diff --git a/.travis.yml b/.travis.yml index 6de6cf142..d3ccde3c2 100644 --- a/.travis.yml +++ b/.travis.yml @@ -12,6 +12,12 @@ env: - TEST_SUITE=scripts/travis_test_find_paths.sh - TEST_SUITE=scripts/travis_test_truffle.sh - TEST_SUITE=scripts/travis_test_embark.sh + - TEST_SUITE=scripts/travis_test_etherscan.sh + - TEST_SUITE=scripts/travis_test_dapp.sh + - TEST_SUITE=scripts/travis_test_etherlime.sh + - TEST_SUITE=scripts/travis_test_cli.sh + - TEST_SUITE=scripts/travis_test_printers.sh + - TEST_SUITE=scripts/travis_test_slither_config.sh branches: only: - master diff --git a/README.md b/README.md index aceff95bd..880fd30e2 100644 --- a/README.md +++ b/README.md @@ -21,7 +21,7 @@ Slither is a Solidity static analysis framework written in Python 3. It runs a s ## Usage -Run Slither on a Truffle application: +Run Slither on a Truffle/Embark/Dapp/Etherlime application: ``` slither . ``` @@ -71,6 +71,7 @@ Num | Detector | What it Detects | Impact | Confidence 30 | `pragma` | [If different pragma directives are used](https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used) | Informational | High 31 | `solc-version` | [Incorrect Solidity version (< 0.4.24 or complex pragma)](https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-version-of-solidity) | Informational | High 32 | `unused-state` | [Unused state variables](https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variables) | Informational | High +33 | `too-many-digits` | [Conformance to numeric notation best practices](https://github.com/crytic/slither/wiki/Detector-Documentation#too-many-digits) | Informational | Medium [Contact us](https://www.trailofbits.com/contact/) to get access to additional detectors. diff --git a/scripts/fix_travis_relative_paths.sh b/scripts/fix_travis_relative_paths.sh new file mode 100755 index 000000000..7c0a03d38 --- /dev/null +++ b/scripts/fix_travis_relative_paths.sh @@ -0,0 +1,5 @@ +CURRENT_PATH=$(pwd) +TRAVIS_PATH='/home/travis/build/crytic/slither' +for f in tests/expected_json/*json; do + sed "s|$CURRENT_PATH|$TRAVIS_PATH|g" "$f" -i +done diff --git a/scripts/tests_generate_expected_json_4.sh b/scripts/tests_generate_expected_json_4.sh index 3fcdd9101..184c199f1 100755 --- a/scripts/tests_generate_expected_json_4.sh +++ b/scripts/tests_generate_expected_json_4.sh @@ -1,23 +1,29 @@ #!/usr/bin/env bash DIR="$(cd "$(dirname "$0")" && pwd)" +CURRENT_PATH=$(pwd) +TRAVIS_PATH='/home/travis/build/crytic/slither' # generate_expected_json file.sol detectors generate_expected_json(){ # generate output filename # e.g. file: uninitialized.sol detector: uninitialized-state # ---> uninitialized.uninitialized-state.json - output_filename="$(basename $1 .sol).$2.json" + output_filename="$DIR/../tests/expected_json/$(basename $1 .sol).$2.json" + output_filename_txt="$DIR/../tests/expected_json/$(basename $1 .sol).$2.txt" # run slither detector on input file and save output as json - slither "$1" --disable-solc-warnings --detect "$2" --json "$DIR/../tests/expected_json/$output_filename" --solc solc-0.4.25 + slither "$1" --solc-disable-warnings --detect "$2" --json "$output_filename" --solc solc-0.4.25 > $output_filename_txt 2>&1 + + sed "s|$CURRENT_PATH|$TRAVIS_PATH|g" "$output_filename" -i } #generate_expected_json tests/deprecated_calls.sol "deprecated-standards" #generate_expected_json tests/erc20_indexed.sol "erc20-indexed" #generate_expected_json tests/incorrect_erc20_interface.sol "erc20-interface" +#generate_expected_json tests/incorrect_erc721_interface.sol "erc721-interface" #generate_expected_json tests/uninitialized.sol "uninitialized-state" #generate_expected_json tests/backdoor.sol "backdoor" #generate_expected_json tests/backdoor.sol "suicidal" @@ -47,4 +53,4 @@ generate_expected_json(){ #generate_expected_json tests/shadowing_builtin_symbols.sol "shadowing-builtin" #generate_expected_json tests/shadowing_local_variable.sol "shadowing-local" #generate_expected_json tests/solc_version_incorrect.sol "solc-version" -generate_expected_json tests/right_to_left_override.sol "rtlo" +#generate_expected_json tests/right_to_left_override.sol "rtlo" diff --git a/scripts/tests_generate_expected_json_5.sh b/scripts/tests_generate_expected_json_5.sh index 6615bd823..b6107458e 100755 --- a/scripts/tests_generate_expected_json_5.sh +++ b/scripts/tests_generate_expected_json_5.sh @@ -1,17 +1,22 @@ #!/usr/bin/env bash DIR="$(cd "$(dirname "$0")" && pwd)" +CURRENT_PATH=$(pwd) +TRAVIS_PATH='/home/travis/build/crytic/slither' + # generate_expected_json file.sol detectors generate_expected_json(){ # generate output filename # e.g. file: uninitialized.sol detector: uninitialized-state # ---> uninitialized.uninitialized-state.json - output_filename="$(basename $1 .sol).$2.json" + output_filename="$DIR/../tests/expected_json/$(basename $1 .sol).$2.json" + output_filename_txt="$DIR/../tests/expected_json/$(basename $1 .sol).$2.txt" # run slither detector on input file and save output as json - slither "$1" --disable-solc-warnings --detect "$2" --json "$DIR/../tests/expected_json/$output_filename" --solc solc-0.5.1 + slither "$1" --solc-disable-warnings --detect "$2" --json "$output_filename" --solc solc-0.5.1 > $output_filename_txt 2>&1 + sed "s|$CURRENT_PATH|$TRAVIS_PATH|g" "$output_filename" -i } #generate_expected_json tests/uninitialized-0.5.1.sol "uninitialized-state" @@ -29,3 +34,5 @@ generate_expected_json(){ #generate_expected_json tests/inline_assembly_library-0.5.1.sol "assembly" #generate_expected_json tests/constant-0.5.1.sol "constant-function" #generate_expected_json tests/incorrect_equality.sol "incorrect-equality" +#generate_expected_json tests/too_many_digits.sol "too-many-digits" + diff --git a/scripts/travis_install.sh b/scripts/travis_install.sh index ae3287f2e..acd47eaba 100755 --- a/scripts/travis_install.sh +++ b/scripts/travis_install.sh @@ -15,3 +15,6 @@ function install_solc { } install_solc + + + diff --git a/scripts/travis_test_4.sh b/scripts/travis_test_4.sh index b06a1fb13..171079d9e 100755 --- a/scripts/travis_test_4.sh +++ b/scripts/travis_test_4.sh @@ -4,13 +4,15 @@ DIR="$(cd "$(dirname "$0")" && pwd)" +CURRENT_PATH=$(pwd) +TRAVIS_PATH='/home/travis/build/crytic/slither' # test_slither file.sol detectors test_slither(){ expected="$DIR/../tests/expected_json/$(basename $1 .sol).$2.json" # run slither detector on input file and save output as json - slither "$1" --disable-solc-warnings --detect "$2" --json "$DIR/tmp-test.json" --solc solc-0.4.25 + slither "$1" --solc-disable-warnings --detect "$2" --json "$DIR/tmp-test.json" --solc solc-0.4.25 if [ $? -eq 255 ] then echo "Slither crashed" @@ -24,6 +26,7 @@ test_slither(){ exit 1 fi + sed "s|$CURRENT_PATH|$TRAVIS_PATH|g" "$DIR/tmp-test.json" -i result=$(python "$DIR/json_diff.py" "$expected" "$DIR/tmp-test.json") rm "$DIR/tmp-test.json" @@ -37,7 +40,7 @@ test_slither(){ fi # run slither detector on input file and save output as json - slither "$1" --disable-solc-warnings --detect "$2" --legacy-ast --json "$DIR/tmp-test.json" --solc solc-0.4.25 + slither "$1" --solc-disable-warnings --detect "$2" --legacy-ast --json "$DIR/tmp-test.json" --solc solc-0.4.25 if [ $? -eq 255 ] then echo "Slither crashed" @@ -51,6 +54,7 @@ test_slither(){ exit 1 fi + sed "s|$CURRENT_PATH|$TRAVIS_PATH|g" "$DIR/tmp-test.json" -i result=$(python "$DIR/json_diff.py" "$expected" "$DIR/tmp-test.json") rm "$DIR/tmp-test.json" @@ -68,6 +72,7 @@ test_slither(){ test_slither tests/deprecated_calls.sol "deprecated-standards" test_slither tests/erc20_indexed.sol "erc20-indexed" test_slither tests/incorrect_erc20_interface.sol "erc20-interface" +test_slither tests/incorrect_erc721_interface.sol "erc721-interface" test_slither tests/uninitialized.sol "uninitialized-state" test_slither tests/backdoor.sol "backdoor" test_slither tests/backdoor.sol "suicidal" diff --git a/scripts/travis_test_5.sh b/scripts/travis_test_5.sh index 7a5717922..da5455db0 100755 --- a/scripts/travis_test_5.sh +++ b/scripts/travis_test_5.sh @@ -4,13 +4,16 @@ DIR="$(cd "$(dirname "$0")" && pwd)" +CURRENT_PATH=$(pwd) +TRAVIS_PATH='/home/travis/build/crytic/slither' + # test_slither file.sol detectors test_slither(){ expected="$DIR/../tests/expected_json/$(basename $1 .sol).$2.json" # run slither detector on input file and save output as json - slither "$1" --disable-solc-warnings --detect "$2" --json "$DIR/tmp-test.json" --solc solc-0.5.1 + slither "$1" --solc-disable-warnings --detect "$2" --json "$DIR/tmp-test.json" --solc solc-0.5.1 if [ $? -eq 255 ] then echo "Slither crashed" @@ -23,7 +26,7 @@ test_slither(){ echo "" exit 1 fi - + sed "s|$CURRENT_PATH|$TRAVIS_PATH|g" "$DIR/tmp-test.json" -i result=$(python "$DIR/json_diff.py" "$expected" "$DIR/tmp-test.json") rm "$DIR/tmp-test.json" @@ -37,7 +40,7 @@ test_slither(){ fi # run slither detector on input file and save output as json - slither "$1" --disable-solc-warnings --detect "$2" --legacy-ast --json "$DIR/tmp-test.json" --solc solc-0.5.1 + slither "$1" --solc-disable-warnings --detect "$2" --legacy-ast --json "$DIR/tmp-test.json" --solc solc-0.5.1 if [ $? -eq 255 ] then echo "Slither crashed" @@ -51,6 +54,7 @@ test_slither(){ exit 1 fi + sed "s|$CURRENT_PATH|$TRAVIS_PATH|g" "$DIR/tmp-test.json" -i result=$(python "$DIR/json_diff.py" "$expected" "$DIR/tmp-test.json") rm "$DIR/tmp-test.json" @@ -87,6 +91,8 @@ test_slither tests/constant-0.5.1.sol "constant-function" test_slither tests/unused_return.sol "unused-return" test_slither tests/timestamp.sol "timestamp" test_slither tests/incorrect_equality.sol "incorrect-equality" +test_slither tests/too_many_digits.sol "too-many-digits" + ### Test scripts diff --git a/scripts/travis_test_cli.sh b/scripts/travis_test_cli.sh new file mode 100755 index 000000000..ae0ece063 --- /dev/null +++ b/scripts/travis_test_cli.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash + +### Test + +slither "tests/*.json" --solc-ast --ignore-return-value + +if [ $? -ne 0 ]; then + echo "--solc-ast failed" + exit 1 +fi + +slither "tests/*0.5*.sol" --solc-disable-warnings --ignore-return-value + +if [ $? -ne 0 ]; then + echo "--solc-disable-warnings failed" + exit 1 +fi + +slither "tests/*0.5*.sol" --disable-color --ignore-return-value + +if [ $? -ne 0 ]; then + echo "--disable-color failed" + exit 1 +fi diff --git a/scripts/travis_test_dapp.sh b/scripts/travis_test_dapp.sh new file mode 100755 index 000000000..83bf097e1 --- /dev/null +++ b/scripts/travis_test_dapp.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +### Test Dapp integration + +mkdir test_dapp +cd test_dapp + +curl https://nixos.org/nix/install | sh +. "$HOME/.nix-profile/etc/profile.d/nix.sh" +git clone --recursive https://github.com/dapphub/dapptools $HOME/.dapp/dapptools +nix-env -f $HOME/.dapp/dapptools -iA dapp seth solc hevm ethsign + +dapp init + +slither . + +if [ $? -eq 21 ] +then + exit 0 +fi + +echo "Truffle test failed" +exit -1 diff --git a/scripts/travis_test_etherlime.sh b/scripts/travis_test_etherlime.sh new file mode 100755 index 000000000..226dbba66 --- /dev/null +++ b/scripts/travis_test_etherlime.sh @@ -0,0 +1,23 @@ +#!/usr/bin/env bash + +### Test etherlime integration + +mkdir test_etherlime +cd test_etherlime + +curl -o- https://raw.githubusercontent.com/creationix/nvm/v0.34.0/install.sh | bash +source ~/.nvm/nvm.sh +nvm install --lts +nvm use --lts + +npm i -g etherlime +etherlime init +slither . + +if [ $? -eq 6 ] +then + exit 0 +fi + +echo "Etherlime test failed" +exit -1 diff --git a/scripts/travis_test_etherscan.sh b/scripts/travis_test_etherscan.sh new file mode 100755 index 000000000..49fde309f --- /dev/null +++ b/scripts/travis_test_etherscan.sh @@ -0,0 +1,26 @@ +#!/usr/bin/env bash + +### Test etherscan integration + +mkdir etherscan +cd etherscan + +wget -O solc-0.4.25 https://github.com/ethereum/solidity/releases/download/v0.4.25/solc-static-linux +chmod +x solc-0.4.25 + +slither 0x7F37f78cBD74481E593F9C737776F7113d76B315 --solc "./solc-0.4.25" + +if [ $? -ne 5 ] +then + echo "Etherscan test failed" + exit -1 +fi + +slither rinkeby:0xFe05820C5A92D9bc906D4A46F662dbeba794d3b7 --solc "./solc-0.4.25" + +if [ $? -ne 68 ] +then + echo "Etherscan test failed" + exit -1 +fi + diff --git a/scripts/travis_test_printers.sh b/scripts/travis_test_printers.sh new file mode 100755 index 000000000..0e3eb8a0c --- /dev/null +++ b/scripts/travis_test_printers.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +### Test printer + +slither "tests/*.json" --print all + +if [ $? -ne 0 ]; then + echo "Printer tests failed" + exit 1 +fi + diff --git a/scripts/travis_test_slither_config.sh b/scripts/travis_test_slither_config.sh new file mode 100755 index 000000000..e5f40afd5 --- /dev/null +++ b/scripts/travis_test_slither_config.sh @@ -0,0 +1,11 @@ +#!/usr/bin/env bash + +### Test + +slither "tests/*.json" --config "tests/config/slither.config.json" + +if [ $? -ne 0 ]; then + echo "Config failed" + exit 1 +fi + diff --git a/setup.py b/setup.py index 7b8bead4c..4721aea29 100644 --- a/setup.py +++ b/setup.py @@ -5,10 +5,10 @@ setup( description='Slither is a Solidity static analysis framework written in Python 3.', url='https://github.com/crytic/slither', author='Trail of Bits', - version='0.6.2', + version='0.6.3', packages=find_packages(), python_requires='>=3.6', - install_requires=['prettytable>=0.7.2', 'pysha3>=1.0.2'], + install_requires=['prettytable>=0.7.2', 'pysha3>=1.0.2', 'crytic-compile>=0.1.0'], license='AGPL-3.0', long_description=open('README.md').read(), entry_points={ diff --git a/slither/__main__.py b/slither/__main__.py index 75560066b..89678b291 100644 --- a/slither/__main__.py +++ b/slither/__main__.py @@ -11,6 +11,7 @@ import sys import traceback from pkg_resources import iter_entry_points, require +from crytic_compile import cryticparser from slither.detectors import all_detectors from slither.detectors.abstract_detector import (AbstractDetector, @@ -22,6 +23,7 @@ from slither.utils.colors import red, yellow, set_colorization_enabled from slither.utils.command_line import (output_detectors, output_results_to_markdown, output_detectors_json, output_printers, output_to_markdown, output_wiki) +from crytic_compile import is_supported logging.basicConfig() logger = logging.getLogger("Slither") @@ -43,18 +45,10 @@ def process(filename, args, detector_classes, printer_classes): ast = '--ast-compact-json' if args.legacy_ast: ast = '--ast-json' + args.filter_paths = parse_filter_paths(args) slither = Slither(filename, - solc=args.solc, - disable_solc_warnings=args.disable_solc_warnings, - solc_arguments=args.solc_args, ast_format=ast, - truffle_build_directory=args.truffle_build_directory, - truffle_ignore_compile=args.truffle_ignore_compile, - truffle_version=args.truffle_version, - embark_ignore_compile=args.embark_ignore_compile, - embark_overwrite_config=args.embark_overwrite_config, - filter_paths=parse_filter_paths(args), - triage_mode=args.triage_mode) + **vars(args)) return _process(slither, detector_classes, printer_classes) @@ -110,7 +104,7 @@ def output_json(results, filename): logger.info(yellow(f'{filename} exists already, the overwrite is prevented')) else: with open(filename, 'w', encoding='utf8') as f: - json.dump(results, f) + json.dump(results, f, indent=2) # endregion ################################################################################### @@ -211,6 +205,9 @@ def choose_printers(args, all_printer_classes): if args.printers_to_run is None: return [] + if args.printers_to_run == 'all': + return all_printer_classes + printers = {p.ARGUMENT: p for p in all_printer_classes} for p in args.printers_to_run.split(','): if p in printers: @@ -251,7 +248,9 @@ defaults_flag_in_config = { 'truffle_build_directory': 'build/contracts', 'embark_ignore_compile': False, 'embark_overwrite_config': False, - 'legacy_ast': False + # debug command + 'legacy_ast': False, + 'ignore_return_value': False } def parse_args(detector_classes, printer_classes): @@ -261,6 +260,8 @@ def parse_args(detector_classes, printer_classes): parser.add_argument('filename', help='contract.sol') + cryticparser.init(parser) + parser.add_argument('--version', help='displays the current version', version=require('slither-analyzer')[0].version, @@ -268,9 +269,6 @@ def parse_args(detector_classes, printer_classes): group_detector = parser.add_argument_group('Detectors') group_printer = parser.add_argument_group('Printers') - group_solc = parser.add_argument_group('Solc options') - group_truffle = parser.add_argument_group('Truffle options') - group_embark = parser.add_argument_group('Embark options') group_misc = parser.add_argument_group('Additional option') group_detector.add_argument('--detect', @@ -327,53 +325,6 @@ def parse_args(detector_classes, printer_classes): action='store_true', default=defaults_flag_in_config['exclude_high']) - group_solc.add_argument('--solc', - help='solc path', - action='store', - default=defaults_flag_in_config['solc']) - - group_solc.add_argument('--solc-args', - help='Add custom solc arguments. Example: --solc-args "--allow-path /tmp --evm-version byzantium".', - action='store', - default=defaults_flag_in_config['solc_args']) - - group_solc.add_argument('--disable-solc-warnings', - help='Disable solc warnings', - action='store_true', - default=defaults_flag_in_config['disable_solc_warnings']) - - group_solc.add_argument('--solc-ast', - help='Provide the ast solc file', - action='store_true', - default=False) - - group_truffle.add_argument('--truffle-ignore-compile', - help='Do not run truffle compile', - action='store_true', - dest='truffle_ignore_compile', - default=defaults_flag_in_config['truffle_ignore_compile']) - - group_truffle.add_argument('--truffle-build-directory', - help='Use an alternative truffle build directory', - action='store', - dest='truffle_build_directory', - default=defaults_flag_in_config['truffle_build_directory']) - - group_truffle.add_argument('--truffle-version', - help='Use a local Truffle version (with npx)', - action='store', - default=defaults_flag_in_config['truffle_version']) - - group_embark.add_argument('--embark-ignore-compile', - help='Do not run embark build', - action='store_true', - dest='embark_ignore_compile', - default=defaults_flag_in_config['embark_ignore_compile']) - - group_embark.add_argument('--embark-overwrite-config', - help='Install @trailofbits/embark-contract-export and add it to embark.json', - action='store_true', - default=defaults_flag_in_config['embark_overwrite_config']) group_misc.add_argument('--json', help='Export results as JSON', @@ -404,6 +355,11 @@ def parse_args(detector_classes, printer_classes): dest='config_file', default='slither.config.json') + group_misc.add_argument('--solc-ast', + help='Provide the contract as a json AST', + action='store_true', + default=False) + # debugger command parser.add_argument('--debug', help=argparse.SUPPRESS, @@ -440,7 +396,7 @@ def parse_args(detector_classes, printer_classes): parser.add_argument('--ignore-return-value', help=argparse.SUPPRESS, action='store_true', - default=False) + default=defaults_flag_in_config['ignore_return_value']) # if the json is splitted in different files parser.add_argument('--splitted', @@ -538,19 +494,28 @@ def main_impl(all_detector_classes, all_printer_classes): ('ExpressionParsing', default_log), ('TypeParsing', default_log), ('SSA_Conversion', default_log), - ('Printers', default_log)]: + ('Printers', default_log), + #('CryticCompile', default_log) + ]: l = logging.getLogger(l_name) l.setLevel(l_level) + console_handler = logging.StreamHandler() + console_handler.setLevel(logging.INFO) + + console_handler.setFormatter(FormatterCryticCompile()) + + crytic_compile_error = logging.getLogger(('CryticCompile')) + crytic_compile_error.addHandler(console_handler) + crytic_compile_error.propagate = False + crytic_compile_error.setLevel(logging.INFO) + try: filename = args.filename globbed_filenames = glob.glob(filename, recursive=True) - if os.path.isfile(filename) or\ - os.path.isfile(os.path.join(filename, 'truffle.js')) or\ - os.path.isfile(os.path.join(filename, 'truffle-config.js')) or\ - os.path.isfile(os.path.join(filename, 'embark.json')): + if os.path.isfile(filename) or is_supported(filename): (results, number_contracts) = process(filename, args, detector_classes, printer_classes) elif os.path.isdir(filename) or len(globbed_filenames) > 0: @@ -598,3 +563,21 @@ if __name__ == '__main__': # endregion +################################################################################### +################################################################################### +# region CustomFormatter +################################################################################### +################################################################################### + + +class FormatterCryticCompile(logging.Formatter): + def format(self, record): + #for i, msg in enumerate(record.msg): + if record.msg.startswith('Compilation warnings/errors on '): + txt = record.args[1] + txt = txt.split('\n') + txt = [red(x) if 'Error' in x else x for x in txt] + txt = '\n'.join(txt) + record.args = (record.args[0], txt) + return super().format(record) +# endregion diff --git a/slither/core/declarations/contract.py b/slither/core/declarations/contract.py index 787172843..f53e2a717 100644 --- a/slither/core/declarations/contract.py +++ b/slither/core/declarations/contract.py @@ -527,6 +527,14 @@ class Contract(ChildSlither, SourceMapping): """ return all((not f.is_implemented) for f in self.functions) + # endregion + ################################################################################### + ################################################################################### + # region ERC conformance + ################################################################################### + ################################################################################### + + def is_erc20(self): """ Check if the contract is an erc20 token @@ -535,11 +543,49 @@ class Contract(ChildSlither, SourceMapping): Returns: bool """ - full_names = [f.full_name for f in self.functions] + full_names = set([f.full_name for f in self.functions]) return 'transfer(address,uint256)' in full_names and\ 'transferFrom(address,address,uint256)' in full_names and\ 'approve(address,uint256)' in full_names + def is_erc721(self): + full_names = set([f.full_name for f in self.functions]) + return self.is_erc20() and\ + 'ownerOf(uint256)' in full_names and\ + 'safeTransferFrom(address,address,uint256,bytes)' in full_names and\ + 'safeTransferFrom(address,address,uint256)' in full_names and\ + 'setApprovalForAll(address,bool)' in full_names and\ + 'getApproved(uint256)' in full_names and\ + 'isApprovedForAll(address,address)' in full_names + + def has_an_erc20_function(self): + """ + Checks if the provided contract could be attempting to implement ERC20 standards. + :param contract: The contract to check for token compatibility. + :return: Returns a boolean indicating if the provided contract met the token standard. + """ + full_names = set([f.full_name for f in self.functions]) + return 'transfer(address,uint256)' in full_names or \ + 'transferFrom(address,address,uint256)' in full_names or \ + 'approve(address,uint256)' in full_names + + def has_an_erc721_function(self): + """ + Checks if the provided contract could be attempting to implement ERC721 standards. + :param contract: The contract to check for token compatibility. + :return: Returns a boolean indicating if the provided contract met the token standard. + """ + full_names = set([f.full_name for f in self.functions]) + return self.has_an_erc20_function() and \ + ('ownerOf(uint256)' in full_names or + 'safeTransferFrom(address,address,uint256,bytes)' in full_names or + 'safeTransferFrom(address,address,uint256)' in full_names or + 'setApprovalForAll(address,bool)' in full_names or + 'getApproved(uint256)' in full_names or + 'isApprovedForAll(address,address)' in full_names) + + + # endregion ################################################################################### ################################################################################### diff --git a/slither/core/declarations/function.py b/slither/core/declarations/function.py index 5c8849880..1a99f90e3 100644 --- a/slither/core/declarations/function.py +++ b/slither/core/declarations/function.py @@ -86,6 +86,7 @@ class Function(ChildContract, SourceMapping): self._reachable_from_nodes = set() self._reachable_from_functions = set() + ################################################################################### ################################################################################### # region General properties @@ -1070,4 +1071,4 @@ class Function(ChildContract, SourceMapping): def __str__(self): return self._name - # endregion + # endregion \ No newline at end of file diff --git a/slither/core/declarations/structure.py b/slither/core/declarations/structure.py index b11fb7e35..6584cbe19 100644 --- a/slither/core/declarations/structure.py +++ b/slither/core/declarations/structure.py @@ -10,6 +10,8 @@ class Structure(ChildContract, SourceMapping): self._name = None self._canonical_name = None self._elems = None + # Name of the elements in the order of declaration + self._elems_ordered = None @property def canonical_name(self): @@ -23,5 +25,12 @@ class Structure(ChildContract, SourceMapping): def elems(self): return self._elems + @property + def elems_ordered(self): + ret = [] + for e in self._elems_ordered: + ret.append(self._elems[e]) + return ret + def __str__(self): return self.name diff --git a/slither/core/expressions/literal.py b/slither/core/expressions/literal.py index e0c9ce6b0..c1923eff4 100644 --- a/slither/core/expressions/literal.py +++ b/slither/core/expressions/literal.py @@ -2,14 +2,19 @@ from slither.core.expressions.expression import Expression class Literal(Expression): - def __init__(self, value): + def __init__(self, value, type): super(Literal, self).__init__() self._value = value + self._type = type @property def value(self): return self._value + @property + def type(self): + return self._type + def __str__(self): # be sure to handle any character return str(self._value) diff --git a/slither/core/slither_core.py b/slither/core/slither_core.py index d98338846..a72fa3482 100644 --- a/slither/core/slither_core.py +++ b/slither/core/slither_core.py @@ -33,6 +33,8 @@ class Slither(Context): self._previous_results = [] self._paths_to_filter = set() + self._crytic_compile = None + ################################################################################### ################################################################################### @@ -54,6 +56,14 @@ class Slither(Context): """str: Filename.""" return self._filename + def _add_source_code(self, path): + """ + :param path: + :return: + """ + with open(path, encoding='utf8', newline='') as f: + self.source_code[path] = f.read() + # endregion ################################################################################### ################################################################################### @@ -172,7 +182,8 @@ class Slither(Context): - All its source paths belong to the source path filtered - Or a similar result was reported and saved during a previous run ''' - if r['elements'] and all((any(path in elem['source_mapping']['filename'] for path in self._paths_to_filter if 'source_mapping' in elem) for elem in r['elements'])): + source_mapping_elements = [elem['source_mapping']['filename_absolute'] for elem in r['elements'] if 'source_mapping' in elem] + if r['elements'] and all((any(path in src_mapping for path in self._paths_to_filter) for src_mapping in source_mapping_elements)): return False return not r['description'] in [pr['description'] for pr in self._previous_results] @@ -204,3 +215,13 @@ class Slither(Context): self._paths_to_filter.add(path) # endregion + ################################################################################### + ################################################################################### + # region Crytic compile + ################################################################################### + ################################################################################### + + @property + def crytic_compile(self): + return self._crytic_compile + # endregion \ No newline at end of file diff --git a/slither/core/solidity_types/array_type.py b/slither/core/solidity_types/array_type.py index 918ed9355..ad8061b74 100644 --- a/slither/core/solidity_types/array_type.py +++ b/slither/core/solidity_types/array_type.py @@ -10,7 +10,7 @@ class ArrayType(Type): assert isinstance(t, Type) if length: if isinstance(length, int): - length = Literal(length) + length = Literal(length, 'uint256') assert isinstance(length, Expression) super(ArrayType, self).