 - 1298
### Description
This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `setstoredaddress(address)`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
## Transaction order dependence
- SWC ID: 114
- Type: Warning
- Contract: Unknown
- Function name: `callstoredaddress()`
- PC address: 779
- Estimated Gas Usage: 687 - 1298
### Description
Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location.
## Unchecked CALL return value ## Unchecked CALL return value
- SWC ID: 104 - SWC ID: 104
- Type: Informational - Type: Informational
@ -60,30 +24,6 @@ Possible transaction order dependence vulnerability: The value or direction of t
The return value of an external call is not checked. Note that execution continue even if the called contract throws. The return value of an external call is not checked. Note that execution continue even if the called contract throws.
## Message call to external contract
- SWC ID: 107
- Type: Informational
- Contract: Unknown
- Function name: `_function_0xe11f493e`
- PC address: 858
- Estimated Gas Usage: 709 - 1320
### Description
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
## State change after external call
- SWC ID: 107
- Type: Warning
- Contract: Unknown
- Function name: `_function_0xe11f493e`
- PC address: 869
- Estimated Gas Usage: 709 - 1320
### Description
The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.
## Unchecked CALL return value ## Unchecked CALL return value
- SWC ID: 104 - SWC ID: 104
- Type: Informational - Type: Informational

@ -1,13 +1,3 @@
==== Message call to external contract ====
SWC ID: 107
Type: Informational
Contract: Unknown
Function name: thisisfine()
PC address: 661
Estimated Gas Usage: 643 - 1254
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
--------------------
==== Unchecked CALL return value ==== ==== Unchecked CALL return value ====
SWC ID: 104 SWC ID: 104
Type: Informational Type: Informational
@ -18,26 +8,6 @@ Estimated Gas Usage: 1352 - 35963
The return value of an external call is not checked. Note that execution continue even if the called contract throws. The return value of an external call is not checked. Note that execution continue even if the called contract throws.
-------------------- --------------------
==== Message call to external contract ====
SWC ID: 107
Type: Warning
Contract: Unknown
Function name: callstoredaddress()
PC address: 779
Estimated Gas Usage: 687 - 1298
This contract executes a message call to an address found at storage slot 1. This storage slot can be written to by calling the function `setstoredaddress(address)`. Generally, it is not recommended to call user-supplied addresses using Solidity's call() construct. Note that attackers might leverage reentrancy attacks to exploit race conditions or manipulate this contract's state.
--------------------
==== Transaction order dependence ====
SWC ID: 114
Type: Warning
Contract: Unknown
Function name: callstoredaddress()
PC address: 779
Estimated Gas Usage: 687 - 1298
Possible transaction order dependence vulnerability: The value or direction of the call statement is determined from a tainted storage location.
--------------------
==== Unchecked CALL return value ==== ==== Unchecked CALL return value ====
SWC ID: 104 SWC ID: 104
Type: Informational Type: Informational
@ -48,26 +18,6 @@ Estimated Gas Usage: 1396 - 36007
The return value of an external call is not checked. Note that execution continue even if the called contract throws. The return value of an external call is not checked. Note that execution continue even if the called contract throws.
-------------------- --------------------
==== Message call to external contract ====
SWC ID: 107
Type: Informational
Contract: Unknown
Function name: _function_0xe11f493e
PC address: 858
Estimated Gas Usage: 709 - 1320
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
--------------------
==== State change after external call ====
SWC ID: 107
Type: Warning
Contract: Unknown
Function name: _function_0xe11f493e
PC address: 869
Estimated Gas Usage: 709 - 1320
The contract account state is changed after an external call. Consider that the called contract could re-enter the function before this state change takes place. This can lead to business logic vulnerabilities.
--------------------
==== Unchecked CALL return value ==== ==== Unchecked CALL return value ====
SWC ID: 104 SWC ID: 104
Type: Informational Type: Informational

