Static Analyzer for Solidity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
slither/examples/scripts/data_dependency.py

123 lines
5.0 KiB

import sys
from slither import Slither
4 years ago
from slither.analyses.data_dependency.data_dependency import (
is_dependent,
is_tainted,
)
from slither.core.declarations.solidity_variables import SolidityVariableComposed
if len(sys.argv) != 2:
4 years ago
print("Usage: python data_dependency.py file.sol")
sys.exit(-1)
slither = Slither(sys.argv[1])
contracts = slither.get_contract_from_name("Simple")
assert len(contracts) == 1
contract = contracts[0]
4 years ago
destination = contract.get_state_variable_from_name("destination")
source = contract.get_state_variable_from_name("source")
print(f"{source} is dependent of {destination}: {is_dependent(source, destination, contract)}")
assert not is_dependent(source, destination, contract)
print(f"{destination} is dependent of {source}: {is_dependent(destination, source, contract)}")
assert is_dependent(destination, source, contract)
print(f"{source} is tainted {is_tainted(source, contract)}")
assert not is_tainted(source, contract)
print(f"{destination} is tainted {is_tainted(destination, contract)}")
assert is_tainted(destination, contract)
contracts = slither.get_contract_from_name("Reference")
assert len(contracts) == 1
contract = contracts[0]
4 years ago
destination = contract.get_state_variable_from_name("destination")
4 years ago
assert destination
4 years ago
source = contract.get_state_variable_from_name("source")
4 years ago
assert source
4 years ago
print("Reference contract")
print(f"{source} is dependent of {destination}: {is_dependent(source, destination, contract)}")
assert not is_dependent(source, destination, contract)
print(f"{destination} is dependent of {source}: {is_dependent(destination, source, contract)}")
assert is_dependent(destination, source, contract)
print(f"{source} is tainted {is_tainted(source, contract)}")
assert not is_tainted(source, contract)
print(f"{destination} is tainted {is_tainted(destination, contract)}")
assert is_tainted(destination, contract)
4 years ago
destination_indirect_1 = contract.get_state_variable_from_name("destination_indirect_1")
print(f"{destination_indirect_1} is tainted {is_tainted(destination_indirect_1, contract)}")
assert is_tainted(destination_indirect_1, contract)
4 years ago
destination_indirect_2 = contract.get_state_variable_from_name("destination_indirect_2")
print(f"{destination_indirect_2} is tainted {is_tainted(destination_indirect_2, contract)}")
assert is_tainted(destination_indirect_2, contract)
4 years ago
print("SolidityVar contract")
contracts = slither.get_contract_from_name("SolidityVar")
assert len(contracts) == 1
contract = contracts[0]
4 years ago
addr_1 = contract.get_state_variable_from_name("addr_1")
4 years ago
assert addr_1
4 years ago
addr_2 = contract.get_state_variable_from_name("addr_2")
4 years ago
assert addr_2
4 years ago
msgsender = SolidityVariableComposed("msg.sender")
print(f"{addr_1} is dependent of {msgsender}: {is_dependent(addr_1, msgsender, contract)}")
assert is_dependent(addr_1, msgsender, contract)
print(f"{addr_2} is dependent of {msgsender}: {is_dependent(addr_2, msgsender, contract)}")
assert not is_dependent(addr_2, msgsender, contract)
4 years ago
print("Intermediate contract")
contracts = slither.get_contract_from_name("Intermediate")
assert len(contracts) == 1
contract = contracts[0]
4 years ago
destination = contract.get_state_variable_from_name("destination")
4 years ago
assert destination
4 years ago
source = contract.get_state_variable_from_name("source")
4 years ago
assert source
print(f"{destination} is dependent of {source}: {is_dependent(destination, source, contract)}")
assert is_dependent(destination, source, contract)
4 years ago
print("Base Derived contract")
contracts = slither.get_contract_from_name("Base")
assert len(contracts) == 1
contract = contracts[0]
contract_derived = slither.get_contract_from_name("Derived")[0]
4 years ago
destination = contract.get_state_variable_from_name("destination")
source = contract.get_state_variable_from_name("source")
print(f"{destination} is dependent of {source}: {is_dependent(destination, source, contract)}")
assert not is_dependent(destination, source, contract)
4 years ago
print(
f"{destination} is dependent of {source}: {is_dependent(destination, source, contract_derived)}"
4 years ago
)
assert is_dependent(destination, source, contract_derived)
4 years ago
print("PropagateThroughArguments contract")
contracts = slither.get_contract_from_name("PropagateThroughArguments")
assert len(contracts) == 1
contract = contracts[0]
4 years ago
var_tainted = contract.get_state_variable_from_name("var_tainted")
4 years ago
assert var_tainted
4 years ago
var_not_tainted = contract.get_state_variable_from_name("var_not_tainted")
4 years ago
assert var_not_tainted
4 years ago
var_dependant = contract.get_state_variable_from_name("var_dependant")
4 years ago
assert var_dependant
4 years ago
f = contract.get_function_from_signature("f(uint256)")
4 years ago
assert f
user_input = f.parameters[0]
4 years ago
f2 = contract.get_function_from_signature("f2(uint256,uint256)")
4 years ago
print(
f"{var_dependant} is dependent of {user_input}: {is_dependent(var_dependant, user_input, contract)} (base)"
4 years ago
)
assert is_dependent(var_dependant, user_input, contract)
print(f"{var_tainted} is tainted: {is_tainted(var_tainted, contract)}")
assert is_tainted(var_tainted, contract)
print(f"{var_not_tainted} is tainted: {is_tainted(var_not_tainted, contract)}")
assert not is_tainted(var_not_tainted, contract)