__init__() self._type = t @@ -18,7 +18,7 @@ class ArrayType(Type): if length: if not isinstance(length, Literal): - cf = ConstantFolding(length) + cf = ConstantFolding(length, "uint256") length = cf.result() self._length_value = length else: diff --git a/slither/core/source_mapping/source_mapping.py b/slither/core/source_mapping/source_mapping.py index c4df7ff24..f63d0278e 100644 --- a/slither/core/source_mapping/source_mapping.py +++ b/slither/core/source_mapping/source_mapping.py @@ -15,7 +15,9 @@ class SourceMapping(Context): @staticmethod def _compute_line(source_code, start, length): """ - Compute line(s) number from a start/end offset + Compute line(s) numbers and starting/ending columns + from a start/end offset. All numbers start from 1. + Not done in an efficient way """ total_length = len(source_code) @@ -23,14 +25,29 @@ class SourceMapping(Context): counter = 0 i = 0 lines = [] + starting_column = None + ending_column = None while counter < total_length: - counter += len(source_code[i]) - i = i+1 + # Determine the length of the line, and advance the line number + lineLength = len(source_code[i]) + i = i + 1 + + # Determine our column numbers. + if starting_column is None and counter + lineLength > start: + starting_column = (start - counter) + 1 + if starting_column is not None and ending_column is None and counter + lineLength > start + length: + ending_column = ((start + length) - counter) + 1 + + # Advance the current position counter, and determine line numbers. + counter += lineLength if counter > start: lines.append(i) - if counter > start+length: + + # If our advanced position for the next line is out of range, stop. + if counter > start + length: break - return lines + + return (lines, starting_column, ending_column) @staticmethod def _convert_source_mapping(offset, slither): @@ -53,14 +70,50 @@ class SourceMapping(Context): if f not in sourceUnits: return {'start':s, 'length':l} - filename = sourceUnits[f] + filename_used = sourceUnits[f] + filename_absolute = None + filename_relative = None + filename_short = None lines = [] + # If possible, convert the filename to its absolute/relative version + if slither.crytic_compile: + filenames = slither.crytic_compile.filename_lookup(filename_used) + filename_absolute = filenames.absolute + filename_relative = filenames.relative + filename_short = filenames.short + + if filename_absolute in slither.source_code: + filename = filename_absolute + elif filename_relative in slither.source_code: + filename = filename_relative + elif filename_short in slither.source_code: + filename = filename_short + else:# + filename = filename_used.used + else: + filename = filename_used + if filename in slither.source_code: - lines = SourceMapping._compute_line(slither.source_code[filename], s, l) + source_code = slither.source_code[filename] + (lines, starting_column, ending_column) = SourceMapping._compute_line(source_code, + s, + l) + else: + (lines, starting_column, ending_column) = ([], None, None) + - return {'start':s, 'length':l, 'filename': filename, 'lines' : lines } + return {'start':s, + 'length':l, + 'filename_used': filename_used, + 'filename_relative': filename_relative, + 'filename_absolute': filename_absolute, + 'filename_short': filename_short, + 'lines' : lines, + 'starting_column': starting_column, + 'ending_column': ending_column + } def set_offset(self, offset, slither): if isinstance(offset, dict): @@ -72,14 +125,14 @@ class SourceMapping(Context): @property def source_mapping_str(self): - def relative_path(path): - # Remove absolute path for printing - # Truffle returns absolutePath - splited_path = path.split(os.sep) - if 'contracts' in splited_path: - idx = splited_path.index('contracts') - return os.sep.join(splited_path[idx-1:]) - return path +# def relative_path(path): +# # Remove absolute path for printing +# # Truffle returns absolutePath +# splited_path = path.split(os.sep) +# if 'contracts' in splited_path: +# idx = splited_path.index('contracts') +# return os.sep.join(splited_path[idx-1:]) +# return path lines = self.source_mapping['lines'] if not lines: @@ -88,5 +141,5 @@ class SourceMapping(Context): lines = '#{}'.format(lines[0]) else: lines = '#{}-{}'.format(lines[0], lines[-1]) - return '{}{}'.format(relative_path(self.source_mapping['filename']), lines) + return '{}{}'.format(self.source_mapping['filename_short'], lines) diff --git a/slither/core/variables/state_variable.py b/slither/core/variables/state_variable.py index adca10c19..b8f46482e 100644 --- a/slither/core/variables/state_variable.py +++ b/slither/core/variables/state_variable.py @@ -3,7 +3,6 @@ from slither.core.children.child_contract import ChildContract class StateVariable(ChildContract, Variable): - @property def canonical_name(self): return '{}:{}'.format(self.contract.name, self.name) diff --git a/slither/detectors/all_detectors.py b/slither/detectors/all_detectors.py index 36c35496c..6d0d94b3e 100644 --- a/slither/detectors/all_detectors.py +++ b/slither/detectors/all_detectors.py @@ -28,9 +28,11 @@ from .shadowing.builtin_symbols import BuiltinSymbolShadowing from .operations.block_timestamp import Timestamp from .statements.calls_in_loop import MultipleCallsInLoop from .statements.incorrect_strict_equality import IncorrectStrictEquality -from .erc20.incorrect_interface import IncorrectERC20InterfaceDetection -from .erc20.unindexed_event_parameters import UnindexedERC20EventParameters +from .erc.incorrect_erc20_interface import IncorrectERC20InterfaceDetection +from .erc.incorrect_erc721_interface import IncorrectERC721InterfaceDetection +from .erc.unindexed_event_parameters import UnindexedERC20EventParameters from .statements.deprecated_calls import DeprecatedStandards from .source.rtlo import RightToLeftOverride +from .statements.too_many_digits import TooManyDigits # # diff --git a/slither/detectors/attributes/const_functions.py b/slither/detectors/attributes/const_functions.py index e7d48b8ab..029cfda8c 100644 --- a/slither/detectors/attributes/const_functions.py +++ b/slither/detectors/attributes/const_functions.py @@ -60,8 +60,8 @@ All the calls to `get` revert, breaking Bob's smart contract execution.''' info = info.format(f.contract.name, f.name, f.source_mapping_str, attr) json = self.generate_json_result(info) self.add_function_to_json(f, json) - json['elements'] = [{'type': 'info', - 'contains_assembly' : True}] + json['elements'].append({'type': 'info', + 'contains_assembly' : True}) results.append(json) variables_written = f.all_state_variables_written() diff --git a/slither/detectors/erc20/__init__.py b/slither/detectors/erc/__init__.py similarity index 100% rename from slither/detectors/erc20/__init__.py rename to slither/detectors/erc/__init__.py diff --git a/slither/detectors/erc20/incorrect_interface.py b/slither/detectors/erc/incorrect_erc20_interface.py similarity index 68% rename from slither/detectors/erc20/incorrect_interface.py rename to slither/detectors/erc/incorrect_erc20_interface.py index 94dc6f15b..ab577fbab 100644 --- a/slither/detectors/erc20/incorrect_interface.py +++ b/slither/detectors/erc/incorrect_erc20_interface.py @@ -18,7 +18,7 @@ class IncorrectERC20InterfaceDetection(AbstractDetector): WIKI = 'https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-erc20-interface' WIKI_TITLE = 'Incorrect erc20 interface' - WIKI_DESCRIPTION = 'Lack of return value for the ERC20 `approve`/`transfer`/`transferFrom` functions. A contract compiled with solidity > 0.4.22 interacting with these functions will fail to execute them, as the return value is missing.' + WIKI_DESCRIPTION = 'Incorrect return values for ERC20 functions. A contract compiled with solidity > 0.4.22 interacting with these functions will fail to execute them, as the return value is missing.' WIKI_EXPLOIT_SCENARIO = ''' ```solidity contract Token{ @@ -28,7 +28,7 @@ contract Token{ ``` `Token.transfer` does not return a boolean. Bob deploys the token. Alice creates a contract that interacts with it but assumes a correct ERC20 interface implementation. Alice's contract is unable to interact with Bob's contract.''' - WIKI_RECOMMENDATION = 'Return a boolean for the `approve`/`transfer`/`transferFrom` functions.' + WIKI_RECOMMENDATION = 'Set the appropriate return values and value-types for the defined ERC20 functions.' @staticmethod def incorrect_erc20_interface(signature): @@ -43,6 +43,15 @@ contract Token{ if name == 'approve' and parameters == ['address', 'uint256'] and returnVars != ['bool']: return True + if name == 'allowance' and parameters == ['address', 'address'] and returnVars != ['uint256']: + return True + + if name == 'balanceOf' and parameters == ['address'] and returnVars != ['uint256']: + return True + + if name == 'totalSupply' and parameters == [] and returnVars != ['uint256']: + return True + return False @staticmethod @@ -52,15 +61,23 @@ contract Token{ Returns: list(str) : list of incorrect function signatures """ - functions = [f for f in contract.functions if f.contract == contract and \ - IncorrectERC20InterfaceDetection.incorrect_erc20_interface(f.signature)] + # Verify this is an ERC20 contract. + if not contract.has_an_erc20_function(): + return [] + + # If this contract implements a function from ERC721, we can assume it is an ERC721 token. These tokens + # offer functions which are similar to ERC20, but are not compatible. + if contract.has_an_erc721_function(): + return [] + + functions = [f for f in contract.functions if IncorrectERC20InterfaceDetection.incorrect_erc20_interface(f.signature)] return functions def _detect(self): """ Detect incorrect erc20 interface Returns: - dict: [contrat name] = set(str) events + dict: [contract name] = set(str) events """ results = [] for c in self.contracts: diff --git a/slither/detectors/erc/incorrect_erc721_interface.py b/slither/detectors/erc/incorrect_erc721_interface.py new file mode 100644 index 000000000..5ddea37ff --- /dev/null +++ b/slither/detectors/erc/incorrect_erc721_interface.py @@ -0,0 +1,96 @@ +""" +Detect incorrect erc721 interface. +""" +from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification + + +class IncorrectERC721InterfaceDetection(AbstractDetector): + """ + Incorrect ERC721 Interface + """ + + ARGUMENT = 'erc721-interface' + HELP = 'Incorrect ERC721 interfaces' + IMPACT = DetectorClassification.MEDIUM + CONFIDENCE = DetectorClassification.HIGH + + WIKI = 'https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-erc721-interface' + + WIKI_TITLE = 'Incorrect erc721 interface' + WIKI_DESCRIPTION = 'Incorrect return values for ERC721 functions. A contract compiled with solidity > 0.4.22 interacting with these functions will fail to execute them, as the return value is missing.' + WIKI_EXPLOIT_SCENARIO = ''' +```solidity +contract Token{ + function ownerOf(uint256 _tokenId) external view returns (bool); + //... +} +``` +`Token.ownerOf` does not return an address as ERC721 expects. Bob deploys the token. Alice creates a contract that interacts with it but assumes a correct ERC721 interface implementation. Alice's contract is unable to interact with Bob's contract.''' + + WIKI_RECOMMENDATION = 'Set the appropriate return values and value-types for the defined ERC721 functions.' + + @staticmethod + def incorrect_erc721_interface(signature): + (name, parameters, returnVars) = signature + + # ERC721 + if name == 'balanceOf' and parameters == ['address'] and returnVars != ['uint256']: + return True + if name == 'ownerOf' and parameters == ['uint256'] and returnVars != ['address']: + return True + if name == 'safeTransferFrom' and parameters == ['address', 'address', 'uint256', 'bytes'] and returnVars != []: + return True + if name == 'safeTransferFrom' and parameters == ['address', 'address', 'uint256'] and returnVars != []: + return True + if name == 'transferFrom' and parameters == ['address', 'address', 'uint256'] and returnVars != []: + return True + if name == 'approve' and parameters == ['address', 'uint256'] and returnVars != []: + return True + if name == 'setApprovalForAll' and parameters == ['address', 'bool'] and returnVars != []: + return True + if name == 'getApproved' and parameters == ['uint256'] and returnVars != ['address']: + return True + if name == 'isApprovedForAll' and parameters == ['address', 'address'] and returnVars != ['bool']: + return True + + # ERC165 (dependency) + if name == 'supportsInterface' and parameters == ['bytes4'] and returnVars != ['bool']: + return True + + return False + + @staticmethod + def detect_incorrect_erc721_interface(contract): + """ Detect incorrect ERC721 interface + + Returns: + list(str) : list of incorrect function signatures + """ + + # Verify this is an ERC721 contract. + if not contract.has_an_erc721_function() or not contract.has_an_erc20_function(): + return [] + + functions = [f for f in contract.functions if IncorrectERC721InterfaceDetection.incorrect_erc721_interface(f.signature)] + return functions + + def _detect(self): + """ Detect incorrect erc721 interface + + Returns: + dict: [contract name] = set(str) events + """ + results = [] + for c in self.contracts: + functions = IncorrectERC721InterfaceDetection.detect_incorrect_erc721_interface(c) + if functions: + info = "{} ({}) has incorrect ERC721 function interface(s):\n" + info = info.format(c.name, + c.source_mapping_str) + for function in functions: + info += "\t-{} ({})\n".format(function.name, function.source_mapping_str) + json = self.generate_json_result(info) + self.add_functions_to_json(functions, json) + results.append(json) + + return results diff --git a/slither/detectors/erc20/unindexed_event_parameters.py b/slither/detectors/erc/unindexed_event_parameters.py similarity index 100% rename from slither/detectors/erc20/unindexed_event_parameters.py rename to slither/detectors/erc/unindexed_event_parameters.py diff --git a/slither/detectors/statements/too_many_digits.py b/slither/detectors/statements/too_many_digits.py new file mode 100644 index 000000000..ed80e7467 --- /dev/null +++ b/slither/detectors/statements/too_many_digits.py @@ -0,0 +1,80 @@ +""" +Module detecting numbers with too many digits. +""" + +from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification +from slither.slithir.variables import Constant + +class TooManyDigits(AbstractDetector): + """ + Detect numbers with too many digits + """ + + ARGUMENT = 'too-many-digits' + HELP = 'Conformance to numeric notation best practices' + IMPACT = DetectorClassification.INFORMATIONAL + CONFIDENCE = DetectorClassification.MEDIUM + + WIKI = 'https://github.com/crytic/slither/wiki/Detector-Documentation#too-many-digits' + WIKI_TITLE = 'Too many digits' + WIKI_DESCRIPTION = ''' +Literals with many digits are difficult to read and review. +''' + WIKI_EXPLOIT_SCENARIO = ''' +```solidity +contract MyContract{ + uint 1_ether = 10000000000000000000; +} +``` + +While `1_ether` looks like `1 ether`, it is `10 ether`. As a result, its usage is likely to be incorrect. +''' + WIKI_RECOMMENDATION = ''' +Use: +- [Ether suffix](https://solidity.readthedocs.io/en/latest/units-and-global-variables.html#ether-units) +- [Time suffix](https://solidity.readthedocs.io/en/latest/units-and-global-variables.html#time-units), or +- [The scientific notation](https://solidity.readthedocs.io/en/latest/types.html#rational-and-integer-literals) +''' + + @staticmethod + def _detect_too_many_digits(f): + ret = [] + for node in f.nodes: + # each node contains a list of IR instruction + for ir in node.irs: + # iterate over all the variables read by the IR + for read in ir.read: + # if the variable is a constant + if isinstance(read, Constant): + # read.value can return an int or a str. Convert it to str + value_as_str = read.original_value + line_of_code = str(node.expression) + if '00000' in value_as_str: + # Info to be printed + ret.append(node) + return ret + + def _detect(self): + results = [] + + # iterate over all contracts + for contract in self.slither.contracts_derived: + # iterate over all functions + for f in contract.functions: + # iterate over all the nodes + ret = self._detect_too_many_digits(f) + if ret: + info = '{}.{} ({}) uses literals with too many digits:'.format(f.contract.name, + f.name, + f.source_mapping_str) + for node in ret: + info += '\n\t- {}'.format(node.expression) + info += '\n\tUse the proper denomination (ether-unit, time-unit,' + info += 'or the scientific notation\n' + + # Add the result in result + json = self.generate_json_result(info) + self.add_nodes_to_json(ret, json) + results.append(json) + + return results diff --git a/slither/printers/call/call_graph.py b/slither/printers/call/call_graph.py index cf6776e69..4c9b9e385 100644 --- a/slither/printers/call/call_graph.py +++ b/slither/printers/call/call_graph.py @@ -71,7 +71,7 @@ class PrinterCallGraph(AbstractPrinter): for contract in all_contracts: render_internal_calls += self._render_internal_calls(contract, contract_functions, contract_calls) - render_solidity_calls = '' #self._render_solidity_calls(solidity_functions, solidity_calls) + render_solidity_calls = self._render_solidity_calls(solidity_functions, solidity_calls) render_external_calls = self._render_external_calls(external_calls) @@ -110,7 +110,6 @@ class PrinterCallGraph(AbstractPrinter): # add variable as node to respective contract if isinstance(external_function, (Variable)): - return contract_functions[external_contract].add(_node( _function_node(external_contract, external_function), external_function.name diff --git a/slither/printers/summary/function_ids.py b/slither/printers/summary/function_ids.py index d8f71f08f..169a2a318 100644 --- a/slither/printers/summary/function_ids.py +++ b/slither/printers/summary/function_ids.py @@ -3,6 +3,8 @@ """ import collections from prettytable import PrettyTable + +from slither.core.solidity_types import ArrayType, MappingType from slither.printers.abstract_printer import AbstractPrinter from slither.utils.colors import blue, green, magenta from slither.utils.function import get_function_id @@ -30,7 +32,18 @@ class FunctionIds(AbstractPrinter): table.add_row([function.full_name, hex(get_function_id(function.full_name))]) for variable in contract.state_variables: if variable.visibility in ['public']: - table.add_row([variable.name+'()', hex(get_function_id(variable.name+'()'))]) + variable_getter_args = "" + if type(variable.type) is ArrayType: + length = 0 + v = variable + while type(v.type) is ArrayType: + length += 1 + v = v.type + variable_getter_args = ','.join(["uint256"]*length) + elif type(variable.type) is MappingType: + variable_getter_args = variable.type.type_from + + table.add_row([f"{variable.name}({variable_getter_args})", hex(get_function_id(f"{variable.name}({variable_getter_args})"))]) txt += str(table) + '\n' self.info(txt) diff --git a/slither/slither.py b/slither/slither.py index b4e7e0b9f..d30099426 100644 --- a/slither/slither.py +++ b/slither/slither.py @@ -6,6 +6,8 @@ import glob import json import platform +from crytic_compile import CryticCompile, InvalidCompilation + from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification from slither.printers.abstract_printer import AbstractPrinter from .solc_parsing.slitherSolc import SlitherSolc @@ -49,21 +51,21 @@ class Slither(SlitherSolc): # list of files provided (see --splitted option) if isinstance(contract, list): self._init_from_list(contract) - # truffle directory - elif not truffle_ignore and (os.path.isfile(os.path.join(contract, 'truffle.js')) or - os.path.isfile(os.path.join(contract, 'truffle-config.js'))): - self._init_from_truffle(contract, - kwargs.get('truffle_build_directory', 'build/contracts'), - kwargs.get('truffle_ignore_compile', False), - kwargs.get('truffle_version', None)) - # embark directory - elif not embark_ignore and os.path.isfile(os.path.join(contract, 'embark.json')): - self._init_from_embark(contract, - kwargs.get('embark_ignore_compile', False), - kwargs.get('embark_overwrite_config', False)) - # .json or .sol provided + elif contract.endswith('.json'): + self._init_from_raw_json(contract) else: - self._init_from_solc(contract, **kwargs) + super(Slither, self).__init__('') + try: + cryticCompile = CryticCompile(contract, **kwargs) + self._crytic_compile = cryticCompile + except InvalidCompilation as e: + logger.error('Invalid compilation') + logger.error(e) + exit(-1) + for path, ast in cryticCompile.asts.items(): + + self._parse_contracts_from_loaded_json(ast, path) + self._add_source_code(path) self._detectors = [] self._printers = [] @@ -77,104 +79,19 @@ class Slither(SlitherSolc): self._analyze_contracts() - def _init_from_embark(self, contract, embark_ignore_compile, embark_overwrite_config): - super(Slither, self).__init__('') - plugin_name = '@trailofbits/embark-contract-info' - with open('embark.json') as f: - embark_json = json.load(f) - if embark_overwrite_config: - write_embark_json = False - if (not 'plugins' in embark_json): - embark_json['plugins'] = {plugin_name:{'flags':""}} - write_embark_json = True - elif (not plugin_name in embark_json['plugins']): - embark_json['plugins'][plugin_name] = {'flags':""} - write_embark_json = True - if write_embark_json: - process = subprocess.Popen(['npm','install', plugin_name]) - _, stderr = process.communicate() - with open('embark.json', 'w') as outfile: - json.dump(embark_json, outfile, indent=2) - else: - if (not 'plugins' in embark_json) or (not plugin_name in embark_json['plugins']): - logger.error(red('embark-contract-info plugin was found in embark.json. Please install the plugin (see https://github.com/crytic/slither/wiki/Usage#embark), or use --embark-overwrite-config.')) + def _init_from_raw_json(self, filename): + if not os.path.isfile(filename): + logger.error('{} does not exist (are you in the correct directory?)'.format(filename)) + exit(-1) + assert filename.endswith('json') + with open(filename, encoding='utf8') as astFile: + stdout = astFile.read() + if not stdout: + logger.info('Empty AST file: %s', filename) sys.exit(-1) + contracts_json = stdout.split('\n=') - if not embark_ignore_compile: - process = subprocess.Popen(['embark','build','--contracts'],stdout=subprocess.PIPE, stderr=subprocess.PIPE) - stdout, stderr = process.communicate() - logger.info("%s\n"%stdout.decode()) - if stderr: - # Embark might return information to stderr, but compile without issue - logger.error("%s"%stderr.decode()) - infile = os.path.join(contract, 'crytic-export', 'contracts.json') - if not os.path.isfile(infile): - logger.error(red('Embark did not generate the AST file. Is Embark installed (npm install -g embark)? Is embark-contract-info installed? (npm install -g embark).')) - sys.exit(-1) - with open(infile, 'r') as f: - contracts_loaded = json.load(f) - contracts_loaded = contracts_loaded['asts'] - for contract_loaded in contracts_loaded: - self._parse_contracts_from_loaded_json(contract_loaded, - contract_loaded['absolutePath']) - - def _init_from_truffle(self, contract, build_directory, truffle_ignore_compile, truffle_version): - # Truffle on windows has naming conflicts where it will invoke truffle.js directly instead - # of truffle.cmd (unless in powershell or git bash). The cleanest solution is to explicitly call - # truffle.cmd. Reference: - # https://truffleframework.com/docs/truffle/reference/configuration#resolving-naming-conflicts-on-windows - if not truffle_ignore_compile: - truffle_base_command = "truffle" if platform.system() != 'Windows' else "truffle.cmd" - cmd = [truffle_base_command, 'compile'] - if truffle_version: - cmd = ['npx', truffle_version, 'compile'] - elif os.path.isfile('package.json'): - with open('package.json') as f: - package = json.load(f) - if 'devDependencies' in package: - if 'truffle' in package['devDependencies']: - version = package['devDependencies']['truffle'] - if version.startswith('^'): - version = version[1:] - truffle_version = 'truffle@{}'.format(version) - cmd = ['npx', truffle_version, 'compile'] - logger.info("'{}' running (use --truffle-version truffle@x.x.x to use specific version)".format(' '.join(cmd))) - process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) - - stdout, stderr = process.communicate() - stdout, stderr = stdout.decode(), stderr.decode()# convert bytestrings to unicode strings - - logger.info(stdout) - - if stderr: - logger.error(stderr) - if not os.path.isdir(os.path.join(contract, build_directory)): - logger.info(red('No truffle build directory found, did you run `truffle compile`?')) - sys.exit(-1) - super(Slither, self).__init__('') - filenames = glob.glob(os.path.join(contract, build_directory, '*.json')) - for filename in filenames: - with open(filename, encoding='utf8') as f: - contract_loaded = json.load(f) - contract_loaded = contract_loaded['ast'] - if 'absolutePath' in contract_loaded: - path = contract_loaded['absolutePath'] - else: - path = contract_loaded['attributes']['absolutePath'] - self._parse_contracts_from_loaded_json(contract_loaded, path) - - def _init_from_solc(self, contract, **kwargs): - solc = kwargs.get('solc', 'solc') - disable_solc_warnings = kwargs.get('disable_solc_warnings', False) - solc_arguments = kwargs.get('solc_arguments', '') - ast_format = kwargs.get('ast_format', '--ast-compact-json') - - contracts_json = self._run_solc(contract, - solc, - disable_solc_warnings, - solc_arguments, - ast_format) - super(Slither, self).__init__(contract) + super(Slither, self).__init__(filename) for c in contracts_json: self._parse_contracts_from_json(c) @@ -261,46 +178,12 @@ class Slither(SlitherSolc): if not os.path.isfile(filename): logger.error('{} does not exist (are you in the correct directory?)'.format(filename)) exit(-1) - is_ast_file = False - if filename.endswith('json'): - is_ast_file = True - elif not filename.endswith('.sol'): - raise Exception('Incorrect file format') - - if is_ast_file: - with open(filename, encoding='utf8') as astFile: - stdout = astFile.read() - if not stdout: - logger.info('Empty AST file: %s', filename) - sys.exit(-1) - else: - cmd = [solc, filename, ast_format] - if solc_arguments: - # To parse, we first split the string on each '--' - solc_args = solc_arguments.split('--') - # Split each argument on the first space found - # One solc option may have multiple argument sepparated with ' ' - # For example: --allow-paths /tmp . - # split() removes the delimiter, so we add it again - solc_args = [('--' + x).split(' ', 1) for x in solc_args if x] - # Flat the list of list - solc_args = [item for sublist in solc_args for item in sublist] - cmd += solc_args - # Add . as default allowed path - if '--allow-paths' not in cmd: - cmd += ['--allow-paths', '.'] - - process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE) - - stdout, stderr = process.communicate() - stdout, stderr = stdout.decode(), stderr.decode() # convert bytestrings to unicode strings - - if stderr and (not disable_solc_warnings): - stderr = stderr.split('\n') - stderr = [x if 'Error' not in x else red(x) for x in stderr] - stderr = '\n'.join(stderr) - logger.info('Compilation warnings/errors on %s:\n%s', filename, stderr) - + assert filename.endswith('json') + with open(filename, encoding='utf8') as astFile: + stdout = astFile.read() + if not stdout: + logger.info('Empty AST file: %s', filename) + sys.exit(-1) stdout = stdout.split('\n=') return stdout diff --git a/slither/slithir/convert.py b/slither/slithir/convert.py index 7b9607df0..4534ea607 100644 --- a/slither/slithir/convert.py +++ b/slither/slithir/convert.py @@ -7,7 +7,9 @@ from slither.core.expressions import Identifier, Literal from slither.core.solidity_types import (ArrayType, ElementaryType, FunctionType, MappingType, UserDefinedType) +from slither.core.solidity_types.elementary_type import Int as ElementaryTypeInt from slither.core.variables.variable import Variable +from slither.core.variables.state_variable import StateVariable from slither.slithir.operations import (Assignment, Balance, Binary, BinaryType, Call, Condition, Delete, EventCall, HighLevelCall, Index, @@ -30,6 +32,7 @@ from slither.slithir.variables import (Constant, ReferenceVariable, TemporaryVariable) from slither.visitors.slithir.expression_to_slithir import ExpressionToSlithIR from slither.utils.function import get_function_id +from slither.utils.type import export_nested_types_from_variable logger = logging.getLogger('ConvertToIR') @@ -39,7 +42,8 @@ def convert_expression(expression, node): from slither.core.cfg.node import NodeType if isinstance(expression, Literal) and node.type in [NodeType.IF, NodeType.IFLOOP]: - result = [Condition(Constant(expression.value))] + cst = Constant(expression.value, expression.type) + result = [Condition(cst)] return result if isinstance(expression, Identifier) and node.type in [NodeType.IF, NodeType.IFLOOP]: result = [Condition(expression.value)] @@ -599,7 +603,7 @@ def convert_to_push(ir, node): ir = Push(ir.destination, val) - length = Literal(len(operation.init_values)) + length = Literal(len(operation.init_values), 'uint256') t = operation.init_values[0].type ir.lvalue.set_type(ArrayType(t, length)) @@ -822,6 +826,71 @@ def remove_unused(result): result = [i for i in result if not i in to_remove] return result +# endregion +################################################################################### +################################################################################### +# region Constant type conversioh +################################################################################### +################################################################################### + +def convert_constant_types(irs): + """ + late conversion of uint -> type for constant (Literal) + :param irs: + :return: + """ + # TODO: implement instances lookup for events, NewContract + was_changed = True + while was_changed: + was_changed = False + for ir in irs: + if isinstance(ir, Assignment): + if isinstance(ir.lvalue.type, ElementaryType): + if ir.lvalue.type.type in ElementaryTypeInt: + if ir.rvalue.type.type != 'int256': + ir.rvalue.set_type(ElementaryType('int256')) + was_changed = True + if isinstance(ir, Binary): + if isinstance(ir.lvalue.type, ElementaryType): + if ir.lvalue.type.type in ElementaryTypeInt: + for r in ir.read: + if r.type.type != 'int256': + r.set_type(ElementaryType('int256')) + was_changed = True + if isinstance(ir, (HighLevelCall, InternalCall)): + func = ir.function + if isinstance(func, StateVariable): + types = export_nested_types_from_variable(func) + else: + types = [p.type for p in func.parameters] + for idx, arg in enumerate(ir.arguments): + t = types[idx] + if isinstance(t, ElementaryType): + if t.type in ElementaryTypeInt: + if arg.type.type != 'int256': + arg.set_type(ElementaryType('int256')) + was_changed = True + if isinstance(ir, NewStructure): + st = ir.structure + for idx, arg in enumerate(ir.arguments): + e = st.elems_ordered[idx] + if isinstance(e.type, ElementaryType): + if e.type.type in ElementaryTypeInt: + if arg.type.type != 'int256': + arg.set_type(ElementaryType('int256')) + was_changed = True + if isinstance(ir, InitArray): + if isinstance(ir.lvalue.type, ArrayType): + if isinstance(ir.lvalue.type.type, ElementaryType): + if ir.lvalue.type.type.type in ElementaryTypeInt: + for r in ir.read: + if r.type.type != 'int256': + r.set_type(ElementaryType('int256')) + was_changed = True + + + + # endregion ################################################################################### ################################################################################### @@ -839,6 +908,7 @@ def apply_ir_heuristics(irs, node): irs = propagate_type_and_convert_call(irs, node) irs = remove_unused(irs) find_references_origin(irs) + convert_constant_types(irs) return irs diff --git a/slither/slithir/variables/constant.py b/slither/slithir/variables/constant.py index e7fa55716..ba19279e1 100644 --- a/slither/slithir/variables/constant.py +++ b/slither/slithir/variables/constant.py @@ -1,17 +1,41 @@ from .variable import SlithIRVariable -from slither.core.solidity_types.elementary_type import ElementaryType +from slither.core.solidity_types.elementary_type import ElementaryType, Int, Uint + class Constant(SlithIRVariable): - def __init__(self, val): + def __init__(self, val, type=None): super(Constant, self).__init__() assert isinstance(val, str) - if val.isdigit(): - self._type = ElementaryType('uint256') - self._val = int(val) + + self._original_value = val + + if type: + assert isinstance(type, ElementaryType) + self._type = type + if type.type in Int + Uint: + if val.startswith('0x'): + self._val = int(val, 16) + else: + if 'e' in val: + base, expo = val.split('e') + self._val = int(float(base)* (10 ** int(expo))) + elif 'E' in val: + base, expo = val.split('E') + self._val = int(float(base) * (10 ** int(expo))) + else: + self._val = int(val) + elif type.type == 'bool': + self._val = val == 'true' + else: + self._val = val else: - self._type = ElementaryType('string') - self._val = val + if val.isdigit(): + self._type = ElementaryType('uint256') + self._val = int(val) + else: + self._type = ElementaryType('string') + self._val = val @property def value(self): @@ -20,10 +44,18 @@ class Constant(SlithIRVariable): If the expression was an hexadecimal delcared as hex'...' return a str Returns: - (str, int) + (str | int | bool) ''' return self._val + @property + def original_value(self): + ''' + Return the string representation of the value + :return: str + ''' + return self._original_value + def __str__(self): return str(self.value) diff --git a/slither/solc_parsing/declarations/structure.py b/slither/solc_parsing/declarations/structure.py index 0026f451e..825e85c98 100644 --- a/slither/solc_parsing/declarations/structure.py +++ b/slither/solc_parsing/declarations/structure.py @@ -16,6 +16,7 @@ class StructureSolc(Structure): self._name = name self._canonical_name = canonicalName self._elems = {} + self._elems_ordered = [] self._elemsNotParsed = elems @@ -28,5 +29,6 @@ class StructureSolc(Structure): elem.analyze(self.contract) self._elems[elem.name] = elem + self._elems_ordered.append(elem.name) self._elemsNotParsed = [] diff --git a/slither/solc_parsing/expressions/expression_parsing.py b/slither/solc_parsing/expressions/expression_parsing.py index 39b2334d6..968ae446a 100644 --- a/slither/solc_parsing/expressions/expression_parsing.py +++ b/slither/solc_parsing/expressions/expression_parsing.py @@ -479,6 +479,12 @@ def parse_expression(expression, caller_context): value = str(convert_subdenomination(value, expression['subdenomination'])) elif not value and value != "": value = '0x'+expression['hexValue'] + type = expression['typeDescriptions']['typeString'] + + # Length declaration for array was None until solc 0.5.5 + if type is None: + if expression['kind'] == 'number': + type = 'int_const' else: value = expression['attributes']['value'] if value: @@ -489,7 +495,15 @@ def parse_expression(expression, caller_context): # see https://solidity.readthedocs.io/en/v0.4.25/types.html?highlight=hex#hexadecimal-literals assert 'hexvalue' in expression['attributes'] value = '0x'+expression['attributes']['hexvalue'] - literal = Literal(value) + type = expression['attributes']['type'] + + if type.startswith('int_const '): + type = ElementaryType('uint256') + elif type.startswith('bool'): + type = ElementaryType('bool') + else: + type = ElementaryType('string') + literal = Literal(value, type) return literal elif name == 'Identifier': diff --git a/slither/solc_parsing/slitherSolc.py b/slither/solc_parsing/slitherSolc.py index 5fa3c160e..5f0e60b13 100644 --- a/slither/solc_parsing/slitherSolc.py +++ b/slither/solc_parsing/slitherSolc.py @@ -89,9 +89,7 @@ class SlitherSolc(Slither): if 'sourcePaths' in data_loaded: for sourcePath in data_loaded['sourcePaths']: if os.path.isfile(sourcePath): - with open(sourcePath, encoding='utf8', newline='') as f: - source_code = f.read() - self.source_code[sourcePath] = source_code + self._add_source_code(sourcePath) if data_loaded[self.get_key()] == 'root': self._solc_version = '0.3' @@ -152,15 +150,11 @@ class SlitherSolc(Slither): self._source_units[sourceUnit] = name if os.path.isfile(name) and not name in self.source_code: - with open(name, encoding='utf8', newline='') as f: - source_code = f.read() - self.source_code[name] = source_code + self._add_source_code(name) else: lib_name = os.path.join('node_modules', name) if os.path.isfile(lib_name) and not name in self.source_code: - with open(lib_name, encoding='utf8', newline='') as f: - source_code = f.read() - self.source_code[name] = source_code + self._add_source_code(lib_name) # endregion ################################################################################### diff --git a/slither/solc_parsing/solidity_types/type_parsing.py b/slither/solc_parsing/solidity_types/type_parsing.py index 2b5057dda..22e8954ab 100644 --- a/slither/solc_parsing/solidity_types/type_parsing.py +++ b/slither/solc_parsing/solidity_types/type_parsing.py @@ -32,7 +32,7 @@ def _find_from_type_name(name, contract, contracts, structures, enums): if name_elementary in ElementaryTypeName: depth = name.count('[') if depth: - return ArrayType(ElementaryType(name_elementary), Literal(depth)) + return ArrayType(ElementaryType(name_elementary), Literal(depth, 'uint256')) else: return ElementaryType(name_elementary) # We first look for contract @@ -78,7 +78,7 @@ def _find_from_type_name(name, contract, contracts, structures, enums): depth+=1 var_type = next((st for st in all_structures if st.contract.name+"."