@ -1,30 +1 @@
{ {"error": null, "issues": [], "success": true}
"error": null,
"issues": [
{
"address": 722,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability.",
"function": "withdrawfunds()",
"max_gas_used": 1749,
"min_gas_used": 1138,
"swc-id": "105",
"title": "Ether thief",
"type": "Warning"
},
{
"address": 883,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "This binary add operation can result in integer overflow.\n",
"function": "invest()",
"max_gas_used": 1856,
"min_gas_used": 1571,
"swc-id": "101",
"title": "Integer Overflow",
"type": "Warning"
}
],
"success": true
}

@ -1,25 +1,3 @@
# Analysis results for test-filename.sol # Analysis results for None
## Ether thief The analysis was completed successfully. No issues were detected.
- SWC ID: 105
- Type: Warning
- Contract: Unknown
- Function name: `withdrawfunds()`
- PC address: 722
- Estimated Gas Usage: 1138 - 1749
### Description
Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability.
## Integer Overflow
- SWC ID: 101
- Type: Warning
- Contract: Unknown
- Function name: `invest()`
- PC address: 883
- Estimated Gas Usage: 1571 - 1856
### Description
This binary add operation can result in integer overflow.

@ -1,21 +1 @@
==== Ether thief ==== The analysis was completed successfully. No issues were detected.
SWC ID: 105
Type: Warning
Contract: Unknown
Function name: withdrawfunds()
PC address: 722
Estimated Gas Usage: 1138 - 1749
Arbitrary senders other than the contract creator can withdraw ETH from the contract account without previously having sent an equivalent amount of ETH to it. This is likely to be a vulnerability.
--------------------
==== Integer Overflow ====
SWC ID: 101
Type: Warning
Contract: Unknown
Function name: invest()
PC address: 883
Estimated Gas Usage: 1571 - 1856
This binary add operation can result in integer overflow.
--------------------

@ -1,42 +1 @@
{ {"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "max_gas_used": 1035, "min_gas_used": 750, "swc-id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "max_gas_used": 1758, "min_gas_used": 1283, "swc-id": "101", "title": "Integer Underflow", "type": "Warning"}], "success": true}
"error": null,
"issues": [
{
"address": 567,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "The subtraction can result in an integer underflow.\n",
"function": "sendeth(address,uint256)",
"swc-id": "101",
"min_gas_used": 750,
"max_gas_used": 1035,
"title": "Integer Underflow",
"type": "Warning"
},
{
"address": 649,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "The subtraction can result in an integer underflow.\n",
"function": "sendeth(address,uint256)",
"swc-id": "101",
"min_gas_used": 1283,
"max_gas_used": 1758,
"title": "Integer Underflow",
"type": "Warning"
},
{
"address": 725,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "This binary add operation can result in integer overflow.\n",
"function": "sendeth(address,uint256)",
"swc-id": "101",
"min_gas_used": 6806,
"max_gas_used": 27471,
"title": "Integer Overflow",
"type": "Warning"
}
],
"success": true
}

@ -23,15 +23,3 @@ The subtraction can result in an integer underflow.
### Description ### Description
The subtraction can result in an integer underflow. The subtraction can result in an integer underflow.
## Integer Overflow
- SWC ID: 101
- Type: Warning
- Contract: Unknown
- Function name: `sendeth(address,uint256)`
- PC address: 725
- Estimated Gas Usage: 6806 - 27471
### Description
This binary add operation can result in integer overflow.

@ -20,14 +20,3 @@ The subtraction can result in an integer underflow.
-------------------- --------------------
==== Integer Overflow ====
SWC ID: 101
Type: Warning
Contract: Unknown
Function name: sendeth(address,uint256)
PC address: 725
Estimated Gas Usage: 6806 - 27471
This binary add operation can result in integer overflow.
--------------------

@ -1,42 +1 @@
{ {"error": null, "issues": [{"address": 290, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.", "function": "callnotchecked()", "max_gas_used": 35941, "min_gas_used": 1330, "swc-id": "104", "title": "Unchecked CALL return value", "type": "Informational"}], "success": true}
"error": null,
"issues": [
{
"address": 196,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.",
"function": "callchecked()",
"swc-id": "107",
"min_gas_used": 599,
"max_gas_used": 1210,
"title": "Message call to external contract",
"type": "Informational"
},
{
"address": 285,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.",
"function": "callnotchecked()",
"swc-id": "107",
"min_gas_used": 621,
"max_gas_used": 1232,
"title": "Message call to external contract",
"type": "Informational"
},
{
"address": 290,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "The return value of an external call is not checked. Note that execution continue even if the called contract throws.",
"function": "callnotchecked()",
"swc-id": "104",
"min_gas_used": 1330,
"max_gas_used": 35941,
"title": "Unchecked CALL return value",
"type": "Informational"
}
],
"success": true
}