+st.name == name_struct), None) if var_type: - return ArrayType(UserDefinedType(var_type), Literal(depth)) + return ArrayType(UserDefinedType(var_type), Literal(depth, 'uint256')) if not var_type: var_type = next((f for f in contract.functions if f.name == name), None) diff --git a/slither/utils/type.py b/slither/utils/type.py new file mode 100644 index 000000000..d5bca3720 --- /dev/null +++ b/slither/utils/type.py @@ -0,0 +1,31 @@ +from slither.core.solidity_types import (ArrayType, MappingType, ElementaryType) + +def _add_mapping_parameter(t, l): + while isinstance(t, MappingType): + l.append(t.type_from) + t = t.type_to + _add_array_parameter(t, l) + +def _add_array_parameter(t, l): + while isinstance(t, ArrayType): + l.append(ElementaryType('uint256')) + t = t.type + +def export_nested_types_from_variable(variable): + """ + Export the list of nested types (mapping/array) + :param variable: + :return: list(Type) + """ + l = [] + if isinstance(variable.type, MappingType): + t = variable.type + _add_mapping_parameter(t, l) + + if isinstance(variable.type, ArrayType): + v = variable + _add_array_parameter(v.type, l) + + return l + + diff --git a/slither/visitors/expression/constants_folding.py b/slither/visitors/expression/constants_folding.py index bca1bfe04..26ce38906 100644 --- a/slither/visitors/expression/constants_folding.py +++ b/slither/visitors/expression/constants_folding.py @@ -20,8 +20,12 @@ def set_val(expression, val): class ConstantFolding(ExpressionVisitor): + def __init__(self, expression, type): + super(ConstantFolding, self).__init__(expression) + self._type = type + def result(self): - return Literal(int(get_val(self._expression))) + return Literal(int(get_val(self._expression)), self._type) def _post_identifier(self, expression): if not expression.value.is_constant: @@ -29,7 +33,7 @@ class ConstantFolding(ExpressionVisitor): expr = expression.value.expression # assumption that we won't have infinite loop if not isinstance(expr, Literal): - cf = ConstantFolding(expr) + cf = ConstantFolding(expr, self._type) expr = cf.result() set_val(expression, int(expr.value)) diff --git a/slither/visitors/slithir/expression_to_slithir.py b/slither/visitors/slithir/expression_to_slithir.py index a1c1c5e5d..c5f275749 100644 --- a/slither/visitors/slithir/expression_to_slithir.py +++ b/slither/visitors/slithir/expression_to_slithir.py @@ -173,7 +173,8 @@ class ExpressionToSlithIR(ExpressionVisitor): set_val(expression, val) def _post_literal(self, expression): - set_val(expression, Constant(expression.value)) + cst = Constant(expression.value, expression.type) + set_val(expression, cst) def _post_member_access(self, expression): expr = get(expression.expression) diff --git a/tests/config/slither.config.json b/tests/config/slither.config.json new file mode 100644 index 000000000..d0232e4b0 --- /dev/null +++ b/tests/config/slither.config.json @@ -0,0 +1,6 @@ +{ + "detectors_to_run": "all", + "exclude_informational": true, + "exclude_low": true, + "ignore_return_value": true +} diff --git a/tests/expected_json/arbitrary_send-0.5.1.arbitrary-send.json b/tests/expected_json/arbitrary_send-0.5.1.arbitrary-send.json index f6bb5473e..21353bc8d 100644 --- a/tests/expected_json/arbitrary_send-0.5.1.arbitrary-send.json +++ b/tests/expected_json/arbitrary_send-0.5.1.arbitrary-send.json @@ -1 +1,204 @@ -[{"check": "arbitrary-send", "impact": "High", "confidence": "Medium", "description": "Test.direct (tests/arbitrary_send-0.5.1.sol#11-13) sends eth to arbitrary user\n\tDangerous calls:\n\t- msg.sender.send(address(this).balance) (tests/arbitrary_send-0.5.1.sol#12)\n", "elements": [{"type": "function", "name": "direct", "source_mapping": {"start": 162, "length": 79, "filename": "tests/arbitrary_send-0.5.1.sol", "lines": [11, 12, 13]}, "contract": {"type": "contract", "name": "Test", "source_mapping": {"start": 0, "length": 884, "filename": "tests/arbitrary_send-0.5.1.sol", "lines": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41]}}}, {"type": "expression", "expression": "msg.sender.send(address(this).balance)", "source_mapping": {"start": 196, "length": 38, "filename": "tests/arbitrary_send-0.5.1.sol", "lines": [12]}}]}, {"check": "arbitrary-send", "impact": "High", "confidence": "Medium", "description": "Test.indirect (tests/arbitrary_send-0.5.1.sol#19-21) sends eth to arbitrary user\n\tDangerous calls:\n\t- destination.send(address(this).balance) (tests/arbitrary_send-0.5.1.sol#20)\n", "elements": [{"type": "function", "name": "indirect", "source_mapping": {"start": 316, "length": 82, "filename": "tests/arbitrary_send-0.5.1.sol", "lines": [19, 20, 21]}, "contract": {"type": "contract", "name": "Test", "source_mapping": {"start": 0, "length": 884, "filename": "tests/arbitrary_send-0.5.1.sol", "lines": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41]}}}, {"type": "expression", "expression": "destination.send(address(this).balance)", "source_mapping": {"start": 352, "length": 39, "filename": "tests/arbitrary_send-0.5.1.sol", "lines": [20]}}]}] \ No newline at end of file +[ + { + "check": "arbitrary-send", + "impact": "High", + "confidence": "Medium", + "description": "Test.direct (tests/arbitrary_send-0.5.1.sol#11-13) sends eth to arbitrary user\n\tDangerous calls:\n\t- msg.sender.send(address(this).balance) (tests/arbitrary_send-0.5.1.sol#12)\n", + "elements": [ + { + "type": "function", + "name": "direct", + "source_mapping": { + "start": 162, + "length": 79, + "filename_used": "/home/travis/build/crytic/slither/tests/arbitrary_send-0.5.1.sol", + "filename_relative": "tests/arbitrary_send-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/arbitrary_send-0.5.1.sol", + "filename_short": "tests/arbitrary_send-0.5.1.sol", + "lines": [ + 11, + 12, + 13 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Test", + "source_mapping": { + "start": 0, + "length": 884, + "filename_used": "/home/travis/build/crytic/slither/tests/arbitrary_send-0.5.1.sol", + "filename_relative": "tests/arbitrary_send-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/arbitrary_send-0.5.1.sol", + "filename_short": "tests/arbitrary_send-0.5.1.sol", + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "msg.sender.send(address(this).balance)", + "source_mapping": { + "start": 196, + "length": 38, + "filename_used": "/home/travis/build/crytic/slither/tests/arbitrary_send-0.5.1.sol", + "filename_relative": "tests/arbitrary_send-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/arbitrary_send-0.5.1.sol", + "filename_short": "tests/arbitrary_send-0.5.1.sol", + "lines": [ + 12 + ], + "starting_column": 9, + "ending_column": 47 + } + } + ] + }, + { + "check": "arbitrary-send", + "impact": "High", + "confidence": "Medium", + "description": "Test.indirect (tests/arbitrary_send-0.5.1.sol#19-21) sends eth to arbitrary user\n\tDangerous calls:\n\t- destination.send(address(this).balance) (tests/arbitrary_send-0.5.1.sol#20)\n", + "elements": [ + { + "type": "function", + "name": "indirect", + "source_mapping": { + "start": 316, + "length": 82, + "filename_used": "/home/travis/build/crytic/slither/tests/arbitrary_send-0.5.1.sol", + "filename_relative": "tests/arbitrary_send-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/arbitrary_send-0.5.1.sol", + "filename_short": "tests/arbitrary_send-0.5.1.sol", + "lines": [ + 19, + 20, + 21 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Test", + "source_mapping": { + "start": 0, + "length": 884, + "filename_used": "/home/travis/build/crytic/slither/tests/arbitrary_send-0.5.1.sol", + "filename_relative": "tests/arbitrary_send-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/arbitrary_send-0.5.1.sol", + "filename_short": "tests/arbitrary_send-0.5.1.sol", + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "destination.send(address(this).balance)", + "source_mapping": { + "start": 352, + "length": 39, + "filename_used": "/home/travis/build/crytic/slither/tests/arbitrary_send-0.5.1.sol", + "filename_relative": "tests/arbitrary_send-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/arbitrary_send-0.5.1.sol", + "filename_short": "tests/arbitrary_send-0.5.1.sol", + "lines": [ + 20 + ], + "starting_column": 9, + "ending_column": 48 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/arbitrary_send-0.5.1.arbitrary-send.txt b/tests/expected_json/arbitrary_send-0.5.1.arbitrary-send.txt new file mode 100644 index 000000000..3861f0b9b --- /dev/null +++ b/tests/expected_json/arbitrary_send-0.5.1.arbitrary-send.txt @@ -0,0 +1,9 @@ +INFO:Detectors: +Test.direct (tests/arbitrary_send-0.5.1.sol#11-13) sends eth to arbitrary user + Dangerous calls: + - msg.sender.send(address(this).balance) (tests/arbitrary_send-0.5.1.sol#12) +Test.indirect (tests/arbitrary_send-0.5.1.sol#19-21) sends eth to arbitrary user + Dangerous calls: + - destination.send(address(this).balance) (tests/arbitrary_send-0.5.1.sol#20) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#functions-that-send-ether-to-arbitrary-destinations +INFO:Slither:tests/arbitrary_send-0.5.1.sol analyzed (1 contracts), 2 result(s) found diff --git a/tests/expected_json/arbitrary_send.arbitrary-send.json b/tests/expected_json/arbitrary_send.arbitrary-send.json index 4a2a02bb8..bef229a85 100644 --- a/tests/expected_json/arbitrary_send.arbitrary-send.json +++ b/tests/expected_json/arbitrary_send.arbitrary-send.json @@ -1 +1,204 @@ -[{"check": "arbitrary-send", "impact": "High", "confidence": "Medium", "description": "Test.direct (tests/arbitrary_send.sol#11-13) sends eth to arbitrary user\n\tDangerous calls:\n\t- msg.sender.send(address(this).balance) (tests/arbitrary_send.sol#12)\n", "elements": [{"type": "function", "name": "direct", "source_mapping": {"start": 147, "length": 79, "filename": "tests/arbitrary_send.sol", "lines": [11, 12, 13]}, "contract": {"type": "contract", "name": "Test", "source_mapping": {"start": 0, "length": 869, "filename": "tests/arbitrary_send.sol", "lines": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41]}}}, {"type": "expression", "expression": "msg.sender.send(address(this).balance)", "source_mapping": {"start": 181, "length": 38, "filename": "tests/arbitrary_send.sol", "lines": [12]}}]}, {"check": "arbitrary-send", "impact": "High", "confidence": "Medium", "description": "Test.indirect (tests/arbitrary_send.sol#19-21) sends eth to arbitrary user\n\tDangerous calls:\n\t- destination.send(address(this).balance) (tests/arbitrary_send.sol#20)\n", "elements": [{"type": "function", "name": "indirect", "source_mapping": {"start": 301, "length": 82, "filename": "tests/arbitrary_send.sol", "lines": [19, 20, 21]}, "contract": {"type": "contract", "name": "Test", "source_mapping": {"start": 0, "length": 869, "filename": "tests/arbitrary_send.sol", "lines": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41]}}}, {"type": "expression", "expression": "destination.send(address(this).balance)", "source_mapping": {"start": 337, "length": 39, "filename": "tests/arbitrary_send.sol", "lines": [20]}}]}] \ No newline at end of file +[ + { + "check": "arbitrary-send", + "impact": "High", + "confidence": "Medium", + "description": "Test.direct (tests/arbitrary_send.sol#11-13) sends eth to arbitrary user\n\tDangerous calls:\n\t- msg.sender.send(address(this).balance) (tests/arbitrary_send.sol#12)\n", + "elements": [ + { + "type": "function", + "name": "direct", + "source_mapping": { + "start": 147, + "length": 79, + "filename_used": "/home/travis/build/crytic/slither/tests/arbitrary_send.sol", + "filename_relative": "tests/arbitrary_send.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/arbitrary_send.sol", + "filename_short": "tests/arbitrary_send.sol", + "lines": [ + 11, + 12, + 13 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Test", + "source_mapping": { + "start": 0, + "length": 869, + "filename_used": "/home/travis/build/crytic/slither/tests/arbitrary_send.sol", + "filename_relative": "tests/arbitrary_send.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/arbitrary_send.sol", + "filename_short": "tests/arbitrary_send.sol", + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "msg.sender.send(address(this).balance)", + "source_mapping": { + "start": 181, + "length": 38, + "filename_used": "/home/travis/build/crytic/slither/tests/arbitrary_send.sol", + "filename_relative": "tests/arbitrary_send.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/arbitrary_send.sol", + "filename_short": "tests/arbitrary_send.sol", + "lines": [ + 12 + ], + "starting_column": 9, + "ending_column": 47 + } + } + ] + }, + { + "check": "arbitrary-send", + "impact": "High", + "confidence": "Medium", + "description": "Test.indirect (tests/arbitrary_send.sol#19-21) sends eth to arbitrary user\n\tDangerous calls:\n\t- destination.send(address(this).balance) (tests/arbitrary_send.sol#20)\n", + "elements": [ + { + "type": "function", + "name": "indirect", + "source_mapping": { + "start": 301, + "length": 82, + "filename_used": "/home/travis/build/crytic/slither/tests/arbitrary_send.sol", + "filename_relative": "tests/arbitrary_send.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/arbitrary_send.sol", + "filename_short": "tests/arbitrary_send.sol", + "lines": [ + 19, + 20, + 21 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Test", + "source_mapping": { + "start": 0, + "length": 869, + "filename_used": "/home/travis/build/crytic/slither/tests/arbitrary_send.sol", + "filename_relative": "tests/arbitrary_send.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/arbitrary_send.sol", + "filename_short": "tests/arbitrary_send.sol", + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "destination.send(address(this).balance)", + "source_mapping": { + "start": 337, + "length": 39, + "filename_used": "/home/travis/build/crytic/slither/tests/arbitrary_send.sol", + "filename_relative": "tests/arbitrary_send.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/arbitrary_send.sol", + "filename_short": "tests/arbitrary_send.sol", + "lines": [ + 20 + ], + "starting_column": 9, + "ending_column": 48 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/arbitrary_send.arbitrary-send.txt b/tests/expected_json/arbitrary_send.arbitrary-send.txt new file mode 100644 index 000000000..07fd98b5a --- /dev/null +++ b/tests/expected_json/arbitrary_send.arbitrary-send.txt @@ -0,0 +1,9 @@ +INFO:Detectors: +Test.direct (tests/arbitrary_send.sol#11-13) sends eth to arbitrary user + Dangerous calls: + - msg.sender.send(address(this).balance) (tests/arbitrary_send.sol#12) +Test.indirect (tests/arbitrary_send.sol#19-21) sends eth to arbitrary user + Dangerous calls: + - destination.send(address(this).balance) (tests/arbitrary_send.sol#20) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#functions-that-send-ether-to-arbitrary-destinations +INFO:Slither:tests/arbitrary_send.sol analyzed (1 contracts), 2 result(s) found diff --git a/tests/expected_json/backdoor.backdoor.json b/tests/expected_json/backdoor.backdoor.json index 718f7833f..63acbe652 100644 --- a/tests/expected_json/backdoor.backdoor.json +++ b/tests/expected_json/backdoor.backdoor.json @@ -1 +1,52 @@ -[{"check": "backdoor", "impact": "High", "confidence": "High", "description": "Backdoor function found in C.i_am_a_backdoor (tests/backdoor.sol#4-6)\n", "elements": [{"type": "function", "name": "i_am_a_backdoor", "source_mapping": {"start": 18, "length": 74, "filename": "tests/backdoor.sol", "lines": [4, 5, 6]}, "contract": {"type": "contract", "name": "C", "source_mapping": {"start": 1, "length": 94, "filename": "tests/backdoor.sol", "lines": [2, 3, 4, 5, 6, 7, 8]}}}]}] \ No newline at end of file +[ + { + "check": "backdoor", + "impact": "High", + "confidence": "High", + "description": "Backdoor function found in C.i_am_a_backdoor (tests/backdoor.sol#4-6)\n", + "elements": [ + { + "type": "function", + "name": "i_am_a_backdoor", + "source_mapping": { + "start": 18, + "length": 74, + "filename_used": "/home/travis/build/crytic/slither/tests/backdoor.sol", + "filename_relative": "tests/backdoor.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/backdoor.sol", + "filename_short": "tests/backdoor.sol", + "lines": [ + 4, + 5, + 6 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "C", + "source_mapping": { + "start": 1, + "length": 94, + "filename_used": "/home/travis/build/crytic/slither/tests/backdoor.sol", + "filename_relative": "tests/backdoor.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/backdoor.sol", + "filename_short": "tests/backdoor.sol", + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/backdoor.backdoor.txt b/tests/expected_json/backdoor.backdoor.txt new file mode 100644 index 000000000..5b7ccbcca --- /dev/null +++ b/tests/expected_json/backdoor.backdoor.txt @@ -0,0 +1,5 @@ +INFO:Detectors: +Backdoor function found in C.i_am_a_backdoor (tests/backdoor.sol#4-6) +Reference: https://github.com/trailofbits/slither/wiki/Adding-a-new-detector +INFO:Slither:/home/monty/Private/tob/tools/slither-public/scripts/../tests/expected_json/backdoor.backdoor.json exists already, the overwrite is prevented +INFO:Slither:tests/backdoor.sol analyzed (1 contracts), 1 result(s) found diff --git a/tests/expected_json/backdoor.suicidal.json b/tests/expected_json/backdoor.suicidal.json index d1ef0ccdf..518d72791 100644 --- a/tests/expected_json/backdoor.suicidal.json +++ b/tests/expected_json/backdoor.suicidal.json @@ -1 +1,52 @@ -[{"check": "suicidal", "impact": "High", "confidence": "High", "description": "C.i_am_a_backdoor (tests/backdoor.sol#4-6) allows anyone to destruct the contract\n", "elements": [{"type": "function", "name": "i_am_a_backdoor", "source_mapping": {"start": 18, "length": 74, "filename": "tests/backdoor.sol", "lines": [4, 5, 6]}, "contract": {"type": "contract", "name": "C", "source_mapping": {"start": 1, "length": 94, "filename": "tests/backdoor.sol", "lines": [2, 3, 4, 5, 6, 7, 8]}}}]}] \ No newline at end of file +[ + { + "check": "suicidal", + "impact": "High", + "confidence": "High", + "description": "C.i_am_a_backdoor (tests/backdoor.sol#4-6) allows anyone to destruct the contract\n", + "elements": [ + { + "type": "function", + "name": "i_am_a_backdoor", + "source_mapping": { + "start": 18, + "length": 74, + "filename_used": "/home/travis/build/crytic/slither/tests/backdoor.sol", + "filename_relative": "tests/backdoor.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/backdoor.sol", + "filename_short": "tests/backdoor.sol", + "lines": [ + 4, + 5, + 6 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "C", + "source_mapping": { + "start": 1, + "length": 94, + "filename_used": "/home/travis/build/crytic/slither/tests/backdoor.sol", + "filename_relative": "tests/backdoor.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/backdoor.sol", + "filename_short": "tests/backdoor.sol", + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/backdoor.suicidal.txt b/tests/expected_json/backdoor.suicidal.txt new file mode 100644 index 000000000..9f540e527 --- /dev/null +++ b/tests/expected_json/backdoor.suicidal.txt @@ -0,0 +1,5 @@ +INFO:Detectors: +C.i_am_a_backdoor (tests/backdoor.sol#4-6) allows anyone to destruct the contract +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#suicidal +INFO:Slither:/home/monty/Private/tob/tools/slither-public/scripts/../tests/expected_json/backdoor.suicidal.json exists already, the overwrite is prevented +INFO:Slither:tests/backdoor.sol analyzed (1 contracts), 1 result(s) found diff --git a/tests/expected_json/const_state_variables.constable-states.json b/tests/expected_json/const_state_variables.constable-states.json index 575fdd28c..ef3321911 100644 --- a/tests/expected_json/const_state_variables.constable-states.json +++ b/tests/expected_json/const_state_variables.constable-states.json @@ -1 +1,112 @@ -[{"check": "constable-states", "impact": "Informational", "confidence": "High", "description": "A.myFriendsAddress should be constant (tests/const_state_variables.sol#7)\nA.test should be constant (tests/const_state_variables.sol#10)\nA.text2 should be constant (tests/const_state_variables.sol#14)\nB.mySistersAddress should be constant (tests/const_state_variables.sol#26)\nMyConc.should_be_constant should be constant (tests/const_state_variables.sol#42)\nMyConc.should_be_constant_2 should be constant (tests/const_state_variables.sol#43)\n", "elements": [{"type": "variable", "name": "myFriendsAddress", "source_mapping": {"start": 132, "length": 76, "filename": "tests/const_state_variables.sol", "lines": [7]}}, {"type": "variable", "name": "mySistersAddress", "source_mapping": {"start": 496, "length": 76, "filename": "tests/const_state_variables.sol", "lines": [26]}}, {"type": "variable", "name": "should_be_constant", "source_mapping": {"start": 793, "length": 42, "filename": "tests/const_state_variables.sol", "lines": [42]}}, {"type": "variable", "name": "should_be_constant_2", "source_mapping": {"start": 841, "length": 33, "filename": "tests/const_state_variables.sol", "lines": [43]}}, {"type": "variable", "name": "test", "source_mapping": {"start": 237, "length": 20, "filename": "tests/const_state_variables.sol", "lines": [10]}}, {"type": "variable", "name": "text2", "source_mapping": {"start": 333, "length": 20, "filename": "tests/const_state_variables.sol", "lines": [14]}}]}] \ No newline at end of file +[ + { + "check": "constable-states", + "impact": "Informational", + "confidence": "High", + "description": "A.myFriendsAddress should be constant (tests/const_state_variables.sol#7)\nA.test should be constant (tests/const_state_variables.sol#10)\nA.text2 should be constant (tests/const_state_variables.sol#14)\nB.mySistersAddress should be constant (tests/const_state_variables.sol#26)\nMyConc.should_be_constant should be constant (tests/const_state_variables.sol#42)\nMyConc.should_be_constant_2 should be constant (tests/const_state_variables.sol#43)\n", + "elements": [ + { + "type": "variable", + "name": "myFriendsAddress", + "source_mapping": { + "start": 132, + "length": 76, + "filename_used": "/home/travis/build/crytic/slither/tests/const_state_variables.sol", + "filename_relative": "tests/const_state_variables.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/const_state_variables.sol", + "filename_short": "tests/const_state_variables.sol", + "lines": [ + 7 + ], + "starting_column": 5, + "ending_column": 81 + } + }, + { + "type": "variable", + "name": "mySistersAddress", + "source_mapping": { + "start": 496, + "length": 76, + "filename_used": "/home/travis/build/crytic/slither/tests/const_state_variables.sol", + "filename_relative": "tests/const_state_variables.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/const_state_variables.sol", + "filename_short": "tests/const_state_variables.sol", + "lines": [ + 26 + ], + "starting_column": 5, + "ending_column": 81 + } + }, + { + "type": "variable", + "name": "should_be_constant", + "source_mapping": { + "start": 793, + "length": 42, + "filename_used": "/home/travis/build/crytic/slither/tests/const_state_variables.sol", + "filename_relative": "tests/const_state_variables.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/const_state_variables.sol", + "filename_short": "tests/const_state_variables.sol", + "lines": [ + 42 + ], + "starting_column": 5, + "ending_column": 47 + } + }, + { + "type": "variable", + "name": "should_be_constant_2", + "source_mapping": { + "start": 841, + "length": 33, + "filename_used": "/home/travis/build/crytic/slither/tests/const_state_variables.sol", + "filename_relative": "tests/const_state_variables.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/const_state_variables.sol", + "filename_short": "tests/const_state_variables.sol", + "lines": [ + 43 + ], + "starting_column": 5, + "ending_column": 38 + } + }, + { + "type": "variable", + "name": "test", + "source_mapping": { + "start": 237, + "length": 20, + "filename_used": "/home/travis/build/crytic/slither/tests/const_state_variables.sol", + "filename_relative": "tests/const_state_variables.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/const_state_variables.sol", + "filename_short": "tests/const_state_variables.sol", + "lines": [ + 10 + ], + "starting_column": 5, + "ending_column": 25 + } + }, + { + "type": "variable", + "name": "text2", + "source_mapping": { + "start": 333, + "length": 20, + "filename_used": "/home/travis/build/crytic/slither/tests/const_state_variables.sol", + "filename_relative": "tests/const_state_variables.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/const_state_variables.sol", + "filename_short": "tests/const_state_variables.sol", + "lines": [ + 14 + ], + "starting_column": 5, + "ending_column": 25 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/const_state_variables.constable-states.txt b/tests/expected_json/const_state_variables.constable-states.txt new file mode 100644 index 000000000..2fc92c58c --- /dev/null +++ b/tests/expected_json/const_state_variables.constable-states.txt @@ -0,0 +1,9 @@ +INFO:Detectors: +A.myFriendsAddress should be constant (tests/const_state_variables.sol#7) +A.test should be constant (tests/const_state_variables.sol#10) +A.text2 should be constant (tests/const_state_variables.sol#14) +B.mySistersAddress should be constant (tests/const_state_variables.sol#26) +MyConc.should_be_constant should be constant (tests/const_state_variables.sol#42) +MyConc.should_be_constant_2 should be constant (tests/const_state_variables.sol#43) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-constant +INFO:Slither:tests/const_state_variables.sol analyzed (3 contracts), 1 result(s) found diff --git a/tests/expected_json/constant-0.5.1.constant-function.json b/tests/expected_json/constant-0.5.1.constant-function.json index d010b056e..0193f4fa0 100644 --- a/tests/expected_json/constant-0.5.1.constant-function.json +++ b/tests/expected_json/constant-0.5.1.constant-function.json @@ -1 +1,67 @@ -[{"check": "constant-function", "impact": "Medium", "confidence": "Medium", "description": "Constant.test_assembly_bug (tests/constant-0.5.1.sol#15-17) is declared view but contains assembly code\n", "elements": [{"type": "info", "contains_assembly": true}]}] \ No newline at end of file +[ + { + "check": "constant-function", + "impact": "Medium", + "confidence": "Medium", + "description": "Constant.test_assembly_bug (tests/constant-0.5.1.sol#15-17) is declared view but contains assembly code\n", + "elements": [ + { + "type": "function", + "name": "test_assembly_bug", + "source_mapping": { + "start": 185, + "length": 66, + "filename_used": "/home/travis/build/crytic/slither/tests/constant-0.5.1.sol", + "filename_relative": "tests/constant-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/constant-0.5.1.sol", + "filename_short": "tests/constant-0.5.1.sol", + "lines": [ + 15, + 16, + 17 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Constant", + "source_mapping": { + "start": 0, + "length": 253, + "filename_used": "/home/travis/build/crytic/slither/tests/constant-0.5.1.sol", + "filename_relative": "tests/constant-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/constant-0.5.1.sol", + "filename_short": "tests/constant-0.5.1.sol", + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "info", + "contains_assembly": true + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/constant-0.5.1.constant-function.txt b/tests/expected_json/constant-0.5.1.constant-function.txt new file mode 100644 index 000000000..c3090ad40 --- /dev/null +++ b/tests/expected_json/constant-0.5.1.constant-function.txt @@ -0,0 +1,4 @@ +INFO:Detectors: +Constant.test_assembly_bug (tests/constant-0.5.1.sol#15-17) is declared view but contains assembly code +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#constant-functions-changing-the-state +INFO:Slither:tests/constant-0.5.1.sol analyzed (1 contracts), 1 result(s) found diff --git a/tests/expected_json/constant.constant-function.json b/tests/expected_json/constant.constant-function.json index 0f48fe8dc..c2206ddb0 100644 --- a/tests/expected_json/constant.constant-function.json +++ b/tests/expected_json/constant.constant-function.json @@ -1 +1,252 @@ -[{"check": "constant-function", "impact": "Medium", "confidence": "Medium", "description": "Constant.test_view_bug (tests/constant.sol#5-7) is declared view but changes state variables:\n\t- Constant.a\n", "elements": [{"type": "function", "name": "test_view_bug", "source_mapping": {"start": 45, "length": 58, "filename": "tests/constant.sol", "lines": [5, 6, 7]}, "contract": {"type": "contract", "name": "Constant", "source_mapping": {"start": 0, "length": 392, "filename": "tests/constant.sol", "lines": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25]}}}, {"type": "variable", "name": "a", "source_mapping": {"start": 28, "length": 6, "filename": "tests/constant.sol", "lines": [3]}}, {"type": "info", "contains_assembly": false}]}, {"check": "constant-function", "impact": "Medium", "confidence": "Medium", "description": "Constant.test_constant_bug (tests/constant.sol#9-11) is declared view but changes state variables:\n\t- Constant.a\n", "elements": [{"type": "function", "name": "test_constant_bug", "source_mapping": {"start": 113, "length": 66, "filename": "tests/constant.sol", "lines": [9, 10, 11]}, "contract": {"type": "contract", "name": "Constant", "source_mapping": {"start": 0, "length": 392, "filename": "tests/constant.sol", "lines": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25]}}}, {"type": "variable", "name": "a", "source_mapping": {"start": 28, "length": 6, "filename": "tests/constant.sol", "lines": [3]}}, {"type": "info", "contains_assembly": false}]}, {"check": "constant-function", "impact": "Medium", "confidence": "Medium", "description": "Constant.test_assembly_bug (tests/constant.sol#22-24) is declared view but contains assembly code\n", "elements": [{"type": "info", "contains_assembly": true}]}] \ No newline at end of file +[ + { + "check": "constant-function", + "impact": "Medium", + "confidence": "Medium", + "description": "Constant.test_view_bug (tests/constant.sol#5-7) is declared view but changes state variables:\n\t- Constant.a\n", + "elements": [ + { + "type": "function", + "name": "test_view_bug", + "source_mapping": { + "start": 45, + "length": 58, + "filename_used": "/home/travis/build/crytic/slither/tests/constant.sol", + "filename_relative": "tests/constant.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/constant.sol", + "filename_short": "tests/constant.sol", + "lines": [ + 5, + 6, + 7 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Constant", + "source_mapping": { + "start": 0, + "length": 392, + "filename_used": "/home/travis/build/crytic/slither/tests/constant.sol", + "filename_relative": "tests/constant.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/constant.sol", + "filename_short": "tests/constant.sol", + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "variable", + "name": "a", + "source_mapping": { + "start": 28, + "length": 6, + "filename_used": "/home/travis/build/crytic/slither/tests/constant.sol", + "filename_relative": "tests/constant.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/constant.sol", + "filename_short": "tests/constant.sol", + "lines": [ + 3 + ], + "starting_column": 5, + "ending_column": 11 + } + }, + { + "type": "info", + "contains_assembly": false + } + ] + }, + { + "check": "constant-function", + "impact": "Medium", + "confidence": "Medium", + "description": "Constant.test_constant_bug (tests/constant.sol#9-11) is declared view but changes state variables:\n\t- Constant.a\n", + "elements": [ + { + "type": "function", + "name": "test_constant_bug", + "source_mapping": { + "start": 113, + "length": 66, + "filename_used": "/home/travis/build/crytic/slither/tests/constant.sol", + "filename_relative": "tests/constant.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/constant.sol", + "filename_short": "tests/constant.sol", + "lines": [ + 9, + 10, + 11 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Constant", + "source_mapping": { + "start": 0, + "length": 392, + "filename_used": "/home/travis/build/crytic/slither/tests/constant.sol", + "filename_relative": "tests/constant.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/constant.sol", + "filename_short": "tests/constant.sol", + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "variable", + "name": "a", + "source_mapping": { + "start": 28, + "length": 6, + "filename_used": "/home/travis/build/crytic/slither/tests/constant.sol", + "filename_relative": "tests/constant.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/constant.sol", + "filename_short": "tests/constant.sol", + "lines": [ + 3 + ], + "starting_column": 5, + "ending_column": 11 + } + }, + { + "type": "info", + "contains_assembly": false + } + ] + }, + { + "check": "constant-function", + "impact": "Medium", + "confidence": "Medium", + "description": "Constant.test_assembly_bug (tests/constant.sol#22-24) is declared view but contains assembly code\n", + "elements": [ + { + "type": "function", + "name": "test_assembly_bug", + "source_mapping": { + "start": 324, + "length": 66, + "filename_used": "/home/travis/build/crytic/slither/tests/constant.sol", + "filename_relative": "tests/constant.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/constant.sol", + "filename_short": "tests/constant.sol", + "lines": [ + 22, + 23, + 24 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Constant", + "source_mapping": { + "start": 0, + "length": 392, + "filename_used": "/home/travis/build/crytic/slither/tests/constant.sol", + "filename_relative": "tests/constant.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/constant.sol", + "filename_short": "tests/constant.sol", + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "info", + "contains_assembly": true + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/constant.constant-function.txt b/tests/expected_json/constant.constant-function.txt new file mode 100644 index 000000000..e0d191ca3 --- /dev/null +++ b/tests/expected_json/constant.constant-function.txt @@ -0,0 +1,8 @@ +INFO:Detectors: +Constant.test_view_bug (tests/constant.sol#5-7) is declared view but changes state variables: + - Constant.a +Constant.test_constant_bug (tests/constant.sol#9-11) is declared view but changes state variables: + - Constant.a +Constant.test_assembly_bug (tests/constant.sol#22-24) is declared view but contains assembly code +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#constant-functions-changing-the-state +INFO:Slither:tests/constant.sol analyzed (1 contracts), 3 result(s) found diff --git a/tests/expected_json/controlled_delegatecall.controlled-delegatecall.json b/tests/expected_json/controlled_delegatecall.controlled-delegatecall.json index 120ee52e4..79a8c4383 100644 --- a/tests/expected_json/controlled_delegatecall.controlled-delegatecall.json +++ b/tests/expected_json/controlled_delegatecall.controlled-delegatecall.json @@ -1 +1,173 @@ -[{"check": "controlled-delegatecall", "impact": "High", "confidence": "Medium", "description": "C.bad_delegate_call (tests/controlled_delegatecall.sol#8-11) uses delegatecall to a input-controlled function id\n\taddr_bad.delegatecall(data) (tests/controlled_delegatecall.sol#10)\n", "elements": [{"type": "function", "name": "bad_delegate_call", "source_mapping": {"start": 101, "length": 134, "filename": "tests/controlled_delegatecall.sol", "lines": [8, 9, 10, 11]}, "contract": {"type": "contract", "name": "C", "source_mapping": {"start": 0, "length": 585, "filename": "tests/controlled_delegatecall.sol", "lines": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25]}}}, {"type": "expression", "expression": "addr_bad.delegatecall(data)", "source_mapping": {"start": 201, "length": 27, "filename": "tests/controlled_delegatecall.sol", "lines": [10]}}]}, {"check": "controlled-delegatecall", "impact": "High", "confidence": "Medium", "description": "C.bad_delegate_call2 (tests/controlled_delegatecall.sol#18-20) uses delegatecall to a input-controlled function id\n\taddr_bad.delegatecall(abi.encode(func_id,data)) (tests/controlled_delegatecall.sol#19)\n", "elements": [{"type": "function", "name": "bad_delegate_call2", "source_mapping": {"start": 337, "length": 118, "filename": "tests/controlled_delegatecall.sol", "lines": [18, 19, 20]}, "contract": {"type": "contract", "name": "C", "source_mapping": {"start": 0, "length": 585, "filename": "tests/controlled_delegatecall.sol", "lines": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25]}}}, {"type": "expression", "expression": "addr_bad.delegatecall(abi.encode(func_id,data))", "source_mapping": {"start": 400, "length": 48, "filename": "tests/controlled_delegatecall.sol", "lines": [19]}}]}] \ No newline at end of file +[ + { + "check": "controlled-delegatecall", + "impact": "High", + "confidence": "Medium", + "description": "C.bad_delegate_call (tests/controlled_delegatecall.sol#8-11) uses delegatecall to a input-controlled function id\n\taddr_bad.delegatecall(data) (tests/controlled_delegatecall.sol#10)\n", + "elements": [ + { + "type": "function", + "name": "bad_delegate_call", + "source_mapping": { + "start": 101, + "length": 134, + "filename_used": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", + "filename_relative": "tests/controlled_delegatecall.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", + "filename_short": "tests/controlled_delegatecall.sol", + "lines": [ + 8, + 9, + 10, + 11 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "C", + "source_mapping": { + "start": 0, + "length": 585, + "filename_used": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", + "filename_relative": "tests/controlled_delegatecall.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", + "filename_short": "tests/controlled_delegatecall.sol", + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "addr_bad.delegatecall(data)", + "source_mapping": { + "start": 201, + "length": 27, + "filename_used": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", + "filename_relative": "tests/controlled_delegatecall.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", + "filename_short": "tests/controlled_delegatecall.sol", + "lines": [ + 10 + ], + "starting_column": 9, + "ending_column": 36 + } + } + ] + }, + { + "check": "controlled-delegatecall", + "impact": "High", + "confidence": "Medium", + "description": "C.bad_delegate_call2 (tests/controlled_delegatecall.sol#18-20) uses delegatecall to a input-controlled function id\n\taddr_bad.delegatecall(abi.encode(func_id,data)) (tests/controlled_delegatecall.sol#19)\n", + "elements": [ + { + "type": "function", + "name": "bad_delegate_call2", + "source_mapping": { + "start": 337, + "length": 118, + "filename_used": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", + "filename_relative": "tests/controlled_delegatecall.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", + "filename_short": "tests/controlled_delegatecall.sol", + "lines": [ + 18, + 19, + 20 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "C", + "source_mapping": { + "start": 0, + "length": 585, + "filename_used": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", + "filename_relative": "tests/controlled_delegatecall.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", + "filename_short": "tests/controlled_delegatecall.sol", + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "addr_bad.delegatecall(abi.encode(func_id,data))", + "source_mapping": { + "start": 400, + "length": 48, + "filename_used": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", + "filename_relative": "tests/controlled_delegatecall.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/controlled_delegatecall.sol", + "filename_short": "tests/controlled_delegatecall.sol", + "lines": [ + 19 + ], + "starting_column": 9, + "ending_column": 57 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/controlled_delegatecall.controlled-delegatecall.txt b/tests/expected_json/controlled_delegatecall.controlled-delegatecall.txt new file mode 100644 index 000000000..f19040c46 --- /dev/null +++ b/tests/expected_json/controlled_delegatecall.controlled-delegatecall.txt @@ -0,0 +1,7 @@ +INFO:Detectors: +C.bad_delegate_call (tests/controlled_delegatecall.sol#8-11) uses delegatecall to a input-controlled function id + addr_bad.delegatecall(data) (tests/controlled_delegatecall.sol#10) +C.bad_delegate_call2 (tests/controlled_delegatecall.sol#18-20) uses delegatecall to a input-controlled function id + addr_bad.delegatecall(abi.encode(func_id,data)) (tests/controlled_delegatecall.sol#19) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#controlled-delegatecall +INFO:Slither:tests/controlled_delegatecall.sol analyzed (1 contracts), 2 result(s) found diff --git a/tests/expected_json/deprecated_calls.deprecated-standards.json b/tests/expected_json/deprecated_calls.deprecated-standards.json index 8873478a5..606a2d766 100644 --- a/tests/expected_json/deprecated_calls.deprecated-standards.json +++ b/tests/expected_json/deprecated_calls.deprecated-standards.json @@ -1 +1,180 @@ -[{"check": "deprecated-standards", "impact": "Informational", "confidence": "High", "description": "Deprecated standard detected @ tests/deprecated_calls.sol#2:\n\t- Usage of \"block.blockhash()\" should be replaced with \"blockhash()\"\n", "elements": [{"type": "variable", "name": "globalBlockHash", "source_mapping": {"start": 48, "length": 44, "filename": "tests/deprecated_calls.sol", "lines": [2]}}]}, {"check": "deprecated-standards", "impact": "Informational", "confidence": "High", "description": "Deprecated standard detected @ tests/deprecated_calls.sol#7-10:\n\t- Usage of \"msg.gas\" should be replaced with \"gasleft()\"\n", "elements": [{"type": "expression", "expression": "msg.gas == msg.value", "source_mapping": {"start": 258, "length": 107, "filename": "tests/deprecated_calls.sol", "lines": [7, 8, 9, 10]}}]}, {"check": "deprecated-standards", "impact": "Informational", "confidence": "High", "description": "Deprecated standard detected @ tests/deprecated_calls.sol#9:\n\t- Usage of \"throw\" should be replaced with \"revert()\"\n", "elements": [{"type": "expression", "expression": "None", "source_mapping": {"start": 349, "length": 5, "filename": "tests/deprecated_calls.sol", "lines": [9]}}]}, {"check": "deprecated-standards", "impact": "Informational", "confidence": "High", "description": "Deprecated standard detected @ tests/deprecated_calls.sol#16:\n\t- Usage of \"sha3()\" should be replaced with \"keccak256()\"\n", "elements": [{"type": "expression", "expression": "sha3Result = sha3()(test deprecated sha3 usage)", "source_mapping": {"start": 542, "length": 55, "filename": "tests/deprecated_calls.sol", "lines": [16]}}]}, {"check": "deprecated-standards", "impact": "Informational", "confidence": "High", "description": "Deprecated standard detected @ tests/deprecated_calls.sol#19:\n\t- Usage of \"block.blockhash()\" should be replaced with \"blockhash()\"\n", "elements": [{"type": "expression", "expression": "blockHashResult = block.blockhash(0)", "source_mapping": {"start": 671, "length": 44, "filename": "tests/deprecated_calls.sol", "lines": [19]}}]}, {"check": "deprecated-standards", "impact": "Informational", "confidence": "High", "description": "Deprecated standard detected @ tests/deprecated_calls.sol#22:\n\t- Usage of \"callcode\" should be replaced with \"delegatecall\"\n", "elements": [{"type": "expression", "expression": "address(this).callcode()", "source_mapping": {"start": 785, "length": 24, "filename": "tests/deprecated_calls.sol", "lines": [22]}}]}, {"check": "deprecated-standards", "impact": "Informational", "confidence": "High", "description": "Deprecated standard detected @ tests/deprecated_calls.sol#25:\n\t- Usage of \"suicide()\" should be replaced with \"selfdestruct()\"\n", "elements": [{"type": "expression", "expression": "suicide(address)(address(0))", "source_mapping": {"start": 878, "length": 19, "filename": "tests/deprecated_calls.sol", "lines": [25]}}]}] \ No newline at end of file +[ + { + "check": "deprecated-standards", + "impact": "Informational", + "confidence": "High", + "description": "Deprecated standard detected @ tests/deprecated_calls.sol#2:\n\t- Usage of \"block.blockhash()\" should be replaced with \"blockhash()\"\n", + "elements": [ + { + "type": "variable", + "name": "globalBlockHash", + "source_mapping": { + "start": 48, + "length": 44, + "filename_used": "/home/travis/build/crytic/slither/tests/deprecated_calls.sol", + "filename_relative": "tests/deprecated_calls.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/deprecated_calls.sol", + "filename_short": "tests/deprecated_calls.sol", + "lines": [ + 2 + ], + "starting_column": 5, + "ending_column": 49 + } + } + ] + }, + { + "check": "deprecated-standards", + "impact": "Informational", + "confidence": "High", + "description": "Deprecated standard detected @ tests/deprecated_calls.sol#7-10:\n\t- Usage of \"msg.gas\" should be replaced with \"gasleft()\"\n", + "elements": [ + { + "type": "expression", + "expression": "msg.gas == msg.value", + "source_mapping": { + "start": 258, + "length": 107, + "filename_used": "/home/travis/build/crytic/slither/tests/deprecated_calls.sol", + "filename_relative": "tests/deprecated_calls.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/deprecated_calls.sol", + "filename_short": "tests/deprecated_calls.sol", + "lines": [ + 7, + 8, + 9, + 10 + ], + "starting_column": 9, + "ending_column": 10 + } + } + ] + }, + { + "check": "deprecated-standards", + "impact": "Informational", + "confidence": "High", + "description": "Deprecated standard detected @ tests/deprecated_calls.sol#9:\n\t- Usage of \"throw\" should be replaced with \"revert()\"\n", + "elements": [ + { + "type": "expression", + "expression": "None", + "source_mapping": { + "start": 349, + "length": 5, + "filename_used": "/home/travis/build/crytic/slither/tests/deprecated_calls.sol", + "filename_relative": "tests/deprecated_calls.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/deprecated_calls.sol", + "filename_short": "tests/deprecated_calls.sol", + "lines": [ + 9 + ], + "starting_column": 13, + "ending_column": 18 + } + } + ] + }, + { + "check": "deprecated-standards", + "impact": "Informational", + "confidence": "High", + "description": "Deprecated standard detected @ tests/deprecated_calls.sol#16:\n\t- Usage of \"sha3()\" should be replaced with \"keccak256()\"\n", + "elements": [ + { + "type": "expression", + "expression": "sha3Result = sha3()(test deprecated sha3 usage)", + "source_mapping": { + "start": 542, + "length": 55, + "filename_used": "/home/travis/build/crytic/slither/tests/deprecated_calls.sol", + "filename_relative": "tests/deprecated_calls.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/deprecated_calls.sol", + "filename_short": "tests/deprecated_calls.sol", + "lines": [ + 16 + ], + "starting_column": 9, + "ending_column": 64 + } + } + ] + }, + { + "check": "deprecated-standards", + "impact": "Informational", + "confidence": "High", + "description": "Deprecated standard detected @ tests/deprecated_calls.sol#19:\n\t- Usage of \"block.blockhash()\" should be replaced with \"blockhash()\"\n", + "elements": [ + { + "type": "expression", + "expression": "blockHashResult = block.blockhash(0)", + "source_mapping": { + "start": 671, + "length": 44, + "filename_used": "/home/travis/build/crytic/slither/tests/deprecated_calls.sol", + "filename_relative": "tests/deprecated_calls.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/deprecated_calls.sol", + "filename_short": "tests/deprecated_calls.sol", + "lines": [ + 19 + ], + "starting_column": 9, + "ending_column": 53 + } + } + ] + }, + { + "check": "deprecated-standards", + "impact": "Informational", + "confidence": "High", + "description": "Deprecated standard detected @ tests/deprecated_calls.sol#22:\n\t- Usage of \"callcode\" should be replaced with \"delegatecall\"\n", + "elements": [ + { + "type": "expression", + "expression": "address(this).callcode()", + "source_mapping": { + "start": 785, + "length": 24, + "filename_used": "/home/travis/build/crytic/slither/tests/deprecated_calls.sol", + "filename_relative": "tests/deprecated_calls.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/deprecated_calls.sol", + "filename_short": "tests/deprecated_calls.sol", + "lines": [ + 22 + ], + "starting_column": 9, + "ending_column": 33 + } + } + ] + }, + { + "check": "deprecated-standards", + "impact": "Informational", + "confidence": "High", + "description": "Deprecated standard detected @ tests/deprecated_calls.sol#25:\n\t- Usage of \"suicide()\" should be replaced with \"selfdestruct()\"\n", + "elements": [ + { + "type": "expression", + "expression": "suicide(address)(address(0))", + "source_mapping": { + "start": 878, + "length": 19, + "filename_used": "/home/travis/build/crytic/slither/tests/deprecated_calls.sol", + "filename_relative": "tests/deprecated_calls.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/deprecated_calls.sol", + "filename_short": "tests/deprecated_calls.sol", + "lines": [ + 25 + ], + "starting_column": 9, + "ending_column": 28 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/deprecated_calls.deprecated-standards.txt b/tests/expected_json/deprecated_calls.deprecated-standards.txt new file mode 100644 index 000000000..e0733a66e --- /dev/null +++ b/tests/expected_json/deprecated_calls.deprecated-standards.txt @@ -0,0 +1,17 @@ +INFO:Detectors: +Deprecated standard detected @ tests/deprecated_calls.sol#2: + - Usage of "block.blockhash()" should be replaced with "blockhash()" +Deprecated standard detected @ tests/deprecated_calls.sol#7-10: + - Usage of "msg.gas" should be replaced with "gasleft()" +Deprecated standard detected @ tests/deprecated_calls.sol#9: + - Usage of "throw" should be replaced with "revert()" +Deprecated standard detected @ tests/deprecated_calls.sol#16: + - Usage of "sha3()" should be replaced with "keccak256()" +Deprecated standard detected @ tests/deprecated_calls.sol#19: + - Usage of "block.blockhash()" should be replaced with "blockhash()" +Deprecated standard detected @ tests/deprecated_calls.sol#22: + - Usage of "callcode" should be replaced with "delegatecall" +Deprecated standard detected @ tests/deprecated_calls.sol#25: + - Usage of "suicide()" should be replaced with "selfdestruct()" +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#deprecated-standards +INFO:Slither:tests/deprecated_calls.sol analyzed (1 contracts), 7 result(s) found diff --git a/tests/expected_json/erc20_indexed.erc20-indexed.json b/tests/expected_json/erc20_indexed.erc20-indexed.json index 35d3751ce..e59622bbe 100644 --- a/tests/expected_json/erc20_indexed.erc20-indexed.json +++ b/tests/expected_json/erc20_indexed.erc20-indexed.json @@ -1 +1,182 @@ -[{"check": "erc20-indexed", "impact": "Informational", "confidence": "High", "description": "IERC20Bad (tests/erc20_indexed.sol#12-21) does not mark important ERC20 parameters as 'indexed':\n\t-Transfer (tests/erc20_indexed.sol#19) does not index parameter 'from'\n\t-Transfer (tests/erc20_indexed.sol#19) does not index parameter 'to'\n\t-Approval (tests/erc20_indexed.sol#20) does not index parameter 'owner'\n\t-Approval (tests/erc20_indexed.sol#20) does not index parameter 'spender'\n", "elements": [{"type": "function", "name": "Approval", "source_mapping": {"start": 1148, "length": 59, "filename": "tests/erc20_indexed.sol", "lines": [20]}, "contract": {"type": "contract", "name": "IERC20Bad", "source_mapping": {"start": 622, "length": 587, "filename": "tests/erc20_indexed.sol", "lines": [12, 13, 14, 15, 16, 17, 18, 19, 20, 21]}}}, {"type": "function", "name": "Approval", "source_mapping": {"start": 1148, "length": 59, "filename": "tests/erc20_indexed.sol", "lines": [20]}, "contract": {"type": "contract", "name": "IERC20Bad", "source_mapping": {"start": 622, "length": 587, "filename": "tests/erc20_indexed.sol", "lines": [12, 13, 14, 15, 16, 17, 18, 19, 20, 21]}}}, {"type": "function", "name": "Transfer", "source_mapping": {"start": 1090, "length": 53, "filename": "tests/erc20_indexed.sol", "lines": [19]}, "contract": {"type": "contract", "name": "IERC20Bad", "source_mapping": {"start": 622, "length": 587, "filename": "tests/erc20_indexed.sol", "lines": [12, 13, 14, 15, 16, 17, 18, 19, 20, 21]}}}, {"type": "function", "name": "Transfer", "source_mapping": {"start": 1090, "length": 53, "filename": "tests/erc20_indexed.sol", "lines": [19]}, "contract": {"type": "contract", "name": "IERC20Bad", "source_mapping": {"start": 622, "length": 587, "filename": "tests/erc20_indexed.sol", "lines": [12, 13, 14, 15, 16, 17, 18, 19, 20, 21]}}}]}] \ No newline at end of file +[ + { + "check": "erc20-indexed", + "impact": "Informational", + "confidence": "High", + "description": "IERC20Bad (tests/erc20_indexed.sol#12-21) does not mark important ERC20 parameters as 'indexed':\n\t-Transfer (tests/erc20_indexed.sol#19) does not index parameter 'from'\n\t-Transfer (tests/erc20_indexed.sol#19) does not index parameter 'to'\n\t-Approval (tests/erc20_indexed.sol#20) does not index parameter 'owner'\n\t-Approval (tests/erc20_indexed.sol#20) does not index parameter 'spender'\n", + "elements": [ + { + "type": "function", + "name": "Approval", + "source_mapping": { + "start": 1148, + "length": 59, + "filename_used": "/home/travis/build/crytic/slither/tests/erc20_indexed.sol", + "filename_relative": "tests/erc20_indexed.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/erc20_indexed.sol", + "filename_short": "tests/erc20_indexed.sol", + "lines": [ + 20 + ], + "starting_column": 5, + "ending_column": 64 + }, + "contract": { + "type": "contract", + "name": "IERC20Bad", + "source_mapping": { + "start": 622, + "length": 587, + "filename_used": "/home/travis/build/crytic/slither/tests/erc20_indexed.sol", + "filename_relative": "tests/erc20_indexed.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/erc20_indexed.sol", + "filename_short": "tests/erc20_indexed.sol", + "lines": [ + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "function", + "name": "Approval", + "source_mapping": { + "start": 1148, + "length": 59, + "filename_used": "/home/travis/build/crytic/slither/tests/erc20_indexed.sol", + "filename_relative": "tests/erc20_indexed.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/erc20_indexed.sol", + "filename_short": "tests/erc20_indexed.sol", + "lines": [ + 20 + ], + "starting_column": 5, + "ending_column": 64 + }, + "contract": { + "type": "contract", + "name": "IERC20Bad", + "source_mapping": { + "start": 622, + "length": 587, + "filename_used": "/home/travis/build/crytic/slither/tests/erc20_indexed.sol", + "filename_relative": "tests/erc20_indexed.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/erc20_indexed.sol", + "filename_short": "tests/erc20_indexed.sol", + "lines": [ + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "function", + "name": "Transfer", + "source_mapping": { + "start": 1090, + "length": 53, + "filename_used": "/home/travis/build/crytic/slither/tests/erc20_indexed.sol", + "filename_relative": "tests/erc20_indexed.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/erc20_indexed.sol", + "filename_short": "tests/erc20_indexed.sol", + "lines": [ + 19 + ], + "starting_column": 5, + "ending_column": 58 + }, + "contract": { + "type": "contract", + "name": "IERC20Bad", + "source_mapping": { + "start": 622, + "length": 587, + "filename_used": "/home/travis/build/crytic/slither/tests/erc20_indexed.sol", + "filename_relative": "tests/erc20_indexed.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/erc20_indexed.sol", + "filename_short": "tests/erc20_indexed.sol", + "lines": [ + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "function", + "name": "Transfer", + "source_mapping": { + "start": 1090, + "length": 53, + "filename_used": "/home/travis/build/crytic/slither/tests/erc20_indexed.sol", + "filename_relative": "tests/erc20_indexed.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/erc20_indexed.sol", + "filename_short": "tests/erc20_indexed.sol", + "lines": [ + 19 + ], + "starting_column": 5, + "ending_column": 58 + }, + "contract": { + "type": "contract", + "name": "IERC20Bad", + "source_mapping": { + "start": 622, + "length": 587, + "filename_used": "/home/travis/build/crytic/slither/tests/erc20_indexed.sol", + "filename_relative": "tests/erc20_indexed.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/erc20_indexed.sol", + "filename_short": "tests/erc20_indexed.sol", + "lines": [ + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/erc20_indexed.erc20-indexed.txt b/tests/expected_json/erc20_indexed.erc20-indexed.txt new file mode 100644 index 000000000..4e6f57a83 --- /dev/null +++ b/tests/expected_json/erc20_indexed.erc20-indexed.txt @@ -0,0 +1,8 @@ +INFO:Detectors: +IERC20Bad (tests/erc20_indexed.sol#12-21) does not mark important ERC20 parameters as 'indexed': + -Transfer (tests/erc20_indexed.sol#19) does not index parameter 'from' + -Transfer (tests/erc20_indexed.sol#19) does not index parameter 'to' + -Approval (tests/erc20_indexed.sol#20) does not index parameter 'owner' + -Approval (tests/erc20_indexed.sol#20) does not index parameter 'spender' +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unindexed-erc20-event-parameters +INFO:Slither:tests/erc20_indexed.sol analyzed (3 contracts), 1 result(s) found diff --git a/tests/expected_json/external_function.external-function.json b/tests/expected_json/external_function.external-function.json index 7b5fe4397..0a04a39e4 100644 --- a/tests/expected_json/external_function.external-function.json +++ b/tests/expected_json/external_function.external-function.json @@ -1 +1,246 @@ -[{"check": "external-function", "impact": "Informational", "confidence": "High", "description": "ContractWithFunctionNotCalled.funcNotCalled3 (tests/external_function.sol#13-15) should be declared external\n", "elements": [{"type": "function", "name": "funcNotCalled3", "source_mapping": {"start": 259, "length": 41, "filename": "tests/external_function.sol", "lines": [13, 14, 15]}, "contract": {"type": "contract", "name": "ContractWithFunctionNotCalled", "source_mapping": {"start": 213, "length": 258, "filename": "tests/external_function.sol", "lines": [11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29]}}}]}, {"check": "external-function", "impact": "Informational", "confidence": "High", "description": "ContractWithFunctionNotCalled.funcNotCalled2 (tests/external_function.sol#17-19) should be declared external\n", "elements": [{"type": "function", "name": "funcNotCalled2", "source_mapping": {"start": 306, "length": 41, "filename": "tests/external_function.sol", "lines": [17, 18, 19]}, "contract": {"type": "contract", "name": "ContractWithFunctionNotCalled", "source_mapping": {"start": 213, "length": 258, "filename": "tests/external_function.sol", "lines": [11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29]}}}]}, {"check": "external-function", "impact": "Informational", "confidence": "High", "description": "ContractWithFunctionNotCalled.funcNotCalled (tests/external_function.sol#21-23) should be declared external\n", "elements": [{"type": "function", "name": "funcNotCalled", "source_mapping": {"start": 353, "length": 40, "filename": "tests/external_function.sol", "lines": [21, 22, 23]}, "contract": {"type": "contract", "name": "ContractWithFunctionNotCalled", "source_mapping": {"start": 213, "length": 258, "filename": "tests/external_function.sol", "lines": [11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29]}}}]}, {"check": "external-function", "impact": "Informational", "confidence": "High", "description": "ContractWithFunctionNotCalled2.funcNotCalled (tests/external_function.sol#32-39) should be declared external\n", "elements": [{"type": "function", "name": "funcNotCalled", "source_mapping": {"start": 554, "length": 325, "filename": "tests/external_function.sol", "lines": [32, 33, 34, 35, 36, 37, 38, 39]}, "contract": {"type": "contract", "name": "ContractWithFunctionNotCalled2", "source_mapping": {"start": 473, "length": 408, "filename": "tests/external_function.sol", "lines": [31, 32, 33, 34, 35, 36, 37, 38, 39, 40]}}}]}] \ No newline at end of file +[ + { + "check": "external-function", + "impact": "Informational", + "confidence": "High", + "description": "ContractWithFunctionNotCalled.funcNotCalled3 (tests/external_function.sol#13-15) should be declared external\n", + "elements": [ + { + "type": "function", + "name": "funcNotCalled3", + "source_mapping": { + "start": 259, + "length": 41, + "filename_used": "/home/travis/build/crytic/slither/tests/external_function.sol", + "filename_relative": "tests/external_function.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/external_function.sol", + "filename_short": "tests/external_function.sol", + "lines": [ + 13, + 14, + 15 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "ContractWithFunctionNotCalled", + "source_mapping": { + "start": 213, + "length": 258, + "filename_used": "/home/travis/build/crytic/slither/tests/external_function.sol", + "filename_relative": "tests/external_function.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/external_function.sol", + "filename_short": "tests/external_function.sol", + "lines": [ + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + }, + { + "check": "external-function", + "impact": "Informational", + "confidence": "High", + "description": "ContractWithFunctionNotCalled.funcNotCalled2 (tests/external_function.sol#17-19) should be declared external\n", + "elements": [ + { + "type": "function", + "name": "funcNotCalled2", + "source_mapping": { + "start": 306, + "length": 41, + "filename_used": "/home/travis/build/crytic/slither/tests/external_function.sol", + "filename_relative": "tests/external_function.