@ -1,29 +1,5 @@
# Analysis results for test-filename.sol # Analysis results for test-filename.sol
## Message call to external contract
- SWC ID: 107
- Type: Informational
- Contract: Unknown
- Function name: `callchecked()`
- PC address: 196
- Estimated Gas Usage: 599 - 1210
### Description
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
## Message call to external contract
- SWC ID: 107
- Type: Informational
- Contract: Unknown
- Function name: `callnotchecked()`
- PC address: 285
- Estimated Gas Usage: 621 - 1232
### Description
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
## Unchecked CALL return value ## Unchecked CALL return value
- SWC ID: 104 - SWC ID: 104
- Type: Informational - Type: Informational

@ -1,23 +1,3 @@
==== Message call to external contract ====
SWC ID: 107
Type: Informational
Contract: Unknown
Function name: callchecked()
PC address: 196
Estimated Gas Usage: 599 - 1210
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
--------------------
==== Message call to external contract ====
SWC ID: 107
Type: Informational
Contract: Unknown
Function name: callnotchecked()
PC address: 285
Estimated Gas Usage: 621 - 1232
This contract executes a message call to to another contract. Make sure that the called contract is trusted and does not execute user-supplied code.
--------------------
==== Unchecked CALL return value ==== ==== Unchecked CALL return value ====
SWC ID: 104 SWC ID: 104
Type: Informational Type: Informational

@ -1,42 +1 @@
{ {"error": null, "issues": [{"address": 567, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "max_gas_used": 1035, "min_gas_used": 750, "swc-id": "101", "title": "Integer Underflow", "type": "Warning"}, {"address": 649, "contract": "Unknown", "debug": "<DEBUG-DATA>", "description": "The subtraction can result in an integer underflow.\n", "function": "sendeth(address,uint256)", "max_gas_used": 1758, "min_gas_used": 1283, "swc-id": "101", "title": "Integer Underflow", "type": "Warning"}], "success": true}
"error": null,
"issues": [
{
"address": 567,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "The subtraction can result in an integer underflow.\n",
"function": "sendeth(address,uint256)",
"swc-id": "101",
"min_gas_used": 750,
"max_gas_used": 1035,
"title": "Integer Underflow",
"type": "Warning"
},
{
"address": 649,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "The subtraction can result in an integer underflow.\n",
"function": "sendeth(address,uint256)",
"swc-id": "101",
"min_gas_used": 1283,
"max_gas_used": 1758,
"title": "Integer Underflow",
"type": "Warning"
},
{
"address": 725,
"contract": "Unknown",
"debug": "<DEBUG-DATA>",
"description": "This binary add operation can result in integer overflow.\n",
"function": "sendeth(address,uint256)",
"swc-id": "101",
"min_gas_used": 6806,
"max_gas_used": 27471,
"title": "Integer Overflow",
"type": "Warning"
}
],
"success": true
}

@ -23,15 +23,3 @@ The subtraction can result in an integer underflow.
### Description ### Description
The subtraction can result in an integer underflow. The subtraction can result in an integer underflow.
## Integer Overflow
- SWC ID: 101
- Type: Warning
- Contract: Unknown
- Function name: `sendeth(address,uint256)`
- PC address: 725
- Estimated Gas Usage: 6806 - 27471
### Description
This binary add operation can result in integer overflow.

@ -20,14 +20,3 @@ The subtraction can result in an integer underflow.
-------------------- --------------------
==== Integer Overflow ====
SWC ID: 101
Type: Warning
Contract: Unknown
Function name: sendeth(address,uint256)
PC address: 725
Estimated Gas Usage: 6806 - 27471
This binary add operation can result in integer overflow.
--------------------

Loading…
Cancel
Save