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/external_function.sol", + "filename_short": "tests/external_function.sol", + "lines": [ + 17, + 18, + 19 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "ContractWithFunctionNotCalled", + "source_mapping": { + "start": 213, + "length": 258, + "filename_used": "/home/travis/build/crytic/slither/tests/external_function.sol", + "filename_relative": "tests/external_function.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/external_function.sol", + "filename_short": "tests/external_function.sol", + "lines": [ + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + }, + { + "check": "external-function", + "impact": "Informational", + "confidence": "High", + "description": "ContractWithFunctionNotCalled.funcNotCalled (tests/external_function.sol#21-23) should be declared external\n", + "elements": [ + { + "type": "function", + "name": "funcNotCalled", + "source_mapping": { + "start": 353, + "length": 40, + "filename_used": "/home/travis/build/crytic/slither/tests/external_function.sol", + "filename_relative": "tests/external_function.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/external_function.sol", + "filename_short": "tests/external_function.sol", + "lines": [ + 21, + 22, + 23 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "ContractWithFunctionNotCalled", + "source_mapping": { + "start": 213, + "length": 258, + "filename_used": "/home/travis/build/crytic/slither/tests/external_function.sol", + "filename_relative": "tests/external_function.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/external_function.sol", + "filename_short": "tests/external_function.sol", + "lines": [ + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + }, + { + "check": "external-function", + "impact": "Informational", + "confidence": "High", + "description": "ContractWithFunctionNotCalled2.funcNotCalled (tests/external_function.sol#32-39) should be declared external\n", + "elements": [ + { + "type": "function", + "name": "funcNotCalled", + "source_mapping": { + "start": 554, + "length": 325, + "filename_used": "/home/travis/build/crytic/slither/tests/external_function.sol", + "filename_relative": "tests/external_function.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/external_function.sol", + "filename_short": "tests/external_function.sol", + "lines": [ + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "ContractWithFunctionNotCalled2", + "source_mapping": { + "start": 473, + "length": 408, + "filename_used": "/home/travis/build/crytic/slither/tests/external_function.sol", + "filename_relative": "tests/external_function.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/external_function.sol", + "filename_short": "tests/external_function.sol", + "lines": [ + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/external_function.external-function.txt b/tests/expected_json/external_function.external-function.txt new file mode 100644 index 000000000..7a7fcfbd5 --- /dev/null +++ b/tests/expected_json/external_function.external-function.txt @@ -0,0 +1,7 @@ +INFO:Detectors: +ContractWithFunctionNotCalled.funcNotCalled3 (tests/external_function.sol#13-15) should be declared external +ContractWithFunctionNotCalled.funcNotCalled2 (tests/external_function.sol#17-19) should be declared external +ContractWithFunctionNotCalled.funcNotCalled (tests/external_function.sol#21-23) should be declared external +ContractWithFunctionNotCalled2.funcNotCalled (tests/external_function.sol#32-39) should be declared external +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-as-external +INFO:Slither:tests/external_function.sol analyzed (5 contracts), 4 result(s) found diff --git a/tests/expected_json/external_function_2.external-function.txt b/tests/expected_json/external_function_2.external-function.txt new file mode 100644 index 000000000..352324d7f --- /dev/null +++ b/tests/expected_json/external_function_2.external-function.txt @@ -0,0 +1 @@ +INFO:Slither:tests/external_function_2.sol analyzed (4 contracts), 0 result(s) found diff --git a/tests/expected_json/incorrect_equality.incorrect-equality.json b/tests/expected_json/incorrect_equality.incorrect-equality.json index 9bd015a04..c2bfd8c01 100644 --- a/tests/expected_json/incorrect_equality.incorrect-equality.json +++ b/tests/expected_json/incorrect_equality.incorrect-equality.json @@ -1 +1,1366 @@ -[{"check": "incorrect-equality", "impact": "Medium", "confidence": "High", "description": "ERC20TestBalance.bad0 (tests/incorrect_equality.sol#21-23) uses a dangerous strict equality:\n\t- require(bool)(erc.balanceOf(address(this)) == 10)\n", "elements": [{"type": "function", "name": "bad0", "source_mapping": {"start": 404, "length": 101, "filename": "tests/incorrect_equality.sol", "lines": [21, 22, 23]}, "contract": {"type": "contract", "name": "ERC20TestBalance", "source_mapping": {"start": 165, "length": 445, "filename": "tests/incorrect_equality.sol", "lines": [10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28]}}}, {"type": "expression", "expression": "require(bool)(erc.balanceOf(address(this)) == 10)", "source_mapping": {"start": 455, "length": 43, "filename": "tests/incorrect_equality.sol", "lines": [22]}}]}, {"check": "incorrect-equality", "impact": "Medium", "confidence": "High", "description": "ERC20TestBalance.bad0 (tests/incorrect_equality.sol#21-23) uses a dangerous strict equality:\n\t- require(bool)(erc.balanceOf(address(this)) == 10)\nERC20TestBalance.bad1 (tests/incorrect_equality.sol#25-27) uses a dangerous strict equality:\n\t- require(bool)(erc.balanceOf(msg.sender) == 10)\n", "elements": [{"type": "function", "name": "bad1", "source_mapping": {"start": 511, "length": 97, "filename": "tests/incorrect_equality.sol", "lines": [25, 26, 27]}, "contract": {"type": "contract", "name": "ERC20TestBalance", "source_mapping": {"start": 165, "length": 445, "filename": "tests/incorrect_equality.sol", "lines": [10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28]}}}, {"type": "expression", "expression": "require(bool)(erc.balanceOf(msg.sender) == 10)", "source_mapping": {"start": 562, "length": 39, "filename": "tests/incorrect_equality.sol", "lines": [26]}}]}, {"check": "incorrect-equality", "impact": "Medium", "confidence": "High", "description": "TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality:\n\t- require(bool)(address(address(this)).balance == 10000000000000000000)\n", "elements": [{"type": "function", "name": "bad0", "source_mapping": {"start": 648, "length": 133, "filename": "tests/incorrect_equality.sol", "lines": [32, 33, 34, 35]}, "contract": {"type": "contract", "name": "TestContractBalance", "source_mapping": {"start": 612, "length": 1754, "filename": "tests/incorrect_equality.sol", "lines": [30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97]}}}, {"type": "expression", "expression": "require(bool)(address(address(this)).balance == 10000000000000000000)", "source_mapping": {"start": 683, "length": 51, "filename": "tests/incorrect_equality.sol", "lines": [33]}}]}, {"check": "incorrect-equality", "impact": "Medium", "confidence": "High", "description": "TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality:\n\t- require(bool)(address(address(this)).balance == 10000000000000000000)\nTestContractBalance.bad1 (tests/incorrect_equality.sol#37-40) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(address(this)).balance)\n", "elements": [{"type": "function", "name": "bad1", "source_mapping": {"start": 787, "length": 133, "filename": "tests/incorrect_equality.sol", "lines": [37, 38, 39, 40]}, "contract": {"type": "contract", "name": "TestContractBalance", "source_mapping": {"start": 612, "length": 1754, "filename": "tests/incorrect_equality.sol", "lines": [30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97]}}}, {"type": "expression", "expression": "require(bool)(10000000000000000000 == address(address(this)).balance)", "source_mapping": {"start": 822, "length": 51, "filename": "tests/incorrect_equality.sol", "lines": [38]}}]}, {"check": "incorrect-equality", "impact": "Medium", "confidence": "High", "description": "TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality:\n\t- require(bool)(address(address(this)).balance == 10000000000000000000)\nTestContractBalance.bad1 (tests/incorrect_equality.sol#37-40) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(address(this)).balance)\nTestContractBalance.bad2 (tests/incorrect_equality.sol#42-45) uses a dangerous strict equality:\n\t- require(bool)(address(this).balance == 10000000000000000000)\n", "elements": [{"type": "function", "name": "bad2", "source_mapping": {"start": 926, "length": 124, "filename": "tests/incorrect_equality.sol", "lines": [42, 43, 44, 45]}, "contract": {"type": "contract", "name": "TestContractBalance", "source_mapping": {"start": 612, "length": 1754, "filename": "tests/incorrect_equality.sol", "lines": [30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97]}}}, {"type": "expression", "expression": "require(bool)(address(this).balance == 10000000000000000000)", "source_mapping": {"start": 961, "length": 42, "filename": "tests/incorrect_equality.sol", "lines": [43]}}]}, {"check": "incorrect-equality", "impact": "Medium", "confidence": "High", "description": "TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality:\n\t- require(bool)(address(address(this)).balance == 10000000000000000000)\nTestContractBalance.bad1 (tests/incorrect_equality.sol#37-40) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(address(this)).balance)\nTestContractBalance.bad2 (tests/incorrect_equality.sol#42-45) uses a dangerous strict equality:\n\t- require(bool)(address(this).balance == 10000000000000000000)\nTestContractBalance.bad3 (tests/incorrect_equality.sol#47-50) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(this).balance)\n", "elements": [{"type": "function", "name": "bad3", "source_mapping": {"start": 1056, "length": 124, "filename": "tests/incorrect_equality.sol", "lines": [47, 48, 49, 50]}, "contract": {"type": "contract", "name": "TestContractBalance", "source_mapping": {"start": 612, "length": 1754, "filename": "tests/incorrect_equality.sol", "lines": [30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97]}}}, {"type": "expression", "expression": "require(bool)(10000000000000000000 == address(this).balance)", "source_mapping": {"start": 1091, "length": 42, "filename": "tests/incorrect_equality.sol", "lines": [48]}}]}, {"check": "incorrect-equality", "impact": "Medium", "confidence": "High", "description": "TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality:\n\t- require(bool)(address(address(this)).balance == 10000000000000000000)\nTestContractBalance.bad1 (tests/incorrect_equality.sol#37-40) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(address(this)).balance)\nTestContractBalance.bad2 (tests/incorrect_equality.sol#42-45) uses a dangerous strict equality:\n\t- require(bool)(address(this).balance == 10000000000000000000)\nTestContractBalance.bad3 (tests/incorrect_equality.sol#47-50) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(this).balance)\nTestContractBalance.bad4 (tests/incorrect_equality.sol#52-57) uses a dangerous strict equality:\n\t- balance == 10000000000000000000\n", "elements": [{"type": "function", "name": "bad4", "source_mapping": {"start": 1186, "length": 170, "filename": "tests/incorrect_equality.sol", "lines": [52, 53, 54, 55, 56, 57]}, "contract": {"type": "contract", "name": "TestContractBalance", "source_mapping": {"start": 612, "length": 1754, "filename": "tests/incorrect_equality.sol", "lines": [30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97]}}}, {"type": "expression", "expression": "balance == 10000000000000000000", "source_mapping": {"start": 1270, "length": 80, "filename": "tests/incorrect_equality.sol", "lines": [54, 55, 56]}}]}, {"check": "incorrect-equality", "impact": "Medium", "confidence": "High", "description": "TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality:\n\t- require(bool)(address(address(this)).balance == 10000000000000000000)\nTestContractBalance.bad1 (tests/incorrect_equality.sol#37-40) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(address(this)).balance)\nTestContractBalance.bad2 (tests/incorrect_equality.sol#42-45) uses a dangerous strict equality:\n\t- require(bool)(address(this).balance == 10000000000000000000)\nTestContractBalance.bad3 (tests/incorrect_equality.sol#47-50) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(this).balance)\nTestContractBalance.bad4 (tests/incorrect_equality.sol#52-57) uses a dangerous strict equality:\n\t- balance == 10000000000000000000\nTestContractBalance.bad5 (tests/incorrect_equality.sol#59-64) uses a dangerous strict equality:\n\t- 10000000000000000000 == balance\n", "elements": [{"type": "function", "name": "bad5", "source_mapping": {"start": 1362, "length": 170, "filename": "tests/incorrect_equality.sol", "lines": [59, 60, 61, 62, 63, 64]}, "contract": {"type": "contract", "name": "TestContractBalance", "source_mapping": {"start": 612, "length": 1754, "filename": "tests/incorrect_equality.sol", "lines": [30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97]}}}, {"type": "expression", "expression": "10000000000000000000 == balance", "source_mapping": {"start": 1446, "length": 80, "filename": "tests/incorrect_equality.sol", "lines": [61, 62, 63]}}]}, {"check": "incorrect-equality", "impact": "Medium", "confidence": "High", "description": "TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality:\n\t- require(bool)(address(address(this)).balance == 10000000000000000000)\nTestContractBalance.bad1 (tests/incorrect_equality.sol#37-40) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(address(this)).balance)\nTestContractBalance.bad2 (tests/incorrect_equality.sol#42-45) uses a dangerous strict equality:\n\t- require(bool)(address(this).balance == 10000000000000000000)\nTestContractBalance.bad3 (tests/incorrect_equality.sol#47-50) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(this).balance)\nTestContractBalance.bad4 (tests/incorrect_equality.sol#52-57) uses a dangerous strict equality:\n\t- balance == 10000000000000000000\nTestContractBalance.bad5 (tests/incorrect_equality.sol#59-64) uses a dangerous strict equality:\n\t- 10000000000000000000 == balance\nTestContractBalance.bad6 (tests/incorrect_equality.sol#66-71) uses a dangerous strict equality:\n\t- balance == 10000000000000000000\n", "elements": [{"type": "function", "name": "bad6", "source_mapping": {"start": 1538, "length": 179, "filename": "tests/incorrect_equality.sol", "lines": [66, 67, 68, 69, 70, 71]}, "contract": {"type": "contract", "name": "TestContractBalance", "source_mapping": {"start": 612, "length": 1754, "filename": "tests/incorrect_equality.sol", "lines": [30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72, 73, 74, 75, 76, 77, 78, 79, 80, 81, 82, 83, 84, 85, 86, 87, 88, 89, 90, 91, 92, 93, 94, 95, 96, 97]}}}, {"type": "expression", "expression": "balance == 10000000000000000000", "source_mapping": {"start": 1631, "length": 80, "filename": "tests/incorrect_equality.sol", "lines": [68, 69, 70]}}]}, {"check": "incorrect-equality", "impact": "Medium", "confidence": "High", "description": "TestSolidityKeyword.bad0 (tests/incorrect_equality.sol#123-125) uses a dangerous strict equality:\n\t- require(bool)(now == 0)\n", "elements": [{"type": "function", "name": "bad0", "source_mapping": {"start": 2935, "length": 59, "filename": "tests/incorrect_equality.sol", "lines": [123, 124, 125]}, "contract": {"type": "contract", "name": "TestSolidityKeyword", "source_mapping": {"start": 2368, "length": 774, "filename": "tests/incorrect_equality.sol", "lines": [99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135]}}}, {"type": "expression", "expression": "require(bool)(now == 0)", "source_mapping": {"start": 2969, "length": 18, "filename": "tests/incorrect_equality.sol", "lines": [124]}}]}, {"check": "incorrect-equality", "impact": "Medium", "confidence": "High", "description": "TestSolidityKeyword.bad0 (tests/incorrect_equality.sol#123-125) uses a dangerous strict equality:\n\t- require(bool)(now == 0)\nTestSolidityKeyword.bad1 (tests/incorrect_equality.sol#127-129) uses a dangerous strict equality:\n\t- require(bool)(block.number == 0)\n", "elements": [{"type": "function", "name": "bad1", "source_mapping": {"start": 3000, "length": 66, "filename": "tests/incorrect_equality.sol", "lines": [127, 128, 129]}, "contract": {"type": "contract", "name": "TestSolidityKeyword", "source_mapping": {"start": 2368, "length": 774, "filename": "tests/incorrect_equality.sol", "lines": [99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135]}}}, {"type": "expression", "expression": "require(bool)(block.number == 0)", "source_mapping": {"start": 3034, "length": 25, "filename": "tests/incorrect_equality.sol", "lines": [128]}}]}, {"check": "incorrect-equality", "impact": "Medium", "confidence": "High", "description": "TestSolidityKeyword.bad0 (tests/incorrect_equality.sol#123-125) uses a dangerous strict equality:\n\t- require(bool)(now == 0)\nTestSolidityKeyword.bad1 (tests/incorrect_equality.sol#127-129) uses a dangerous strict equality:\n\t- require(bool)(block.number == 0)\nTestSolidityKeyword.bad2 (tests/incorrect_equality.sol#131-133) uses a dangerous strict equality:\n\t- require(bool)(block.number == 0)\n", "elements": [{"type": "function", "name": "bad2", "source_mapping": {"start": 3072, "length": 67, "filename": "tests/incorrect_equality.sol", "lines": [131, 132, 133]}, "contract": {"type": "contract", "name": "TestSolidityKeyword", "source_mapping": {"start": 2368, "length": 774, "filename": "tests/incorrect_equality.sol", "lines": [99, 100, 101, 102, 103, 104, 105, 106, 107, 108, 109, 110, 111, 112, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 124, 125, 126, 127, 128, 129, 130, 131, 132, 133, 134, 135]}}}, {"type": "expression", "expression": "require(bool)(block.number == 0)", "source_mapping": {"start": 3106, "length": 26, "filename": "tests/incorrect_equality.sol", "lines": [132]}}]}] \ No newline at end of file +[ + { + "check": "incorrect-equality", + "impact": "Medium", + "confidence": "High", + "description": "ERC20TestBalance.bad0 (tests/incorrect_equality.sol#21-23) uses a dangerous strict equality:\n\t- require(bool)(erc.balanceOf(address(this)) == 10)\n", + "elements": [ + { + "type": "function", + "name": "bad0", + "source_mapping": { + "start": 404, + "length": 101, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 21, + 22, + 23 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "ERC20TestBalance", + "source_mapping": { + "start": 165, + "length": 445, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "require(bool)(erc.balanceOf(address(this)) == 10)", + "source_mapping": { + "start": 455, + "length": 43, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 22 + ], + "starting_column": 9, + "ending_column": 52 + } + } + ] + }, + { + "check": "incorrect-equality", + "impact": "Medium", + "confidence": "High", + "description": "ERC20TestBalance.bad0 (tests/incorrect_equality.sol#21-23) uses a dangerous strict equality:\n\t- require(bool)(erc.balanceOf(address(this)) == 10)\nERC20TestBalance.bad1 (tests/incorrect_equality.sol#25-27) uses a dangerous strict equality:\n\t- require(bool)(erc.balanceOf(msg.sender) == 10)\n", + "elements": [ + { + "type": "function", + "name": "bad1", + "source_mapping": { + "start": 511, + "length": 97, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 25, + 26, + 27 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "ERC20TestBalance", + "source_mapping": { + "start": 165, + "length": 445, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "require(bool)(erc.balanceOf(msg.sender) == 10)", + "source_mapping": { + "start": 562, + "length": 39, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 26 + ], + "starting_column": 9, + "ending_column": 48 + } + } + ] + }, + { + "check": "incorrect-equality", + "impact": "Medium", + "confidence": "High", + "description": "TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality:\n\t- require(bool)(address(address(this)).balance == 10000000000000000000)\n", + "elements": [ + { + "type": "function", + "name": "bad0", + "source_mapping": { + "start": 648, + "length": 133, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 32, + 33, + 34, + 35 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "TestContractBalance", + "source_mapping": { + "start": 612, + "length": 1754, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "require(bool)(address(address(this)).balance == 10000000000000000000)", + "source_mapping": { + "start": 683, + "length": 51, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 33 + ], + "starting_column": 9, + "ending_column": 60 + } + } + ] + }, + { + "check": "incorrect-equality", + "impact": "Medium", + "confidence": "High", + "description": "TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality:\n\t- require(bool)(address(address(this)).balance == 10000000000000000000)\nTestContractBalance.bad1 (tests/incorrect_equality.sol#37-40) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(address(this)).balance)\n", + "elements": [ + { + "type": "function", + "name": "bad1", + "source_mapping": { + "start": 787, + "length": 133, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 37, + 38, + 39, + 40 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "TestContractBalance", + "source_mapping": { + "start": 612, + "length": 1754, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "require(bool)(10000000000000000000 == address(address(this)).balance)", + "source_mapping": { + "start": 822, + "length": 51, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 38 + ], + "starting_column": 9, + "ending_column": 60 + } + } + ] + }, + { + "check": "incorrect-equality", + "impact": "Medium", + "confidence": "High", + "description": "TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality:\n\t- require(bool)(address(address(this)).balance == 10000000000000000000)\nTestContractBalance.bad1 (tests/incorrect_equality.sol#37-40) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(address(this)).balance)\nTestContractBalance.bad2 (tests/incorrect_equality.sol#42-45) uses a dangerous strict equality:\n\t- require(bool)(address(this).balance == 10000000000000000000)\n", + "elements": [ + { + "type": "function", + "name": "bad2", + "source_mapping": { + "start": 926, + "length": 124, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 42, + 43, + 44, + 45 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "TestContractBalance", + "source_mapping": { + "start": 612, + "length": 1754, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "require(bool)(address(this).balance == 10000000000000000000)", + "source_mapping": { + "start": 961, + "length": 42, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 43 + ], + "starting_column": 9, + "ending_column": 51 + } + } + ] + }, + { + "check": "incorrect-equality", + "impact": "Medium", + "confidence": "High", + "description": "TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality:\n\t- require(bool)(address(address(this)).balance == 10000000000000000000)\nTestContractBalance.bad1 (tests/incorrect_equality.sol#37-40) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(address(this)).balance)\nTestContractBalance.bad2 (tests/incorrect_equality.sol#42-45) uses a dangerous strict equality:\n\t- require(bool)(address(this).balance == 10000000000000000000)\nTestContractBalance.bad3 (tests/incorrect_equality.sol#47-50) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(this).balance)\n", + "elements": [ + { + "type": "function", + "name": "bad3", + "source_mapping": { + "start": 1056, + "length": 124, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 47, + 48, + 49, + 50 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "TestContractBalance", + "source_mapping": { + "start": 612, + "length": 1754, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "require(bool)(10000000000000000000 == address(this).balance)", + "source_mapping": { + "start": 1091, + "length": 42, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 48 + ], + "starting_column": 9, + "ending_column": 51 + } + } + ] + }, + { + "check": "incorrect-equality", + "impact": "Medium", + "confidence": "High", + "description": "TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality:\n\t- require(bool)(address(address(this)).balance == 10000000000000000000)\nTestContractBalance.bad1 (tests/incorrect_equality.sol#37-40) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(address(this)).balance)\nTestContractBalance.bad2 (tests/incorrect_equality.sol#42-45) uses a dangerous strict equality:\n\t- require(bool)(address(this).balance == 10000000000000000000)\nTestContractBalance.bad3 (tests/incorrect_equality.sol#47-50) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(this).balance)\nTestContractBalance.bad4 (tests/incorrect_equality.sol#52-57) uses a dangerous strict equality:\n\t- balance == 10000000000000000000\n", + "elements": [ + { + "type": "function", + "name": "bad4", + "source_mapping": { + "start": 1186, + "length": 170, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 52, + 53, + 54, + 55, + 56, + 57 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "TestContractBalance", + "source_mapping": { + "start": 612, + "length": 1754, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "balance == 10000000000000000000", + "source_mapping": { + "start": 1270, + "length": 80, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 54, + 55, + 56 + ], + "starting_column": 9, + "ending_column": 10 + } + } + ] + }, + { + "check": "incorrect-equality", + "impact": "Medium", + "confidence": "High", + "description": "TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality:\n\t- require(bool)(address(address(this)).balance == 10000000000000000000)\nTestContractBalance.bad1 (tests/incorrect_equality.sol#37-40) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(address(this)).balance)\nTestContractBalance.bad2 (tests/incorrect_equality.sol#42-45) uses a dangerous strict equality:\n\t- require(bool)(address(this).balance == 10000000000000000000)\nTestContractBalance.bad3 (tests/incorrect_equality.sol#47-50) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(this).balance)\nTestContractBalance.bad4 (tests/incorrect_equality.sol#52-57) uses a dangerous strict equality:\n\t- balance == 10000000000000000000\nTestContractBalance.bad5 (tests/incorrect_equality.sol#59-64) uses a dangerous strict equality:\n\t- 10000000000000000000 == balance\n", + "elements": [ + { + "type": "function", + "name": "bad5", + "source_mapping": { + "start": 1362, + "length": 170, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 59, + 60, + 61, + 62, + 63, + 64 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "TestContractBalance", + "source_mapping": { + "start": 612, + "length": 1754, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "10000000000000000000 == balance", + "source_mapping": { + "start": 1446, + "length": 80, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 61, + 62, + 63 + ], + "starting_column": 9, + "ending_column": 10 + } + } + ] + }, + { + "check": "incorrect-equality", + "impact": "Medium", + "confidence": "High", + "description": "TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality:\n\t- require(bool)(address(address(this)).balance == 10000000000000000000)\nTestContractBalance.bad1 (tests/incorrect_equality.sol#37-40) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(address(this)).balance)\nTestContractBalance.bad2 (tests/incorrect_equality.sol#42-45) uses a dangerous strict equality:\n\t- require(bool)(address(this).balance == 10000000000000000000)\nTestContractBalance.bad3 (tests/incorrect_equality.sol#47-50) uses a dangerous strict equality:\n\t- require(bool)(10000000000000000000 == address(this).balance)\nTestContractBalance.bad4 (tests/incorrect_equality.sol#52-57) uses a dangerous strict equality:\n\t- balance == 10000000000000000000\nTestContractBalance.bad5 (tests/incorrect_equality.sol#59-64) uses a dangerous strict equality:\n\t- 10000000000000000000 == balance\nTestContractBalance.bad6 (tests/incorrect_equality.sol#66-71) uses a dangerous strict equality:\n\t- balance == 10000000000000000000\n", + "elements": [ + { + "type": "function", + "name": "bad6", + "source_mapping": { + "start": 1538, + "length": 179, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 66, + 67, + 68, + 69, + 70, + 71 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "TestContractBalance", + "source_mapping": { + "start": 612, + "length": 1754, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72, + 73, + 74, + 75, + 76, + 77, + 78, + 79, + 80, + 81, + 82, + 83, + 84, + 85, + 86, + 87, + 88, + 89, + 90, + 91, + 92, + 93, + 94, + 95, + 96, + 97 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "balance == 10000000000000000000", + "source_mapping": { + "start": 1631, + "length": 80, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 68, + 69, + 70 + ], + "starting_column": 9, + "ending_column": 10 + } + } + ] + }, + { + "check": "incorrect-equality", + "impact": "Medium", + "confidence": "High", + "description": "TestSolidityKeyword.bad0 (tests/incorrect_equality.sol#123-125) uses a dangerous strict equality:\n\t- require(bool)(now == 0)\n", + "elements": [ + { + "type": "function", + "name": "bad0", + "source_mapping": { + "start": 2935, + "length": 59, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 123, + 124, + 125 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "TestSolidityKeyword", + "source_mapping": { + "start": 2368, + "length": 774, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "require(bool)(now == 0)", + "source_mapping": { + "start": 2969, + "length": 18, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 124 + ], + "starting_column": 9, + "ending_column": 27 + } + } + ] + }, + { + "check": "incorrect-equality", + "impact": "Medium", + "confidence": "High", + "description": "TestSolidityKeyword.bad0 (tests/incorrect_equality.sol#123-125) uses a dangerous strict equality:\n\t- require(bool)(now == 0)\nTestSolidityKeyword.bad1 (tests/incorrect_equality.sol#127-129) uses a dangerous strict equality:\n\t- require(bool)(block.number == 0)\n", + "elements": [ + { + "type": "function", + "name": "bad1", + "source_mapping": { + "start": 3000, + "length": 66, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 127, + 128, + 129 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "TestSolidityKeyword", + "source_mapping": { + "start": 2368, + "length": 774, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "require(bool)(block.number == 0)", + "source_mapping": { + "start": 3034, + "length": 25, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 128 + ], + "starting_column": 9, + "ending_column": 34 + } + } + ] + }, + { + "check": "incorrect-equality", + "impact": "Medium", + "confidence": "High", + "description": "TestSolidityKeyword.bad0 (tests/incorrect_equality.sol#123-125) uses a dangerous strict equality:\n\t- require(bool)(now == 0)\nTestSolidityKeyword.bad1 (tests/incorrect_equality.sol#127-129) uses a dangerous strict equality:\n\t- require(bool)(block.number == 0)\nTestSolidityKeyword.bad2 (tests/incorrect_equality.sol#131-133) uses a dangerous strict equality:\n\t- require(bool)(block.number == 0)\n", + "elements": [ + { + "type": "function", + "name": "bad2", + "source_mapping": { + "start": 3072, + "length": 67, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 131, + 132, + 133 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "TestSolidityKeyword", + "source_mapping": { + "start": 2368, + "length": 774, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 99, + 100, + 101, + 102, + 103, + 104, + 105, + 106, + 107, + 108, + 109, + 110, + 111, + 112, + 113, + 114, + 115, + 116, + 117, + 118, + 119, + 120, + 121, + 122, + 123, + 124, + 125, + 126, + 127, + 128, + 129, + 130, + 131, + 132, + 133, + 134, + 135 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "require(bool)(block.number == 0)", + "source_mapping": { + "start": 3106, + "length": 26, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_relative": "tests/incorrect_equality.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_equality.sol", + "filename_short": "tests/incorrect_equality.sol", + "lines": [ + 132 + ], + "starting_column": 9, + "ending_column": 35 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/incorrect_equality.incorrect-equality.txt b/tests/expected_json/incorrect_equality.incorrect-equality.txt new file mode 100644 index 000000000..a692fa750 --- /dev/null +++ b/tests/expected_json/incorrect_equality.incorrect-equality.txt @@ -0,0 +1,77 @@ +INFO:Detectors: +ERC20TestBalance.bad0 (tests/incorrect_equality.sol#21-23) uses a dangerous strict equality: + - require(bool)(erc.balanceOf(address(this)) == 10) +ERC20TestBalance.bad0 (tests/incorrect_equality.sol#21-23) uses a dangerous strict equality: + - require(bool)(erc.balanceOf(address(this)) == 10) +ERC20TestBalance.bad1 (tests/incorrect_equality.sol#25-27) uses a dangerous strict equality: + - require(bool)(erc.balanceOf(msg.sender) == 10) +TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality: + - require(bool)(address(address(this)).balance == 10000000000000000000) +TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality: + - require(bool)(address(address(this)).balance == 10000000000000000000) +TestContractBalance.bad1 (tests/incorrect_equality.sol#37-40) uses a dangerous strict equality: + - require(bool)(10000000000000000000 == address(address(this)).balance) +TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality: + - require(bool)(address(address(this)).balance == 10000000000000000000) +TestContractBalance.bad1 (tests/incorrect_equality.sol#37-40) uses a dangerous strict equality: + - require(bool)(10000000000000000000 == address(address(this)).balance) +TestContractBalance.bad2 (tests/incorrect_equality.sol#42-45) uses a dangerous strict equality: + - require(bool)(address(this).balance == 10000000000000000000) +TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality: + - require(bool)(address(address(this)).balance == 10000000000000000000) +TestContractBalance.bad1 (tests/incorrect_equality.sol#37-40) uses a dangerous strict equality: + - require(bool)(10000000000000000000 == address(address(this)).balance) +TestContractBalance.bad2 (tests/incorrect_equality.sol#42-45) uses a dangerous strict equality: + - require(bool)(address(this).balance == 10000000000000000000) +TestContractBalance.bad3 (tests/incorrect_equality.sol#47-50) uses a dangerous strict equality: + - require(bool)(10000000000000000000 == address(this).balance) +TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality: + - require(bool)(address(address(this)).balance == 10000000000000000000) +TestContractBalance.bad1 (tests/incorrect_equality.sol#37-40) uses a dangerous strict equality: + - require(bool)(10000000000000000000 == address(address(this)).balance) +TestContractBalance.bad2 (tests/incorrect_equality.sol#42-45) uses a dangerous strict equality: + - require(bool)(address(this).balance == 10000000000000000000) +TestContractBalance.bad3 (tests/incorrect_equality.sol#47-50) uses a dangerous strict equality: + - require(bool)(10000000000000000000 == address(this).balance) +TestContractBalance.bad4 (tests/incorrect_equality.sol#52-57) uses a dangerous strict equality: + - balance == 10000000000000000000 +TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality: + - require(bool)(address(address(this)).balance == 10000000000000000000) +TestContractBalance.bad1 (tests/incorrect_equality.sol#37-40) uses a dangerous strict equality: + - require(bool)(10000000000000000000 == address(address(this)).balance) +TestContractBalance.bad2 (tests/incorrect_equality.sol#42-45) uses a dangerous strict equality: + - require(bool)(address(this).balance == 10000000000000000000) +TestContractBalance.bad3 (tests/incorrect_equality.sol#47-50) uses a dangerous strict equality: + - require(bool)(10000000000000000000 == address(this).balance) +TestContractBalance.bad4 (tests/incorrect_equality.sol#52-57) uses a dangerous strict equality: + - balance == 10000000000000000000 +TestContractBalance.bad5 (tests/incorrect_equality.sol#59-64) uses a dangerous strict equality: + - 10000000000000000000 == balance +TestContractBalance.bad0 (tests/incorrect_equality.sol#32-35) uses a dangerous strict equality: + - require(bool)(address(address(this)).balance == 10000000000000000000) +TestContractBalance.bad1 (tests/incorrect_equality.sol#37-40) uses a dangerous strict equality: + - require(bool)(10000000000000000000 == address(address(this)).balance) +TestContractBalance.bad2 (tests/incorrect_equality.sol#42-45) uses a dangerous strict equality: + - require(bool)(address(this).balance == 10000000000000000000) +TestContractBalance.bad3 (tests/incorrect_equality.sol#47-50) uses a dangerous strict equality: + - require(bool)(10000000000000000000 == address(this).balance) +TestContractBalance.bad4 (tests/incorrect_equality.sol#52-57) uses a dangerous strict equality: + - balance == 10000000000000000000 +TestContractBalance.bad5 (tests/incorrect_equality.sol#59-64) uses a dangerous strict equality: + - 10000000000000000000 == balance +TestContractBalance.bad6 (tests/incorrect_equality.sol#66-71) uses a dangerous strict equality: + - balance == 10000000000000000000 +TestSolidityKeyword.bad0 (tests/incorrect_equality.sol#123-125) uses a dangerous strict equality: + - require(bool)(now == 0) +TestSolidityKeyword.bad0 (tests/incorrect_equality.sol#123-125) uses a dangerous strict equality: + - require(bool)(now == 0) +TestSolidityKeyword.bad1 (tests/incorrect_equality.sol#127-129) uses a dangerous strict equality: + - require(bool)(block.number == 0) +TestSolidityKeyword.bad0 (tests/incorrect_equality.sol#123-125) uses a dangerous strict equality: + - require(bool)(now == 0) +TestSolidityKeyword.bad1 (tests/incorrect_equality.sol#127-129) uses a dangerous strict equality: + - require(bool)(block.number == 0) +TestSolidityKeyword.bad2 (tests/incorrect_equality.sol#131-133) uses a dangerous strict equality: + - require(bool)(block.number == 0) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-strict-equalities +INFO:Slither:tests/incorrect_equality.sol analyzed (5 contracts), 12 result(s) found diff --git a/tests/expected_json/incorrect_erc20_interface.erc20-interface.json b/tests/expected_json/incorrect_erc20_interface.erc20-interface.json index 78146275e..dceec9be7 100644 --- a/tests/expected_json/incorrect_erc20_interface.erc20-interface.json +++ b/tests/expected_json/incorrect_erc20_interface.erc20-interface.json @@ -1 +1,256 @@ -[{"check": "erc20-interface", "impact": "Medium", "confidence": "High", "description": "Token (tests/incorrect_erc20_interface.sol#3-7) has incorrect ERC20 function interface(s):\n\t-transfer (tests/incorrect_erc20_interface.sol#5)\n", "elements": [{"type": "function", "name": "transfer", "source_mapping": {"start": 47, "length": 51, "filename": "tests/incorrect_erc20_interface.sol", "lines": [5]}, "contract": {"type": "contract", "name": "Token", "source_mapping": {"start": 26, "length": 75, "filename": "tests/incorrect_erc20_interface.sol", "lines": [3, 4, 5, 6, 7]}}}]}] \ No newline at end of file +[ + { + "check": "erc20-interface", + "impact": "Medium", + "confidence": "High", + "description": "Token (tests/incorrect_erc20_interface.sol#3-10) has incorrect ERC20 function interface(s):\n\t-transfer (tests/incorrect_erc20_interface.sol#4)\n\t-approve (tests/incorrect_erc20_interface.sol#5)\n\t-transferFrom (tests/incorrect_erc20_interface.sol#6)\n\t-totalSupply (tests/incorrect_erc20_interface.sol#7)\n\t-balanceOf (tests/incorrect_erc20_interface.sol#8)\n\t-allowance (tests/incorrect_erc20_interface.sol#9)\n", + "elements": [ + { + "type": "function", + "name": "allowance", + "source_mapping": { + "start": 319, + "length": 60, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_relative": "tests/incorrect_erc20_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_short": "tests/incorrect_erc20_interface.sol", + "lines": [ + 9 + ], + "starting_column": 5, + "ending_column": 65 + }, + "contract": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 26, + "length": 355, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_relative": "tests/incorrect_erc20_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_short": "tests/incorrect_erc20_interface.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "function", + "name": "approve", + "source_mapping": { + "start": 102, + "length": 55, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_relative": "tests/incorrect_erc20_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_short": "tests/incorrect_erc20_interface.sol", + "lines": [ + 5 + ], + "starting_column": 5, + "ending_column": 60 + }, + "contract": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 26, + "length": 355, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_relative": "tests/incorrect_erc20_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_short": "tests/incorrect_erc20_interface.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "function", + "name": "balanceOf", + "source_mapping": { + "start": 273, + "length": 41, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_relative": "tests/incorrect_erc20_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_short": "tests/incorrect_erc20_interface.sol", + "lines": [ + 8 + ], + "starting_column": 5, + "ending_column": 46 + }, + "contract": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 26, + "length": 355, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_relative": "tests/incorrect_erc20_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_short": "tests/incorrect_erc20_interface.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "function", + "name": "totalSupply", + "source_mapping": { + "start": 236, + "length": 32, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_relative": "tests/incorrect_erc20_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_short": "tests/incorrect_erc20_interface.sol", + "lines": [ + 7 + ], + "starting_column": 5, + "ending_column": 37 + }, + "contract": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 26, + "length": 355, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_relative": "tests/incorrect_erc20_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_short": "tests/incorrect_erc20_interface.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "function", + "name": "transfer", + "source_mapping": { + "start": 46, + "length": 51, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_relative": "tests/incorrect_erc20_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_short": "tests/incorrect_erc20_interface.sol", + "lines": [ + 4 + ], + "starting_column": 5, + "ending_column": 56 + }, + "contract": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 26, + "length": 355, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_relative": "tests/incorrect_erc20_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_short": "tests/incorrect_erc20_interface.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "function", + "name": "transferFrom", + "source_mapping": { + "start": 162, + "length": 69, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_relative": "tests/incorrect_erc20_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_short": "tests/incorrect_erc20_interface.sol", + "lines": [ + 6 + ], + "starting_column": 5, + "ending_column": 74 + }, + "contract": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 26, + "length": 355, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_relative": "tests/incorrect_erc20_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc20_interface.sol", + "filename_short": "tests/incorrect_erc20_interface.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/incorrect_erc20_interface.erc20-interface.txt b/tests/expected_json/incorrect_erc20_interface.erc20-interface.txt new file mode 100644 index 000000000..acff5f223 --- /dev/null +++ b/tests/expected_json/incorrect_erc20_interface.erc20-interface.txt @@ -0,0 +1,10 @@ +INFO:Detectors: +Token (tests/incorrect_erc20_interface.sol#3-10) has incorrect ERC20 function interface(s): + -transfer (tests/incorrect_erc20_interface.sol#4) + -approve (tests/incorrect_erc20_interface.sol#5) + -transferFrom (tests/incorrect_erc20_interface.sol#6) + -totalSupply (tests/incorrect_erc20_interface.sol#7) + -balanceOf (tests/incorrect_erc20_interface.sol#8) + -allowance (tests/incorrect_erc20_interface.sol#9) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-erc20-interface +INFO:Slither:tests/incorrect_erc20_interface.sol analyzed (1 contracts), 1 result(s) found diff --git a/tests/expected_json/incorrect_erc721_interface.erc721-interface.json b/tests/expected_json/incorrect_erc721_interface.erc721-interface.json new file mode 100644 index 000000000..9f48193b7 --- /dev/null +++ b/tests/expected_json/incorrect_erc721_interface.erc721-interface.json @@ -0,0 +1,442 @@ +[ + { + "check": "erc721-interface", + "impact": "Medium", + "confidence": "High", + "description": "Token (tests/incorrect_erc721_interface.sol#6-16) has incorrect ERC721 function interface(s):\n\t-supportsInterface (tests/incorrect_erc721_interface.sol#4)\n\t-balanceOf (tests/incorrect_erc721_interface.sol#7)\n\t-ownerOf (tests/incorrect_erc721_interface.sol#8)\n\t-safeTransferFrom (tests/incorrect_erc721_interface.sol#9)\n\t-safeTransferFrom (tests/incorrect_erc721_interface.sol#10)\n\t-transferFrom (tests/incorrect_erc721_interface.sol#11)\n\t-approve (tests/incorrect_erc721_interface.sol#12)\n\t-setApprovalForAll (tests/incorrect_erc721_interface.sol#13)\n\t-getApproved (tests/incorrect_erc721_interface.sol#14)\n\t-isApprovedForAll (tests/incorrect_erc721_interface.sol#15)\n", + "elements": [ + { + "type": "function", + "name": "approve", + "source_mapping": { + "start": 549, + "length": 78, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 12 + ], + "starting_column": 5, + "ending_column": 83 + }, + "contract": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 109, + "length": 739, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "function", + "name": "balanceOf", + "source_mapping": { + "start": 140, + "length": 44, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 7 + ], + "starting_column": 5, + "ending_column": 49 + }, + "contract": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 109, + "length": 739, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "function", + "name": "getApproved", + "source_mapping": { + "start": 723, + "length": 48, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 14 + ], + "starting_column": 5, + "ending_column": 53 + }, + "contract": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 109, + "length": 739, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "function", + "name": "isApprovedForAll", + "source_mapping": { + "start": 776, + "length": 70, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 15 + ], + "starting_column": 5, + "ending_column": 75 + }, + "contract": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 109, + "length": 739, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "function", + "name": "ownerOf", + "source_mapping": { + "start": 189, + "length": 44, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 8 + ], + "starting_column": 5, + "ending_column": 49 + }, + "contract": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 109, + "length": 739, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "function", + "name": "safeTransferFrom", + "source_mapping": { + "start": 238, + "length": 108, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 9 + ], + "starting_column": 5, + "ending_column": 113 + }, + "contract": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 109, + "length": 739, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "function", + "name": "safeTransferFrom", + "source_mapping": { + "start": 351, + "length": 96, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 10 + ], + "starting_column": 5, + "ending_column": 101 + }, + "contract": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 109, + "length": 739, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "function", + "name": "setApprovalForAll", + "source_mapping": { + "start": 632, + "length": 86, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 13 + ], + "starting_column": 5, + "ending_column": 91 + }, + "contract": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 109, + "length": 739, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "function", + "name": "supportsInterface", + "source_mapping": { + "start": 50, + "length": 56, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 4 + ], + "starting_column": 5, + "ending_column": 61 + }, + "contract": { + "type": "contract", + "name": "IERC165", + "source_mapping": { + "start": 26, + "length": 82, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 3, + 4, + 5 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "function", + "name": "transferFrom", + "source_mapping": { + "start": 452, + "length": 92, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 11 + ], + "starting_column": 5, + "ending_column": 97 + }, + "contract": { + "type": "contract", + "name": "Token", + "source_mapping": { + "start": 109, + "length": 739, + "filename_used": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_relative": "tests/incorrect_erc721_interface.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/incorrect_erc721_interface.sol", + "filename_short": "tests/incorrect_erc721_interface.sol", + "lines": [ + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/incorrect_erc721_interface.erc721-interface.txt b/tests/expected_json/incorrect_erc721_interface.erc721-interface.txt new file mode 100644 index 000000000..76530c072 --- /dev/null +++ b/tests/expected_json/incorrect_erc721_interface.erc721-interface.txt @@ -0,0 +1,14 @@ +INFO:Detectors: +Token (tests/incorrect_erc721_interface.sol#6-16) has incorrect ERC721 function interface(s): + -supportsInterface (tests/incorrect_erc721_interface.sol#4) + -balanceOf (tests/incorrect_erc721_interface.sol#7) + -ownerOf (tests/incorrect_erc721_interface.sol#8) + -safeTransferFrom (tests/incorrect_erc721_interface.sol#9) + -safeTransferFrom (tests/incorrect_erc721_interface.sol#10) + -transferFrom (tests/incorrect_erc721_interface.sol#11) + -approve (tests/incorrect_erc721_interface.sol#12) + -setApprovalForAll (tests/incorrect_erc721_interface.sol#13) + -getApproved (tests/incorrect_erc721_interface.sol#14) + -isApprovedForAll (tests/incorrect_erc721_interface.sol#15) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-erc721-interface +INFO:Slither:tests/incorrect_erc721_interface.sol analyzed (2 contracts), 1 result(s) found diff --git a/tests/expected_json/inline_assembly_contract-0.5.1.assembly.json b/tests/expected_json/inline_assembly_contract-0.5.1.assembly.json index 920b223d7..411804ce9 100644 --- a/tests/expected_json/inline_assembly_contract-0.5.1.assembly.json +++ b/tests/expected_json/inline_assembly_contract-0.5.1.assembly.json @@ -1 +1,104 @@ -[{"check": "assembly", "impact": "Informational", "confidence": "High", "description": "GetCode.at uses assembly (tests/inline_assembly_contract-0.5.1.sol#6-20)\n\t- tests/inline_assembly_contract-0.5.1.sol#7-20\n", "elements": [{"type": "function", "name": "at", "source_mapping": {"start": 119, "length": 707, "filename": "tests/inline_assembly_contract-0.5.1.sol", "lines": [6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20]}, "contract": {"type": "contract", "name": "GetCode", "source_mapping": {"start": 97, "length": 731, "filename": "tests/inline_assembly_contract-0.5.1.sol", "lines": [5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21]}}}, {"type": "expression", "expression": "None", "source_mapping": {"start": 198, "length": 628, "filename": "tests/inline_assembly_contract-0.5.1.sol", "lines": [7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20]}}]}] \ No newline at end of file +[ + { + "check": "assembly", + "impact": "Informational", + "confidence": "High", + "description": "GetCode.at uses assembly (tests/inline_assembly_contract-0.5.1.sol#6-20)\n\t- tests/inline_assembly_contract-0.5.1.sol#7-20\n", + "elements": [ + { + "type": "function", + "name": "at", + "source_mapping": { + "start": 119, + "length": 707, + "filename_used": "/home/travis/build/crytic/slither/tests/inline_assembly_contract-0.5.1.sol", + "filename_relative": "tests/inline_assembly_contract-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/inline_assembly_contract-0.5.1.sol", + "filename_short": "tests/inline_assembly_contract-0.5.1.sol", + "lines": [ + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "GetCode", + "source_mapping": { + "start": 97, + "length": 731, + "filename_used": "/home/travis/build/crytic/slither/tests/inline_assembly_contract-0.5.1.sol", + "filename_relative": "tests/inline_assembly_contract-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/inline_assembly_contract-0.5.1.sol", + "filename_short": "tests/inline_assembly_contract-0.5.1.sol", + "lines": [ + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "None", + "source_mapping": { + "start": 198, + "length": 628, + "filename_used": "/home/travis/build/crytic/slither/tests/inline_assembly_contract-0.5.1.sol", + "filename_relative": "tests/inline_assembly_contract-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/inline_assembly_contract-0.5.1.sol", + "filename_short": "tests/inline_assembly_contract-0.5.1.sol", + "lines": [ + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20 + ], + "starting_column": 9, + "ending_column": 6 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/inline_assembly_contract-0.5.1.assembly.txt b/tests/expected_json/inline_assembly_contract-0.5.1.assembly.txt new file mode 100644 index 000000000..40b941a00 --- /dev/null +++ b/tests/expected_json/inline_assembly_contract-0.5.1.assembly.txt @@ -0,0 +1,5 @@ +INFO:Detectors: +GetCode.at uses assembly (tests/inline_assembly_contract-0.5.1.sol#6-20) + - tests/inline_assembly_contract-0.5.1.sol#7-20 +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage +INFO:Slither:tests/inline_assembly_contract-0.5.1.sol analyzed (1 contracts), 1 result(s) found diff --git a/tests/expected_json/inline_assembly_contract.assembly.json b/tests/expected_json/inline_assembly_contract.assembly.json index 451380122..5ff73de62 100644 --- a/tests/expected_json/inline_assembly_contract.assembly.json +++ b/tests/expected_json/inline_assembly_contract.assembly.json @@ -1 +1,104 @@ -[{"check": "assembly", "impact": "Informational", "confidence": "High", "description": "GetCode.at uses assembly (tests/inline_assembly_contract.sol#6-20)\n\t- tests/inline_assembly_contract.sol#7-20\n", "elements": [{"type": "function", "name": "at", "source_mapping": {"start": 119, "length": 700, "filename": "tests/inline_assembly_contract.sol", "lines": [6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20]}, "contract": {"type": "contract", "name": "GetCode", "source_mapping": {"start": 97, "length": 724, "filename": "tests/inline_assembly_contract.sol", "lines": [5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21]}}}, {"type": "expression", "expression": "None", "source_mapping": {"start": 191, "length": 628, "filename": "tests/inline_assembly_contract.sol", "lines": [7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20]}}]}] \ No newline at end of file +[ + { + "check": "assembly", + "impact": "Informational", + "confidence": "High", + "description": "GetCode.at uses assembly (tests/inline_assembly_contract.sol#6-20)\n\t- tests/inline_assembly_contract.sol#7-20\n", + "elements": [ + { + "type": "function", + "name": "at", + "source_mapping": { + "start": 119, + "length": 700, + "filename_used": "/home/travis/build/crytic/slither/tests/inline_assembly_contract.sol", + "filename_relative": "tests/inline_assembly_contract.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/inline_assembly_contract.sol", + "filename_short": "tests/inline_assembly_contract.sol", + "lines": [ + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "GetCode", + "source_mapping": { + "start": 97, + "length": 724, + "filename_used": "/home/travis/build/crytic/slither/tests/inline_assembly_contract.sol", + "filename_relative": "tests/inline_assembly_contract.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/inline_assembly_contract.sol", + "filename_short": "tests/inline_assembly_contract.sol", + "lines": [ + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "None", + "source_mapping": { + "start": 191, + "length": 628, + "filename_used": "/home/travis/build/crytic/slither/tests/inline_assembly_contract.sol", + "filename_relative": "tests/inline_assembly_contract.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/inline_assembly_contract.sol", + "filename_short": "tests/inline_assembly_contract.sol", + "lines": [ + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20 + ], + "starting_column": 9, + "ending_column": 6 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/inline_assembly_contract.assembly.txt b/tests/expected_json/inline_assembly_contract.assembly.txt new file mode 100644 index 000000000..197ec10b1 --- /dev/null +++ b/tests/expected_json/inline_assembly_contract.assembly.txt @@ -0,0 +1,5 @@ +INFO:Detectors: +GetCode.at uses assembly (tests/inline_assembly_contract.sol#6-20) + - tests/inline_assembly_contract.sol#7-20 +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage +INFO:Slither:tests/inline_assembly_contract.sol analyzed (1 contracts), 1 result(s) found diff --git a/tests/expected_json/inline_assembly_library-0.5.1.assembly.json b/tests/expected_json/inline_assembly_library-0.5.1.assembly.json index 4c6dbf765..6e35724ff 100644 --- a/tests/expected_json/inline_assembly_library-0.5.1.assembly.json +++ b/tests/expected_json/inline_assembly_library-0.5.1.assembly.json @@ -1 +1,258 @@ -[{"check": "assembly", "impact": "Informational", "confidence": "High", "description": "VectorSum.sumAsm uses assembly (tests/inline_assembly_library-0.5.1.sol#16-22)\n\t- tests/inline_assembly_library-0.5.1.sol#18-21\n", "elements": [{"type": "function", "name": "sumAsm", "source_mapping": {"start": 599, "length": 254, "filename": "tests/inline_assembly_library-0.5.1.sol", "lines": [16, 17, 18, 19, 20, 21, 22]}, "contract": {"type": "contract", "name": "VectorSum", "source_mapping": {"start": 97, "length": 1602, "filename": "tests/inline_assembly_library-0.5.1.sol", "lines": [5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48]}}}, {"type": "expression", "expression": "None", "source_mapping": {"start": 733, "length": 114, "filename": "tests/inline_assembly_library-0.5.1.sol", "lines": [18, 19, 20, 21]}}]}, {"check": "assembly", "impact": "Informational", "confidence": "High", "description": "VectorSum.sumPureAsm uses assembly (tests/inline_assembly_library-0.5.1.sol#25-47)\n\t- tests/inline_assembly_library-0.5.1.sol#26-47\n", "elements": [{"type": "function", "name": "sumPureAsm", "source_mapping": {"start": 936, "length": 761, "filename": "tests/inline_assembly_library-0.5.1.sol", "lines": [25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47]}, "contract": {"type": "contract", "name": "VectorSum", "source_mapping": {"start": 97, "length": 1602, "filename": "tests/inline_assembly_library-0.5.1.sol", "lines": [5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48]}}}, {"type": "expression", "expression": "None", "source_mapping": {"start": 1020, "length": 677, "filename": "tests/inline_assembly_library-0.5.1.sol", "lines": [26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47]}}]}] \ No newline at end of file +[ + { + "check": "assembly", + "impact": "Informational", + "confidence": "High", + "description": "VectorSum.sumAsm uses assembly (tests/inline_assembly_library-0.5.1.sol#16-22)\n\t- tests/inline_assembly_library-0.5.1.sol#18-21\n", + "elements": [ + { + "type": "function", + "name": "sumAsm", + "source_mapping": { + "start": 599, + "length": 254, + "filename_used": "/home/travis/build/crytic/slither/tests/inline_assembly_library-0.5.1.sol", + "filename_relative": "tests/inline_assembly_library-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/inline_assembly_library-0.5.1.sol", + "filename_short": "tests/inline_assembly_library-0.5.1.sol", + "lines": [ + 16, + 17, + 18, + 19, + 20, + 21, + 22 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "VectorSum", + "source_mapping": { + "start": 97, + "length": 1602, + "filename_used": "/home/travis/build/crytic/slither/tests/inline_assembly_library-0.5.1.sol", + "filename_relative": "tests/inline_assembly_library-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/inline_assembly_library-0.5.1.sol", + "filename_short": "tests/inline_assembly_library-0.5.1.sol", + "lines": [ + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "None", + "source_mapping": { + "start": 733, + "length": 114, + "filename_used": "/home/travis/build/crytic/slither/tests/inline_assembly_library-0.5.1.sol", + "filename_relative": "tests/inline_assembly_library-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/inline_assembly_library-0.5.1.sol", + "filename_short": "tests/inline_assembly_library-0.5.1.sol", + "lines": [ + 18, + 19, + 20, + 21 + ], + "starting_column": 13, + "ending_column": 10 + } + } + ] + }, + { + "check": "assembly", + "impact": "Informational", + "confidence": "High", + "description": "VectorSum.sumPureAsm uses assembly (tests/inline_assembly_library-0.5.1.sol#25-47)\n\t- tests/inline_assembly_library-0.5.1.sol#26-47\n", + "elements": [ + { + "type": "function", + "name": "sumPureAsm", + "source_mapping": { + "start": 936, + "length": 761, + "filename_used": "/home/travis/build/crytic/slither/tests/inline_assembly_library-0.5.1.sol", + "filename_relative": "tests/inline_assembly_library-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/inline_assembly_library-0.5.1.sol", + "filename_short": "tests/inline_assembly_library-0.5.1.sol", + "lines": [ + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "VectorSum", + "source_mapping": { + "start": 97, + "length": 1602, + "filename_used": "/home/travis/build/crytic/slither/tests/inline_assembly_library-0.5.1.sol", + "filename_relative": "tests/inline_assembly_library-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/inline_assembly_library-0.5.1.sol", + "filename_short": "tests/inline_assembly_library-0.5.1.sol", + "lines": [ + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "None", + "source_mapping": { + "start": 1020, + "length": 677, + "filename_used": "/home/travis/build/crytic/slither/tests/inline_assembly_library-0.5.1.sol", + "filename_relative": "tests/inline_assembly_library-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/inline_assembly_library-0.5.1.sol", + "filename_short": "tests/inline_assembly_library-0.5.1.sol", + "lines": [ + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47 + ], + "starting_column": 9, + "ending_column": 6 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/inline_assembly_library-0.5.1.assembly.txt b/tests/expected_json/inline_assembly_library-0.5.1.assembly.txt new file mode 100644 index 000000000..ca8bb59ea --- /dev/null +++ b/tests/expected_json/inline_assembly_library-0.5.1.assembly.txt @@ -0,0 +1,7 @@ +INFO:Detectors: +VectorSum.sumAsm uses assembly (tests/inline_assembly_library-0.5.1.sol#16-22) + - tests/inline_assembly_library-0.5.1.sol#18-21 +VectorSum.sumPureAsm uses assembly (tests/inline_assembly_library-0.5.1.sol#25-47) + - tests/inline_assembly_library-0.5.1.sol#26-47 +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage +INFO:Slither:tests/inline_assembly_library-0.5.1.sol analyzed (1 contracts), 2 result(s) found diff --git a/tests/expected_json/inline_assembly_library.assembly.json b/tests/expected_json/inline_assembly_library.assembly.json index 798192af3..b62b14efc 100644 --- a/tests/expected_json/inline_assembly_library.assembly.json +++ b/tests/expected_json/inline_assembly_library.assembly.json @@ -1 +1,258 @@ -[{"check": "assembly", "impact": "Informational", "confidence": "High", "description": "VectorSum.sumAsm uses assembly (tests/inline_assembly_library.sol#16-22)\n\t- tests/inline_assembly_library.sol#18-21\n", "elements": [{"type": "function", "name": "sumAsm", "source_mapping": {"start": 593, "length": 247, "filename": "tests/inline_assembly_library.sol", "lines": [16, 17, 18, 19, 20, 21, 22]}, "contract": {"type": "contract", "name": "VectorSum", "source_mapping": {"start": 98, "length": 1581, "filename": "tests/inline_assembly_library.sol", "lines": [5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48]}}}, {"type": "expression", "expression": "None", "source_mapping": {"start": 720, "length": 114, "filename": "tests/inline_assembly_library.sol", "lines": [18, 19, 20, 21]}}]}, {"check": "assembly", "impact": "Informational", "confidence": "High", "description": "VectorSum.sumPureAsm uses assembly (tests/inline_assembly_library.sol#25-47)\n\t- tests/inline_assembly_library.sol#26-47\n", "elements": [{"type": "function", "name": "sumPureAsm", "source_mapping": {"start": 923, "length": 754, "filename": "tests/inline_assembly_library.sol", "lines": [25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47]}, "contract": {"type": "contract", "name": "VectorSum", "source_mapping": {"start": 98, "length": 1581, "filename": "tests/inline_assembly_library.sol", "lines": [5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48]}}}, {"type": "expression", "expression": "None", "source_mapping": {"start": 1000, "length": 677, "filename": "tests/inline_assembly_library.sol", "lines": [26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47]}}]}] \ No newline at end of file +[ + { + "check": "assembly", + "impact": "Informational", + "confidence": "High", + "description": "VectorSum.sumAsm uses assembly (tests/inline_assembly_library.sol#16-22)\n\t- tests/inline_assembly_library.sol#18-21\n", + "elements": [ + { + "type": "function", + "name": "sumAsm", + "source_mapping": { + "start": 593, + "length": 247, + "filename_used": "/home/travis/build/crytic/slither/tests/inline_assembly_library.sol", + "filename_relative": "tests/inline_assembly_library.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/inline_assembly_library.sol", + "filename_short": "tests/inline_assembly_library.sol", + "lines": [ + 16, + 17, + 18, + 19, + 20, + 21, + 22 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "VectorSum", + "source_mapping": { + "start": 98, + "length": 1581, + "filename_used": "/home/travis/build/crytic/slither/tests/inline_assembly_library.sol", + "filename_relative": "tests/inline_assembly_library.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/inline_assembly_library.sol", + "filename_short": "tests/inline_assembly_library.sol", + "lines": [ + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "None", + "source_mapping": { + "start": 720, + "length": 114, + "filename_used": "/home/travis/build/crytic/slither/tests/inline_assembly_library.sol", + "filename_relative": "tests/inline_assembly_library.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/inline_assembly_library.sol", + "filename_short": "tests/inline_assembly_library.sol", + "lines": [ + 18, + 19, + 20, + 21 + ], + "starting_column": 13, + "ending_column": 10 + } + } + ] + }, + { + "check": "assembly", + "impact": "Informational", + "confidence": "High", + "description": "VectorSum.sumPureAsm uses assembly (tests/inline_assembly_library.sol#25-47)\n\t- tests/inline_assembly_library.sol#26-47\n", + "elements": [ + { + "type": "function", + "name": "sumPureAsm", + "source_mapping": { + "start": 923, + "length": 754, + "filename_used": "/home/travis/build/crytic/slither/tests/inline_assembly_library.sol", + "filename_relative": "tests/inline_assembly_library.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/inline_assembly_library.sol", + "filename_short": "tests/inline_assembly_library.sol", + "lines": [ + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "VectorSum", + "source_mapping": { + "start": 98, + "length": 1581, + "filename_used": "/home/travis/build/crytic/slither/tests/inline_assembly_library.sol", + "filename_relative": "tests/inline_assembly_library.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/inline_assembly_library.sol", + "filename_short": "tests/inline_assembly_library.sol", + "lines": [ + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "None", + "source_mapping": { + "start": 1000, + "length": 677, + "filename_used": "/home/travis/build/crytic/slither/tests/inline_assembly_library.sol", + "filename_relative": "tests/inline_assembly_library.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/inline_assembly_library.sol", + "filename_short": "tests/inline_assembly_library.sol", + "lines": [ + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47 + ], + "starting_column": 9, + "ending_column": 6 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/inline_assembly_library.assembly.txt b/tests/expected_json/inline_assembly_library.assembly.txt new file mode 100644 index 000000000..f8768203e --- /dev/null +++ b/tests/expected_json/inline_assembly_library.assembly.txt @@ -0,0 +1,7 @@ +INFO:Detectors: +VectorSum.sumAsm uses assembly (tests/inline_assembly_library.sol#16-22) + - tests/inline_assembly_library.sol#18-21 +VectorSum.sumPureAsm uses assembly (tests/inline_assembly_library.sol#25-47) + - tests/inline_assembly_library.sol#26-47 +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage +INFO:Slither:tests/inline_assembly_library.sol analyzed (1 contracts), 2 result(s) found diff --git a/tests/expected_json/locked_ether-0.5.1.locked-ether.json b/tests/expected_json/locked_ether-0.5.1.locked-ether.json index d09df5296..e6344b3e1 100644 --- a/tests/expected_json/locked_ether-0.5.1.locked-ether.json +++ b/tests/expected_json/locked_ether-0.5.1.locked-ether.json @@ -1 +1,69 @@ -[{"check": "locked-ether", "impact": "Medium", "confidence": "High", "description": "Contract locking ether found in tests/locked_ether-0.5.1.sol:\n\tContract OnlyLocked has payable functions:\n\t - receive (tests/locked_ether-0.5.1.sol#4-6)\n\tBut has not function to withdraw the ether\n", "elements": [{"type": "function", "name": "receive", "source_mapping": {"start": 46, "length": 72, "filename": "tests/locked_ether-0.5.1.sol", "lines": [4, 5, 6]}, "contract": {"type": "contract", "name": "Locked", "source_mapping": {"start": 24, "length": 97, "filename": "tests/locked_ether-0.5.1.sol", "lines": [2, 3, 4, 5, 6, 7, 8]}}}, {"type": "contract", "name": "OnlyLocked", "source_mapping": {"start": 375, "length": 32, "filename": "tests/locked_ether-0.5.1.sol", "lines": [26]}}]}] \ No newline at end of file +[ + { + "check": "locked-ether", + "impact": "Medium", + "confidence": "High", + "description": "Contract locking ether found in :\n\tContract OnlyLocked has payable functions:\n\t - receive (tests/locked_ether-0.5.1.sol#4-6)\n\tBut does not have a function to withdraw the ether\n", + "elements": [ + { + "type": "function", + "name": "receive", + "source_mapping": { + "start": 46, + "length": 72, + "filename_used": "/home/travis/build/crytic/slither/tests/locked_ether-0.5.1.sol", + "filename_relative": "tests/locked_ether-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/locked_ether-0.5.1.sol", + "filename_short": "tests/locked_ether-0.5.1.sol", + "lines": [ + 4, + 5, + 6 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Locked", + "source_mapping": { + "start": 24, + "length": 97, + "filename_used": "/home/travis/build/crytic/slither/tests/locked_ether-0.5.1.sol", + "filename_relative": "tests/locked_ether-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/locked_ether-0.5.1.sol", + "filename_short": "tests/locked_ether-0.5.1.sol", + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "contract", + "name": "OnlyLocked", + "source_mapping": { + "start": 375, + "length": 32, + "filename_used": "/home/travis/build/crytic/slither/tests/locked_ether-0.5.1.sol", + "filename_relative": "tests/locked_ether-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/locked_ether-0.5.1.sol", + "filename_short": "tests/locked_ether-0.5.1.sol", + "lines": [ + 26 + ], + "starting_column": 1, + "ending_column": 33 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/locked_ether-0.5.1.locked-ether.txt b/tests/expected_json/locked_ether-0.5.1.locked-ether.txt new file mode 100644 index 000000000..1d0fa6d3b --- /dev/null +++ b/tests/expected_json/locked_ether-0.5.1.locked-ether.txt @@ -0,0 +1,7 @@ +INFO:Detectors: +Contract locking ether found in : + Contract OnlyLocked has payable functions: + - receive (tests/locked_ether-0.5.1.sol#4-6) + But does not have a function to withdraw the ether +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#contracts-that-lock-ether +INFO:Slither:tests/locked_ether-0.5.1.sol analyzed (4 contracts), 1 result(s) found diff --git a/tests/expected_json/locked_ether.locked-ether.json b/tests/expected_json/locked_ether.locked-ether.json index 660bf977d..951c8201e 100644 --- a/tests/expected_json/locked_ether.locked-ether.json +++ b/tests/expected_json/locked_ether.locked-ether.json @@ -1 +1,69 @@ -[{"check": "locked-ether", "impact": "Medium", "confidence": "High", "description": "Contract locking ether found in tests/locked_ether.sol:\n\tContract OnlyLocked has payable functions:\n\t - receive (tests/locked_ether.sol#4-6)\n\tBut has not function to withdraw the ether\n", "elements": [{"type": "function", "name": "receive", "source_mapping": {"start": 47, "length": 72, "filename": "tests/locked_ether.sol", "lines": [4, 5, 6]}, "contract": {"type": "contract", "name": "Locked", "source_mapping": {"start": 25, "length": 97, "filename": "tests/locked_ether.sol", "lines": [2, 3, 4, 5, 6, 7, 8]}}}, {"type": "contract", "name": "OnlyLocked", "source_mapping": {"start": 368, "length": 32, "filename": "tests/locked_ether.sol", "lines": [26]}}]}] \ No newline at end of file +[ + { + "check": "locked-ether", + "impact": "Medium", + "confidence": "High", + "description": "Contract locking ether found in :\n\tContract OnlyLocked has payable functions:\n\t - receive (tests/locked_ether.sol#4-6)\n\tBut does not have a function to withdraw the ether\n", + "elements": [ + { + "type": "function", + "name": "receive", + "source_mapping": { + "start": 47, + "length": 72, + "filename_used": "/home/travis/build/crytic/slither/tests/locked_ether.sol", + "filename_relative": "tests/locked_ether.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/locked_ether.sol", + "filename_short": "tests/locked_ether.sol", + "lines": [ + 4, + 5, + 6 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Locked", + "source_mapping": { + "start": 25, + "length": 97, + "filename_used": "/home/travis/build/crytic/slither/tests/locked_ether.sol", + "filename_relative": "tests/locked_ether.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/locked_ether.sol", + "filename_short": "tests/locked_ether.sol", + "lines": [ + 2, + 3, + 4, + 5, + 6, + 7, + 8 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "contract", + "name": "OnlyLocked", + "source_mapping": { + "start": 368, + "length": 32, + "filename_used": "/home/travis/build/crytic/slither/tests/locked_ether.sol", + "filename_relative": "tests/locked_ether.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/locked_ether.sol", + "filename_short": "tests/locked_ether.sol", + "lines": [ + 26 + ], + "starting_column": 1, + "ending_column": 33 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/locked_ether.locked-ether.txt b/tests/expected_json/locked_ether.locked-ether.txt new file mode 100644 index 000000000..a27ff383b --- /dev/null +++ b/tests/expected_json/locked_ether.locked-ether.txt @@ -0,0 +1,7 @@ +INFO:Detectors: +Contract locking ether found in : + Contract OnlyLocked has payable functions: + - receive (tests/locked_ether.sol#4-6) + But does not have a function to withdraw the ether +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#contracts-that-lock-ether +INFO:Slither:tests/locked_ether.sol analyzed (4 contracts), 1 result(s) found diff --git a/tests/expected_json/low_level_calls.low-level-calls.json b/tests/expected_json/low_level_calls.low-level-calls.json index 65dd9ed33..b39cd3c89 100644 --- a/tests/expected_json/low_level_calls.low-level-calls.json +++ b/tests/expected_json/low_level_calls.low-level-calls.json @@ -1 +1,67 @@ -[{"check": "low-level-calls", "impact": "Informational", "confidence": "High", "description": "Low level call in Sender.send (tests/low_level_calls.sol#5-7):\n\t-_receiver.call.value(msg.value).gas(7777)() tests/low_level_calls.sol#6\n", "elements": [{"type": "function", "name": "send", "source_mapping": {"start": 51, "length": 112, "filename": "tests/low_level_calls.sol", "lines": [5, 6, 7]}, "contract": {"type": "contract", "name": "Sender", "source_mapping": {"start": 29, "length": 136, "filename": "tests/low_level_calls.sol", "lines": [4, 5, 6, 7, 8]}}}, {"type": "expression", "expression": "_receiver.call.value(msg.value).gas(7777)()", "source_mapping": {"start": 111, "length": 45, "filename": "tests/low_level_calls.sol", "lines": [6]}}]}] \ No newline at end of file +[ + { + "check": "low-level-calls", + "impact": "Informational", + "confidence": "High", + "description": "Low level call in Sender.send (tests/low_level_calls.sol#5-7):\n\t-_receiver.call.value(msg.value).gas(7777)() tests/low_level_calls.sol#6\n", + "elements": [ + { + "type": "function", + "name": "send", + "source_mapping": { + "start": 51, + "length": 112, + "filename_used": "/home/travis/build/crytic/slither/tests/low_level_calls.sol", + "filename_relative": "tests/low_level_calls.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/low_level_calls.sol", + "filename_short": "tests/low_level_calls.sol", + "lines": [ + 5, + 6, + 7 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Sender", + "source_mapping": { + "start": 29, + "length": 136, + "filename_used": "/home/travis/build/crytic/slither/tests/low_level_calls.sol", + "filename_relative": "tests/low_level_calls.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/low_level_calls.sol", + "filename_short": "tests/low_level_calls.sol", + "lines": [ + 4, + 5, + 6, + 7, + 8 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "_receiver.call.value(msg.value).gas(7777)()", + "source_mapping": { + "start": 111, + "length": 45, + "filename_used": "/home/travis/build/crytic/slither/tests/low_level_calls.sol", + "filename_relative": "tests/low_level_calls.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/low_level_calls.sol", + "filename_short": "tests/low_level_calls.sol", + "lines": [ + 6 + ], + "starting_column": 9, + "ending_column": 54 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/low_level_calls.low-level-calls.txt b/tests/expected_json/low_level_calls.low-level-calls.txt new file mode 100644 index 000000000..d80302cdc --- /dev/null +++ b/tests/expected_json/low_level_calls.low-level-calls.txt @@ -0,0 +1,5 @@ +INFO:Detectors: +Low level call in Sender.send (tests/low_level_calls.sol#5-7): + -_receiver.call.value(msg.value).gas(7777)() tests/low_level_calls.sol#6 +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls +INFO:Slither:tests/low_level_calls.sol analyzed (2 contracts), 1 result(s) found diff --git a/tests/expected_json/multiple_calls_in_loop.calls-loop.json b/tests/expected_json/multiple_calls_in_loop.calls-loop.json index 406df37ea..5744f7759 100644 --- a/tests/expected_json/multiple_calls_in_loop.calls-loop.json +++ b/tests/expected_json/multiple_calls_in_loop.calls-loop.json @@ -1 +1,79 @@ -[{"check": "calls-loop", "impact": "Low", "confidence": "Medium", "description": "CallInLoop.bad has external calls inside a loop:\n\t- destinations[i].transfer(i) (tests/multiple_calls_in_loop.sol#11)\n", "elements": [{"type": "function", "name": "bad", "source_mapping": {"start": 153, "length": 135, "filename": "tests/multiple_calls_in_loop.sol", "lines": [9, 10, 11, 12, 13]}, "contract": {"type": "contract", "name": "CallInLoop", "source_mapping": {"start": 0, "length": 291, "filename": "tests/multiple_calls_in_loop.sol", "lines": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15]}}}, {"type": "expression", "expression": "destinations[i].transfer(i)", "source_mapping": {"start": 244, "length": 27, "filename": "tests/multiple_calls_in_loop.sol", "lines": [11]}}]}] \ No newline at end of file +[ + { + "check": "calls-loop", + "impact": "Low", + "confidence": "Medium", + "description": "CallInLoop.bad has external calls inside a loop:\n\t- destinations[i].transfer(i) (tests/multiple_calls_in_loop.sol#11)\n", + "elements": [ + { + "type": "function", + "name": "bad", + "source_mapping": { + "start": 153, + "length": 135, + "filename_used": "/home/travis/build/crytic/slither/tests/multiple_calls_in_loop.sol", + "filename_relative": "tests/multiple_calls_in_loop.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/multiple_calls_in_loop.sol", + "filename_short": "tests/multiple_calls_in_loop.sol", + "lines": [ + 9, + 10, + 11, + 12, + 13 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "CallInLoop", + "source_mapping": { + "start": 0, + "length": 291, + "filename_used": "/home/travis/build/crytic/slither/tests/multiple_calls_in_loop.sol", + "filename_relative": "tests/multiple_calls_in_loop.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/multiple_calls_in_loop.sol", + "filename_short": "tests/multiple_calls_in_loop.sol", + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "destinations[i].transfer(i)", + "source_mapping": { + "start": 244, + "length": 27, + "filename_used": "/home/travis/build/crytic/slither/tests/multiple_calls_in_loop.sol", + "filename_relative": "tests/multiple_calls_in_loop.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/multiple_calls_in_loop.sol", + "filename_short": "tests/multiple_calls_in_loop.sol", + "lines": [ + 11 + ], + "starting_column": 13, + "ending_column": 40 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/multiple_calls_in_loop.calls-loop.txt b/tests/expected_json/multiple_calls_in_loop.calls-loop.txt new file mode 100644 index 000000000..217cf9ce7 --- /dev/null +++ b/tests/expected_json/multiple_calls_in_loop.calls-loop.txt @@ -0,0 +1,5 @@ +INFO:Detectors: +CallInLoop.bad has external calls inside a loop: + - destinations[i].transfer(i) (tests/multiple_calls_in_loop.sol#11) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation/_edit#calls-inside-a-loop +INFO:Slither:tests/multiple_calls_in_loop.sol analyzed (1 contracts), 1 result(s) found diff --git a/tests/expected_json/naming_convention.naming-convention.json b/tests/expected_json/naming_convention.naming-convention.json index 4ce30fe63..bb0e83712 100644 --- a/tests/expected_json/naming_convention.naming-convention.json +++ b/tests/expected_json/naming_convention.naming-convention.json @@ -1 +1,366 @@ -[{"check": "naming-convention", "impact": "Informational", "confidence": "High", "description": "Contract 'naming' (tests/naming_convention.sol#3-48) is not in CapWords\n", "elements": [{"target": "contract", "convention": "CapWords", "name": "naming", "source_mapping": {"start": 28, "length": 642, "filename": "tests/naming_convention.sol", "lines": [3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48]}}]}, {"check": "naming-convention", "impact": "Informational", "confidence": "High", "description": "Struct 'naming.test' (tests/naming_convention.sol#14-16) is not in CapWords\n", "elements": [{"target": "structure", "convention": "CapWords", "name": "test", "source_mapping": {"start": 229, "length": 35, "filename": "tests/naming_convention.sol", "lines": [14, 15, 16]}}]}, {"check": "naming-convention", "impact": "Informational", "confidence": "High", "description": "Event 'naming.event_' (tests/naming_convention.sol#23) is not in CapWords\n", "elements": [{"target": "event", "convention": "CapWords", "name": "event_", "source_mapping": {"start": 335, "length": 19, "filename": "tests/naming_convention.sol", "lines": [23]}}]}, {"check": "naming-convention", "impact": "Informational", "confidence": "High", "description": "Function 'naming.GetOne' (tests/naming_convention.sol#30-33) is not in mixedCase\n", "elements": [{"target": "function", "convention": "mixedCase", "name": "GetOne", "source_mapping": {"start": 440, "length": 75, "filename": "tests/naming_convention.sol", "lines": [30, 31, 32, 33]}}]}, {"check": "naming-convention", "impact": "Informational", "confidence": "High", "description": "Parameter 'Number2' of naming.setInt (tests/naming_convention.sol#35) is not in mixedCase\n", "elements": [{"target": "parameter", "convention": "mixedCase", "name": "Number2", "source_mapping": {"start": 551, "length": 12, "filename": "tests/naming_convention.sol", "lines": [35]}}]}, {"check": "naming-convention", "impact": "Informational", "confidence": "High", "description": "Constant 'naming.MY_other_CONSTANT' (tests/naming_convention.sol#9) is not in UPPER_CASE_WITH_UNDERSCORES\n", "elements": [{"target": "variable_constant", "convention": "UPPER_CASE_WITH_UNDERSCORES", "name": "MY_other_CONSTANT", "source_mapping": {"start": 143, "length": 35, "filename": "tests/naming_convention.sol", "lines": [9]}}]}, {"check": "naming-convention", "impact": "Informational", "confidence": "High", "description": "Variable 'naming.Var_One' (tests/naming_convention.sol#11) is not in mixedCase\n", "elements": [{"target": "variable", "convention": "mixedCase", "name": "Var_One", "source_mapping": {"start": 185, "length": 16, "filename": "tests/naming_convention.sol", "lines": [11]}}]}, {"check": "naming-convention", "impact": "Informational", "confidence": "High", "description": "Enum 'naming.numbers' (tests/naming_convention.sol#6) is not in CapWords\n", "elements": [{"target": "enum", "convention": "CapWords", "name": "numbers", "source_mapping": {"start": 79, "length": 23, "filename": "tests/naming_convention.sol", "lines": [6]}}]}, {"check": "naming-convention", "impact": "Informational", "confidence": "High", "description": "Modifier 'naming.CantDo' (tests/naming_convention.sol#41-43) is not in mixedCase\n", "elements": [{"target": "modifier", "convention": "mixedCase", "name": "CantDo", "source_mapping": {"start": 591, "length": 36, "filename": "tests/naming_convention.sol", "lines": [41, 42, 43]}}]}, {"check": "naming-convention", "impact": "Informational", "confidence": "High", "description": "Parameter '_used' of T.test (tests/naming_convention.sol#59) is not in mixedCase\n", "elements": [{"target": "parameter", "convention": "mixedCase", "name": "_used", "source_mapping": {"start": 794, "length": 10, "filename": "tests/naming_convention.sol", "lines": [59]}}]}, {"check": "naming-convention", "impact": "Informational", "confidence": "High", "description": "Variable 'T._myPublicVar' (tests/naming_convention.sol#56) is not in mixedCase\n", "elements": [{"target": "variable", "convention": "mixedCase", "name": "_myPublicVar", "source_mapping": {"start": 741, "length": 17, "filename": "tests/naming_convention.sol", "lines": [56]}}]}, {"check": "naming-convention", "impact": "Informational", "confidence": "High", "description": "Variable 'T.l' (tests/naming_convention.sol#67) used l, O, I, which should not be used\n", "elements": [{"target": "variable", "convention": "l_O_I_should_not_be_used", "name": "l", "source_mapping": {"start": 900, "length": 10, "filename": "tests/naming_convention.sol", "lines": [67]}}]}] \ No newline at end of file +[ + { + "check": "naming-convention", + "impact": "Informational", + "confidence": "High", + "description": "Contract 'naming' (tests/naming_convention.sol#3-48) is not in CapWords\n", + "elements": [ + { + "target": "contract", + "convention": "CapWords", + "name": "naming", + "source_mapping": { + "start": 28, + "length": 642, + "filename_used": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_relative": "tests/naming_convention.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_short": "tests/naming_convention.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48 + ], + "starting_column": 1, + "ending_column": 2 + } + } + ] + }, + { + "check": "naming-convention", + "impact": "Informational", + "confidence": "High", + "description": "Struct 'naming.test' (tests/naming_convention.sol#14-16) is not in CapWords\n", + "elements": [ + { + "target": "structure", + "convention": "CapWords", + "name": "test", + "source_mapping": { + "start": 229, + "length": 35, + "filename_used": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_relative": "tests/naming_convention.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_short": "tests/naming_convention.sol", + "lines": [ + 14, + 15, + 16 + ], + "starting_column": 5, + "ending_column": 6 + } + } + ] + }, + { + "check": "naming-convention", + "impact": "Informational", + "confidence": "High", + "description": "Event 'naming.event_' (tests/naming_convention.sol#23) is not in CapWords\n", + "elements": [ + { + "target": "event", + "convention": "CapWords", + "name": "event_", + "source_mapping": { + "start": 335, + "length": 19, + "filename_used": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_relative": "tests/naming_convention.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_short": "tests/naming_convention.sol", + "lines": [ + 23 + ], + "starting_column": 5, + "ending_column": 24 + } + } + ] + }, + { + "check": "naming-convention", + "impact": "Informational", + "confidence": "High", + "description": "Function 'naming.GetOne' (tests/naming_convention.sol#30-33) is not in mixedCase\n", + "elements": [ + { + "target": "function", + "convention": "mixedCase", + "name": "GetOne", + "source_mapping": { + "start": 440, + "length": 75, + "filename_used": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_relative": "tests/naming_convention.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_short": "tests/naming_convention.sol", + "lines": [ + 30, + 31, + 32, + 33 + ], + "starting_column": 5, + "ending_column": 6 + } + } + ] + }, + { + "check": "naming-convention", + "impact": "Informational", + "confidence": "High", + "description": "Parameter 'Number2' of naming.setInt (tests/naming_convention.sol#35) is not in mixedCase\n", + "elements": [ + { + "target": "parameter", + "convention": "mixedCase", + "name": "Number2", + "source_mapping": { + "start": 551, + "length": 12, + "filename_used": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_relative": "tests/naming_convention.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_short": "tests/naming_convention.sol", + "lines": [ + 35 + ], + "starting_column": 35, + "ending_column": 47 + } + } + ] + }, + { + "check": "naming-convention", + "impact": "Informational", + "confidence": "High", + "description": "Constant 'naming.MY_other_CONSTANT' (tests/naming_convention.sol#9) is not in UPPER_CASE_WITH_UNDERSCORES\n", + "elements": [ + { + "target": "variable_constant", + "convention": "UPPER_CASE_WITH_UNDERSCORES", + "name": "MY_other_CONSTANT", + "source_mapping": { + "start": 143, + "length": 35, + "filename_used": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_relative": "tests/naming_convention.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_short": "tests/naming_convention.sol", + "lines": [ + 9 + ], + "starting_column": 5, + "ending_column": 40 + } + } + ] + }, + { + "check": "naming-convention", + "impact": "Informational", + "confidence": "High", + "description": "Variable 'naming.Var_One' (tests/naming_convention.sol#11) is not in mixedCase\n", + "elements": [ + { + "target": "variable", + "convention": "mixedCase", + "name": "Var_One", + "source_mapping": { + "start": 185, + "length": 16, + "filename_used": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_relative": "tests/naming_convention.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_short": "tests/naming_convention.sol", + "lines": [ + 11 + ], + "starting_column": 5, + "ending_column": 21 + } + } + ] + }, + { + "check": "naming-convention", + "impact": "Informational", + "confidence": "High", + "description": "Enum 'naming.numbers' (tests/naming_convention.sol#6) is not in CapWords\n", + "elements": [ + { + "target": "enum", + "convention": "CapWords", + "name": "numbers", + "source_mapping": { + "start": 79, + "length": 23, + "filename_used": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_relative": "tests/naming_convention.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_short": "tests/naming_convention.sol", + "lines": [ + 6 + ], + "starting_column": 5, + "ending_column": 28 + } + } + ] + }, + { + "check": "naming-convention", + "impact": "Informational", + "confidence": "High", + "description": "Modifier 'naming.CantDo' (tests/naming_convention.sol#41-43) is not in mixedCase\n", + "elements": [ + { + "target": "modifier", + "convention": "mixedCase", + "name": "CantDo", + "source_mapping": { + "start": 591, + "length": 36, + "filename_used": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_relative": "tests/naming_convention.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_short": "tests/naming_convention.sol", + "lines": [ + 41, + 42, + 43 + ], + "starting_column": 5, + "ending_column": 6 + } + } + ] + }, + { + "check": "naming-convention", + "impact": "Informational", + "confidence": "High", + "description": "Parameter '_used' of T.test (tests/naming_convention.sol#59) is not in mixedCase\n", + "elements": [ + { + "target": "parameter", + "convention": "mixedCase", + "name": "_used", + "source_mapping": { + "start": 794, + "length": 10, + "filename_used": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_relative": "tests/naming_convention.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_short": "tests/naming_convention.sol", + "lines": [ + 59 + ], + "starting_column": 33, + "ending_column": 43 + } + } + ] + }, + { + "check": "naming-convention", + "impact": "Informational", + "confidence": "High", + "description": "Variable 'T._myPublicVar' (tests/naming_convention.sol#56) is not in mixedCase\n", + "elements": [ + { + "target": "variable", + "convention": "mixedCase", + "name": "_myPublicVar", + "source_mapping": { + "start": 741, + "length": 17, + "filename_used": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_relative": "tests/naming_convention.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_short": "tests/naming_convention.sol", + "lines": [ + 56 + ], + "starting_column": 5, + "ending_column": 22 + } + } + ] + }, + { + "check": "naming-convention", + "impact": "Informational", + "confidence": "High", + "description": "Variable 'T.l' (tests/naming_convention.sol#67) used l, O, I, which should not be used\n", + "elements": [ + { + "target": "variable", + "convention": "l_O_I_should_not_be_used", + "name": "l", + "source_mapping": { + "start": 900, + "length": 10, + "filename_used": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_relative": "tests/naming_convention.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/naming_convention.sol", + "filename_short": "tests/naming_convention.sol", + "lines": [ + 67 + ], + "starting_column": 5, + "ending_column": 15 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/naming_convention.naming-convention.txt b/tests/expected_json/naming_convention.naming-convention.txt new file mode 100644 index 000000000..ae34a6944 --- /dev/null +++ b/tests/expected_json/naming_convention.naming-convention.txt @@ -0,0 +1,15 @@ +INFO:Detectors: +Contract 'naming' (tests/naming_convention.sol#3-48) is not in CapWords +Struct 'naming.test' (tests/naming_convention.sol#14-16) is not in CapWords +Event 'naming.event_' (tests/naming_convention.sol#23) is not in CapWords +Function 'naming.GetOne' (tests/naming_convention.sol#30-33) is not in mixedCase +Parameter 'Number2' of naming.setInt (tests/naming_convention.sol#35) is not in mixedCase +Constant 'naming.MY_other_CONSTANT' (tests/naming_convention.sol#9) is not in UPPER_CASE_WITH_UNDERSCORES +Variable 'naming.Var_One' (tests/naming_convention.sol#11) is not in mixedCase +Enum 'naming.numbers' (tests/naming_convention.sol#6) is not in CapWords +Modifier 'naming.CantDo' (tests/naming_convention.sol#41-43) is not in mixedCase +Parameter '_used' of T.test (tests/naming_convention.sol#59) is not in mixedCase +Variable 'T._myPublicVar' (tests/naming_convention.sol#56) is not in mixedCase +Variable 'T.l' (tests/naming_convention.sol#67) used l, O, I, which should not be used +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions +INFO:Slither:tests/naming_convention.sol analyzed (3 contracts), 12 result(s) found diff --git a/tests/expected_json/old_solc.sol.json.solc-version.json b/tests/expected_json/old_solc.sol.json.solc-version.json index 572d0f055..901805d32 100644 --- a/tests/expected_json/old_solc.sol.json.solc-version.json +++ b/tests/expected_json/old_solc.sol.json.solc-version.json @@ -1 +1,25 @@ -[{"check": "solc-version", "impact": "Informational", "confidence": "High", "description": "Detected issues with version pragma in tests/old_solc.sol.json:\n\t- pragma solidity0.4.21 (old_solc.sol): it allows old versions\n", "elements": [{"type": "expression", "expression": "0.4.21", "source_mapping": {"start": 0, "length": 23, "filename": "old_solc.sol", "lines": []}}]}] \ No newline at end of file +[ + { + "check": "solc-version", + "impact": "Informational", + "confidence": "High", + "description": "Detected issues with version pragma in tests/old_solc.sol.json:\n\t- pragma solidity0.4.21 (None): it allows old versions\n", + "elements": [ + { + "type": "expression", + "expression": "0.4.21", + "source_mapping": { + "start": 0, + "length": 23, + "filename_used": "old_solc.sol", + "filename_relative": null, + "filename_absolute": null, + "filename_short": null, + "lines": [], + "starting_column": null, + "ending_column": null + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/old_solc.sol.json.solc-version.txt b/tests/expected_json/old_solc.sol.json.solc-version.txt new file mode 100644 index 000000000..c07084de4 --- /dev/null +++ b/tests/expected_json/old_solc.sol.json.solc-version.txt @@ -0,0 +1,6 @@ +INFO:Detectors: +Detected issues with version pragma in tests/old_solc.sol.json: + - pragma solidity0.4.21 (None): it allows old versions +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-version-of-solidity +INFO:Slither:/home/monty/Private/tob/tools/slither-public/scripts/../tests/expected_json/old_solc.sol.json.solc-version.json exists already, the overwrite is prevented +INFO:Slither:tests/old_solc.sol.json analyzed (1 contracts), 1 result(s) found diff --git a/tests/expected_json/pragma.0.4.24.pragma.json b/tests/expected_json/pragma.0.4.24.pragma.json index cfd1f6e2c..d5d8745d1 100644 --- a/tests/expected_json/pragma.0.4.24.pragma.json +++ b/tests/expected_json/pragma.0.4.24.pragma.json @@ -1 +1,44 @@ -[{"check": "pragma", "impact": "Informational", "confidence": "High", "description": "Different versions of Solidity is used in tests/pragma.0.4.24.sol:\n\t- Version used: ['^0.4.23', '^0.4.24']\n\t- tests/pragma.0.4.23.sol#1 declares pragma solidity^0.4.23\n\t- tests/pragma.0.4.24.sol#1 declares pragma solidity^0.4.24\n", "elements": [{"type": "expression", "expression": "^0.4.23", "source_mapping": {"start": 0, "length": 24, "filename": "tests/pragma.0.4.23.sol", "lines": [1]}}, {"type": "expression", "expression": "^0.4.24", "source_mapping": {"start": 0, "length": 24, "filename": "tests/pragma.0.4.24.sol", "lines": [1]}}]}] \ No newline at end of file +[ + { + "check": "pragma", + "impact": "Informational", + "confidence": "High", + "description": "Different versions of Solidity is used in :\n\t- Version used: ['^0.4.23', '^0.4.24']\n\t- tests/pragma.0.4.23.sol#1 declares pragma solidity^0.4.23\n\t- tests/pragma.0.4.24.sol#1 declares pragma solidity^0.4.24\n", + "elements": [ + { + "type": "expression", + "expression": "^0.4.23", + "source_mapping": { + "start": 0, + "length": 24, + "filename_used": "/home/travis/build/crytic/slither/tests/pragma.0.4.23.sol", + "filename_relative": "tests/pragma.0.4.23.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/pragma.0.4.23.sol", + "filename_short": "tests/pragma.0.4.23.sol", + "lines": [ + 1 + ], + "starting_column": 1, + "ending_column": 25 + } + }, + { + "type": "expression", + "expression": "^0.4.24", + "source_mapping": { + "start": 0, + "length": 24, + "filename_used": "/home/travis/build/crytic/slither/tests/pragma.0.4.24.sol", + "filename_relative": "tests/pragma.0.4.24.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/pragma.0.4.24.sol", + "filename_short": "tests/pragma.0.4.24.sol", + "lines": [ + 1 + ], + "starting_column": 1, + "ending_column": 25 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/pragma.0.4.24.pragma.txt b/tests/expected_json/pragma.0.4.24.pragma.txt new file mode 100644 index 000000000..8a5e1a540 --- /dev/null +++ b/tests/expected_json/pragma.0.4.24.pragma.txt @@ -0,0 +1,8 @@ +ERROR:Slither:Invalid compilation +ERROR:Slither:Invalid solc compilation tests/pragma.0.4.23.sol:1:1: Error: Source file requires different compiler version (current compiler is 0.5.1+commit.c8a2cb62.Linux.g++ - note that nightly builds are considered to be strictly less than the released version +pragma solidity ^0.4.23; +^----------------------^ +tests/pragma.0.4.24.sol:1:1: Error: Source file requires different compiler version (current compiler is 0.5.1+commit.c8a2cb62.Linux.g++ - note that nightly builds are considered to be strictly less than the released version +pragma solidity ^0.4.24; +^----------------------^ + diff --git a/tests/expected_json/reentrancy-0.5.1.reentrancy-eth.json b/tests/expected_json/reentrancy-0.5.1.reentrancy-eth.json index 8a9a7e8d7..dbab564e2 100644 --- a/tests/expected_json/reentrancy-0.5.1.reentrancy-eth.json +++ b/tests/expected_json/reentrancy-0.5.1.reentrancy-eth.json @@ -1 +1,275 @@ -[{"check": "reentrancy-eth", "impact": "High", "confidence": "Medium", "description": "Reentrancy in Reentrancy.withdrawBalance (tests/reentrancy-0.5.1.sol#14-22):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/reentrancy-0.5.1.sol#17)\n\tState variables written after the call(s):\n\t- userBalance (tests/reentrancy-0.5.1.sol#21)\n", "elements": [{"type": "function", "name": "withdrawBalance", "source_mapping": {"start": 298, "length": 357, "filename": "tests/reentrancy-0.5.1.sol", "lines": [14, 15, 16, 17, 18, 19, 20, 21, 22]}, "contract": {"type": "contract", "name": "Reentrancy", "source_mapping": {"start": 25, "length": 1807, "filename": "tests/reentrancy-0.5.1.sol", "lines": [3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54]}}}, {"type": "external_calls", "expression": "(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()", "source_mapping": {"start": 477, "length": 81, "filename": "tests/reentrancy-0.5.1.sol", "lines": [17]}}, {"type": "variables_written", "name": "userBalance", "expression": "userBalance[msg.sender] = 0", "source_mapping": {"start": 621, "length": 27, "filename": "tests/reentrancy-0.5.1.sol", "lines": [21]}}]}, {"check": "reentrancy-eth", "impact": "High", "confidence": "Medium", "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3 (tests/reentrancy-0.5.1.sol#44-53):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(amount)() (tests/reentrancy-0.5.1.sol#49)\n\tState variables written after the call(s):\n\t- userBalance (tests/reentrancy-0.5.1.sol#51)\n", "elements": [{"type": "function", "name": "withdrawBalance_fixed_3", "source_mapping": {"start": 1434, "length": 393, "filename": "tests/reentrancy-0.5.1.sol", "lines": [44, 45, 46, 47, 48, 49, 50, 51, 52, 53]}, "contract": {"type": "contract", "name": "Reentrancy", "source_mapping": {"start": 25, "length": 1807, "filename": "tests/reentrancy-0.5.1.sol", "lines": [3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54]}}}, {"type": "external_calls", "expression": "(ret,mem) = msg.sender.call.value(amount)()", "source_mapping": {"start": 1679, "length": 64, "filename": "tests/reentrancy-0.5.1.sol", "lines": [49]}}, {"type": "variables_written", "name": "userBalance", "expression": "userBalance[msg.sender] = amount", "source_mapping": {"start": 1778, "length": 32, "filename": "tests/reentrancy-0.5.1.sol", "lines": [51]}}]}] \ No newline at end of file +[ + { + "check": "reentrancy-eth", + "impact": "High", + "confidence": "Medium", + "description": "Reentrancy in Reentrancy.withdrawBalance (tests/reentrancy-0.5.1.sol#14-22):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/reentrancy-0.5.1.sol#17)\n\tState variables written after the call(s):\n\t- userBalance (tests/reentrancy-0.5.1.sol#21)\n", + "elements": [ + { + "type": "function", + "name": "withdrawBalance", + "source_mapping": { + "start": 298, + "length": 357, + "filename_used": "/home/travis/build/crytic/slither/tests/reentrancy-0.5.1.sol", + "filename_relative": "tests/reentrancy-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/reentrancy-0.5.1.sol", + "filename_short": "tests/reentrancy-0.5.1.sol", + "lines": [ + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Reentrancy", + "source_mapping": { + "start": 25, + "length": 1807, + "filename_used": "/home/travis/build/crytic/slither/tests/reentrancy-0.5.1.sol", + "filename_relative": "tests/reentrancy-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/reentrancy-0.5.1.sol", + "filename_short": "tests/reentrancy-0.5.1.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "external_calls", + "expression": "(ret,mem) = msg.sender.call.value(userBalance[msg.sender])()", + "source_mapping": { + "start": 477, + "length": 81, + "filename_used": "/home/travis/build/crytic/slither/tests/reentrancy-0.5.1.sol", + "filename_relative": "tests/reentrancy-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/reentrancy-0.5.1.sol", + "filename_short": "tests/reentrancy-0.5.1.sol", + "lines": [ + 17 + ], + "starting_column": 9, + "ending_column": 90 + } + }, + { + "type": "variables_written", + "name": "userBalance", + "expression": "userBalance[msg.sender] = 0", + "source_mapping": { + "start": 621, + "length": 27, + "filename_used": "/home/travis/build/crytic/slither/tests/reentrancy-0.5.1.sol", + "filename_relative": "tests/reentrancy-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/reentrancy-0.5.1.sol", + "filename_short": "tests/reentrancy-0.5.1.sol", + "lines": [ + 21 + ], + "starting_column": 9, + "ending_column": 36 + } + } + ] + }, + { + "check": "reentrancy-eth", + "impact": "High", + "confidence": "Medium", + "description": "Reentrancy in Reentrancy.withdrawBalance_fixed_3 (tests/reentrancy-0.5.1.sol#44-53):\n\tExternal calls:\n\t- (ret,mem) = msg.sender.call.value(amount)() (tests/reentrancy-0.5.1.sol#49)\n\tState variables written after the call(s):\n\t- userBalance (tests/reentrancy-0.5.1.sol#51)\n", + "elements": [ + { + "type": "function", + "name": "withdrawBalance_fixed_3", + "source_mapping": { + "start": 1434, + "length": 393, + "filename_used": "/home/travis/build/crytic/slither/tests/reentrancy-0.5.1.sol", + "filename_relative": "tests/reentrancy-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/reentrancy-0.5.1.sol", + "filename_short": "tests/reentrancy-0.5.1.sol", + "lines": [ + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Reentrancy", + "source_mapping": { + "start": 25, + "length": 1807, + "filename_used": "/home/travis/build/crytic/slither/tests/reentrancy-0.5.1.sol", + "filename_relative": "tests/reentrancy-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/reentrancy-0.5.1.sol", + "filename_short": "tests/reentrancy-0.5.1.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "external_calls", + "expression": "(ret,mem) = msg.sender.call.value(amount)()", + "source_mapping": { + "start": 1679, + "length": 64, + "filename_used": "/home/travis/build/crytic/slither/tests/reentrancy-0.5.1.sol", + "filename_relative": "tests/reentrancy-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/reentrancy-0.5.1.sol", + "filename_short": "tests/reentrancy-0.5.1.sol", + "lines": [ + 49 + ], + "starting_column": 9, + "ending_column": 73 + } + }, + { + "type": "variables_written", + "name": "userBalance", + "expression": "userBalance[msg.sender] = amount", + "source_mapping": { + "start": 1778, + "length": 32, + "filename_used": "/home/travis/build/crytic/slither/tests/reentrancy-0.5.1.sol", + "filename_relative": "tests/reentrancy-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/reentrancy-0.5.1.sol", + "filename_short": "tests/reentrancy-0.5.1.sol", + "lines": [ + 51 + ], + "starting_column": 13, + "ending_column": 45 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/reentrancy-0.5.1.reentrancy-eth.txt b/tests/expected_json/reentrancy-0.5.1.reentrancy-eth.txt new file mode 100644 index 000000000..465e75502 --- /dev/null +++ b/tests/expected_json/reentrancy-0.5.1.reentrancy-eth.txt @@ -0,0 +1,13 @@ +INFO:Detectors: +Reentrancy in Reentrancy.withdrawBalance (tests/reentrancy-0.5.1.sol#14-22): + External calls: + - (ret,mem) = msg.sender.call.value(userBalance[msg.sender])() (tests/reentrancy-0.5.1.sol#17) + State variables written after the call(s): + - userBalance (tests/reentrancy-0.5.1.sol#21) +Reentrancy in Reentrancy.withdrawBalance_fixed_3 (tests/reentrancy-0.5.1.sol#44-53): + External calls: + - (ret,mem) = msg.sender.call.value(amount)() (tests/reentrancy-0.5.1.sol#49) + State variables written after the call(s): + - userBalance (tests/reentrancy-0.5.1.sol#51) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities +INFO:Slither:tests/reentrancy-0.5.1.sol analyzed (1 contracts), 2 result(s) found diff --git a/tests/expected_json/reentrancy-0.5.1.reentrancy.txt b/tests/expected_json/reentrancy-0.5.1.reentrancy.txt new file mode 100644 index 000000000..184c551e6 --- /dev/null +++ b/tests/expected_json/reentrancy-0.5.1.reentrancy.txt @@ -0,0 +1,10 @@ +Traceback (most recent call last): + File "/home/monty/Envs/slither/bin/slither", line 11, in + load_entry_point('slither-analyzer', 'console_scripts', 'slither')() + File "/home/monty/Private/tob/tools/slither-public/slither/__main__.py", line 469, in main + main_impl(all_detector_classes=detectors, all_printer_classes=printers) + File "/home/monty/Private/tob/tools/slither-public/slither/__main__.py", line 483, in main_impl + detector_classes = choose_detectors(args, all_detector_classes) + File "/home/monty/Private/tob/tools/slither-public/slither/__main__.py", line 176, in choose_detectors + raise Exception('Error: {} is not a detector'.format(d)) +Exception: Error: reentrancy is not a detector diff --git a/tests/expected_json/reentrancy.reentrancy-eth.json b/tests/expected_json/reentrancy.reentrancy-eth.json index 93ec6d064..da95d2225 100644 --- a/tests/expected_json/reentrancy.reentrancy-eth.json +++ b/tests/expected_json/reentrancy.reentrancy-eth.json @@ -1 +1,309 @@ -[{"check": "reentrancy-eth", "impact": "High", "confidence": "Medium", "description": "Reentrancy in Reentrancy.withdrawBalance (tests/reentrancy.sol#14-21):\n\tExternal calls:\n\t- ! (msg.sender.call.value(userBalance[msg.sender])()) (tests/reentrancy.sol#17-19)\n\tState variables written after the call(s):\n\t- userBalance (tests/reentrancy.sol#20)\n", "elements": [{"type": "function", "name": "withdrawBalance", "source_mapping": {"start": 299, "length": 314, "filename": "tests/reentrancy.sol", "lines": [14, 15, 16, 17, 18, 19, 20, 21]}, "contract": {"type": "contract", "name": "Reentrancy", "source_mapping": {"start": 26, "length": 2334, "filename": "tests/reentrancy.sol", "lines": [3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72]}}}, {"type": "external_calls", "expression": "! (msg.sender.call.value(userBalance[msg.sender])())", "source_mapping": {"start": 478, "length": 92, "filename": "tests/reentrancy.sol", "lines": [17, 18, 19]}}, {"type": "variables_written", "name": "userBalance", "expression": "userBalance[msg.sender] = 0", "source_mapping": {"start": 579, "length": 27, "filename": "tests/reentrancy.sol", "lines": [20]}}]}, {"check": "reentrancy-eth", "impact": "High", "confidence": "Medium", "description": "Reentrancy in Reentrancy.withdrawBalance_nested (tests/reentrancy.sol#64-70):\n\tExternal calls:\n\t- msg.sender.call.value(amount / 2)() (tests/reentrancy.sol#67)\n\tState variables written after the call(s):\n\t- userBalance (tests/reentrancy.sol#68)\n", "elements": [{"type": "function", "name": "withdrawBalance_nested", "source_mapping": {"start": 2108, "length": 246, "filename": "tests/reentrancy.sol", "lines": [64, 65, 66, 67, 68, 69, 70]}, "contract": {"type": "contract", "name": "Reentrancy", "source_mapping": {"start": 26, "length": 2334, "filename": "tests/reentrancy.sol", "lines": [3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58, 59, 60, 61, 62, 63, 64, 65, 66, 67, 68, 69, 70, 71, 72]}}}, {"type": "external_calls", "expression": "msg.sender.call.value(amount / 2)()", "source_mapping": {"start": 2263, "length": 33, "filename": "tests/reentrancy.sol", "lines": [67]}}, {"type": "variables_written", "name": "userBalance", "expression": "userBalance[msg.sender] = 0", "source_mapping": {"start": 2310, "length": 27, "filename": "tests/reentrancy.sol", "lines": [68]}}]}] \ No newline at end of file +[ + { + "check": "reentrancy-eth", + "impact": "High", + "confidence": "Medium", + "description": "Reentrancy in Reentrancy.withdrawBalance (tests/reentrancy.sol#14-21):\n\tExternal calls:\n\t- ! (msg.sender.call.value(userBalance[msg.sender])()) (tests/reentrancy.sol#17-19)\n\tState variables written after the call(s):\n\t- userBalance (tests/reentrancy.sol#20)\n", + "elements": [ + { + "type": "function", + "name": "withdrawBalance", + "source_mapping": { + "start": 299, + "length": 314, + "filename_used": "/home/travis/build/crytic/slither/tests/reentrancy.sol", + "filename_relative": "tests/reentrancy.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/reentrancy.sol", + "filename_short": "tests/reentrancy.sol", + "lines": [ + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Reentrancy", + "source_mapping": { + "start": 26, + "length": 2334, + "filename_used": "/home/travis/build/crytic/slither/tests/reentrancy.sol", + "filename_relative": "tests/reentrancy.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/reentrancy.sol", + "filename_short": "tests/reentrancy.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "external_calls", + "expression": "! (msg.sender.call.value(userBalance[msg.sender])())", + "source_mapping": { + "start": 478, + "length": 92, + "filename_used": "/home/travis/build/crytic/slither/tests/reentrancy.sol", + "filename_relative": "tests/reentrancy.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/reentrancy.sol", + "filename_short": "tests/reentrancy.sol", + "lines": [ + 17, + 18, + 19 + ], + "starting_column": 9, + "ending_column": 10 + } + }, + { + "type": "variables_written", + "name": "userBalance", + "expression": "userBalance[msg.sender] = 0", + "source_mapping": { + "start": 579, + "length": 27, + "filename_used": "/home/travis/build/crytic/slither/tests/reentrancy.sol", + "filename_relative": "tests/reentrancy.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/reentrancy.sol", + "filename_short": "tests/reentrancy.sol", + "lines": [ + 20 + ], + "starting_column": 9, + "ending_column": 36 + } + } + ] + }, + { + "check": "reentrancy-eth", + "impact": "High", + "confidence": "Medium", + "description": "Reentrancy in Reentrancy.withdrawBalance_nested (tests/reentrancy.sol#64-70):\n\tExternal calls:\n\t- msg.sender.call.value(amount / 2)() (tests/reentrancy.sol#67)\n\tState variables written after the call(s):\n\t- userBalance (tests/reentrancy.sol#68)\n", + "elements": [ + { + "type": "function", + "name": "withdrawBalance_nested", + "source_mapping": { + "start": 2108, + "length": 246, + "filename_used": "/home/travis/build/crytic/slither/tests/reentrancy.sol", + "filename_relative": "tests/reentrancy.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/reentrancy.sol", + "filename_short": "tests/reentrancy.sol", + "lines": [ + 64, + 65, + 66, + 67, + 68, + 69, + 70 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Reentrancy", + "source_mapping": { + "start": 26, + "length": 2334, + "filename_used": "/home/travis/build/crytic/slither/tests/reentrancy.sol", + "filename_relative": "tests/reentrancy.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/reentrancy.sol", + "filename_short": "tests/reentrancy.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30, + 31, + 32, + 33, + 34, + 35, + 36, + 37, + 38, + 39, + 40, + 41, + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58, + 59, + 60, + 61, + 62, + 63, + 64, + 65, + 66, + 67, + 68, + 69, + 70, + 71, + 72 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "external_calls", + "expression": "msg.sender.call.value(amount / 2)()", + "source_mapping": { + "start": 2263, + "length": 33, + "filename_used": "/home/travis/build/crytic/slither/tests/reentrancy.sol", + "filename_relative": "tests/reentrancy.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/reentrancy.sol", + "filename_short": "tests/reentrancy.sol", + "lines": [ + 67 + ], + "starting_column": 13, + "ending_column": 46 + } + }, + { + "type": "variables_written", + "name": "userBalance", + "expression": "userBalance[msg.sender] = 0", + "source_mapping": { + "start": 2310, + "length": 27, + "filename_used": "/home/travis/build/crytic/slither/tests/reentrancy.sol", + "filename_relative": "tests/reentrancy.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/reentrancy.sol", + "filename_short": "tests/reentrancy.sol", + "lines": [ + 68 + ], + "starting_column": 13, + "ending_column": 40 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/reentrancy.reentrancy-eth.txt b/tests/expected_json/reentrancy.reentrancy-eth.txt new file mode 100644 index 000000000..b5534660e --- /dev/null +++ b/tests/expected_json/reentrancy.reentrancy-eth.txt @@ -0,0 +1,13 @@ +INFO:Detectors: +Reentrancy in Reentrancy.withdrawBalance (tests/reentrancy.sol#14-21): + External calls: + - ! (msg.sender.call.value(userBalance[msg.sender])()) (tests/reentrancy.sol#17-19) + State variables written after the call(s): + - userBalance (tests/reentrancy.sol#20) +Reentrancy in Reentrancy.withdrawBalance_nested (tests/reentrancy.sol#64-70): + External calls: + - msg.sender.call.value(amount / 2)() (tests/reentrancy.sol#67) + State variables written after the call(s): + - userBalance (tests/reentrancy.sol#68) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities +INFO:Slither:tests/reentrancy.sol analyzed (1 contracts), 2 result(s) found diff --git a/tests/expected_json/right_to_left_override.rtlo.json b/tests/expected_json/right_to_left_override.rtlo.json index 203035b01..4fb8449c8 100644 --- a/tests/expected_json/right_to_left_override.rtlo.json +++ b/tests/expected_json/right_to_left_override.rtlo.json @@ -1 +1,9 @@ -[{"check": "rtlo", "impact": "High", "confidence": "High", "description": "tests/right_to_left_override.sol contains a unicode right-to-left-override character:\n\t- return test1(/*A\u202e/*B*/2 , 1/*\u202d\n", "elements": []}] \ No newline at end of file +[ + { + "check": "rtlo", + "impact": "High", + "confidence": "High", + "description": "/home/travis/build/crytic/slither/tests/right_to_left_override.sol contains a unicode right-to-left-override character:\n\t- test1(/*A\u202e/*B*/2 , 1/*\u202d\n", + "elements": [] + } +] \ No newline at end of file diff --git a/tests/expected_json/right_to_left_override.rtlo.txt b/tests/expected_json/right_to_left_override.rtlo.txt new file mode 100644 index 000000000..2eb3ba03b --- /dev/null +++ b/tests/expected_json/right_to_left_override.rtlo.txt @@ -0,0 +1,5 @@ +INFO:Detectors: +/home/monty/Private/tob/tools/slither-public/tests/right_to_left_override.sol contains a unicode right-to-left-override character: + - test1(/*A‮/*B*/2 , 1/*‭ +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#right-to-left-override-character +INFO:Slither:tests/right_to_left_override.sol analyzed (1 contracts), 1 result(s) found diff --git a/tests/expected_json/shadowing_abstract.shadowing-abstract.json b/tests/expected_json/shadowing_abstract.shadowing-abstract.json index 859ee5c39..18094ca3a 100644 --- a/tests/expected_json/shadowing_abstract.shadowing-abstract.json +++ b/tests/expected_json/shadowing_abstract.shadowing-abstract.json @@ -1 +1,44 @@ -[{"check": "shadowing-abstract", "impact": "Medium", "confidence": "High", "description": "DerivedContract.owner (tests/shadowing_abstract.sol#7) shadows:\n\t- BaseContract.owner (tests/shadowing_abstract.sol#2)\n", "elements": [{"type": "variable", "name": "owner", "source_mapping": {"start": 92, "length": 13, "filename": "tests/shadowing_abstract.sol", "lines": [7]}}, {"type": "variable", "name": "owner", "source_mapping": {"start": 27, "length": 13, "filename": "tests/shadowing_abstract.sol", "lines": [2]}}]}] \ No newline at end of file +[ + { + "check": "shadowing-abstract", + "impact": "Medium", + "confidence": "High", + "description": "DerivedContract.owner (tests/shadowing_abstract.sol#7) shadows:\n\t- BaseContract.owner (tests/shadowing_abstract.sol#2)\n", + "elements": [ + { + "type": "variable", + "name": "owner", + "source_mapping": { + "start": 92, + "length": 13, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_abstract.sol", + "filename_relative": "tests/shadowing_abstract.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_abstract.sol", + "filename_short": "tests/shadowing_abstract.sol", + "lines": [ + 7 + ], + "starting_column": 5, + "ending_column": 18 + } + }, + { + "type": "variable", + "name": "owner", + "source_mapping": { + "start": 27, + "length": 13, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_abstract.sol", + "filename_relative": "tests/shadowing_abstract.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_abstract.sol", + "filename_short": "tests/shadowing_abstract.sol", + "lines": [ + 2 + ], + "starting_column": 5, + "ending_column": 18 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/shadowing_abstract.shadowing-abstract.txt b/tests/expected_json/shadowing_abstract.shadowing-abstract.txt new file mode 100644 index 000000000..fed0e9e24 --- /dev/null +++ b/tests/expected_json/shadowing_abstract.shadowing-abstract.txt @@ -0,0 +1,5 @@ +INFO:Detectors: +DerivedContract.owner (tests/shadowing_abstract.sol#7) shadows: + - BaseContract.owner (tests/shadowing_abstract.sol#2) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#state-variable-shadowing-from-abstract-contracts +INFO:Slither:tests/shadowing_abstract.sol analyzed (2 contracts), 1 result(s) found diff --git a/tests/expected_json/shadowing_builtin_symbols.shadowing-builtin.json b/tests/expected_json/shadowing_builtin_symbols.shadowing-builtin.json index ff59e0c14..390d68a5b 100644 --- a/tests/expected_json/shadowing_builtin_symbols.shadowing-builtin.json +++ b/tests/expected_json/shadowing_builtin_symbols.shadowing-builtin.json @@ -1 +1,407 @@ -[{"check": "shadowing-builtin", "impact": "Low", "confidence": "High", "description": "BaseContract.blockhash (state variable @ tests/shadowing_builtin_symbols.sol#4) shadows built-in symbol \"blockhash\"\n", "elements": [{"type": "variable", "name": "blockhash", "source_mapping": {"start": 54, "length": 14, "filename": "tests/shadowing_builtin_symbols.sol", "lines": [4]}}]}, {"check": "shadowing-builtin", "impact": "Low", "confidence": "High", "description": "BaseContract.now (state variable @ tests/shadowing_builtin_symbols.sol#5) shadows built-in symbol \"now\"\n", "elements": [{"type": "variable", "name": "now", "source_mapping": {"start": 74, "length": 8, "filename": "tests/shadowing_builtin_symbols.sol", "lines": [5]}}]}, {"check": "shadowing-builtin", "impact": "Low", "confidence": "High", "description": "BaseContract.revert (event @ tests/shadowing_builtin_symbols.sol#7) shadows built-in symbol \"revert\"\n", "elements": [{"type": "function", "name": "revert", "source_mapping": {"start": 89, "length": 29, "filename": "tests/shadowing_builtin_symbols.sol", "lines": [7]}, "contract": {"type": "contract", "name": "BaseContract", "source_mapping": {"start": 26, "length": 94, "filename": "tests/shadowing_builtin_symbols.sol", "lines": [3, 4, 5, 6, 7, 8]}}}]}, {"check": "shadowing-builtin", "impact": "Low", "confidence": "High", "description": "ExtendedContract.assert (function @ tests/shadowing_builtin_symbols.sol#13-15) shadows built-in symbol \"assert\"\n", "elements": [{"type": "function", "name": "assert", "source_mapping": {"start": 195, "length": 64, "filename": "tests/shadowing_builtin_symbols.sol", "lines": [13, 14, 15]}, "contract": {"type": "contract", "name": "ExtendedContract", "source_mapping": {"start": 122, "length": 139, "filename": "tests/shadowing_builtin_symbols.sol", "lines": [10, 11, 12, 13, 14, 15, 16]}}}]}, {"check": "shadowing-builtin", "impact": "Low", "confidence": "High", "description": "ExtendedContract.assert.msg (local variable @ tests/shadowing_builtin_symbols.sol#14) shadows built-in symbol \"msg\"\n", "elements": [{"type": "variable", "name": "msg", "source_mapping": {"start": 244, "length": 8, "filename": "tests/shadowing_builtin_symbols.sol", "lines": [14]}}]}, {"check": "shadowing-builtin", "impact": "Low", "confidence": "High", "description": "ExtendedContract.ecrecover (state variable @ tests/shadowing_builtin_symbols.sol#11) shadows built-in symbol \"ecrecover\"\n", "elements": [{"type": "variable", "name": "ecrecover", "source_mapping": {"start": 170, "length": 18, "filename": "tests/shadowing_builtin_symbols.sol", "lines": [11]}}]}, {"check": "shadowing-builtin", "impact": "Low", "confidence": "High", "description": "FurtherExtendedContract.require (modifier @ tests/shadowing_builtin_symbols.sol#23-28) shadows built-in symbol \"require\"\n", "elements": [{"type": "function", "name": "require", "source_mapping": {"start": 380, "length": 120, "filename": "tests/shadowing_builtin_symbols.sol", "lines": [23, 24, 25, 26, 27, 28]}, "contract": {"type": "contract", "name": "FurtherExtendedContract", "source_mapping": {"start": 263, "length": 239, "filename": "tests/shadowing_builtin_symbols.sol", "lines": [18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29]}}}]}, {"check": "shadowing-builtin", "impact": "Low", "confidence": "High", "description": "FurtherExtendedContract.require.keccak256 (local variable @ tests/shadowing_builtin_symbols.sol#25) shadows built-in symbol \"keccak256\"\n", "elements": [{"type": "variable", "name": "keccak256", "source_mapping": {"start": 449, "length": 14, "filename": "tests/shadowing_builtin_symbols.sol", "lines": [25]}}]}, {"check": "shadowing-builtin", "impact": "Low", "confidence": "High", "description": "FurtherExtendedContract.require.sha3 (local variable @ tests/shadowing_builtin_symbols.sol#26) shadows built-in symbol \"sha3\"\n", "elements": [{"type": "variable", "name": "sha3", "source_mapping": {"start": 473, "length": 9, "filename": "tests/shadowing_builtin_symbols.sol", "lines": [26]}}]}, {"check": "shadowing-builtin", "impact": "Low", "confidence": "High", "description": "FurtherExtendedContract.blockhash (state variable @ tests/shadowing_builtin_symbols.sol#19) shadows built-in symbol \"blockhash\"\n", "elements": [{"type": "variable", "name": "blockhash", "source_mapping": {"start": 322, "length": 18, "filename": "tests/shadowing_builtin_symbols.sol", "lines": [19]}}]}, {"check": "shadowing-builtin", "impact": "Low", "confidence": "High", "description": "FurtherExtendedContract.this (state variable @ tests/shadowing_builtin_symbols.sol#20) shadows built-in symbol \"this\"\n", "elements": [{"type": "variable", "name": "this", "source_mapping": {"start": 346, "length": 13, "filename": "tests/shadowing_builtin_symbols.sol", "lines": [20]}}]}, {"check": "shadowing-builtin", "impact": "Low", "confidence": "High", "description": "FurtherExtendedContract.abi (state variable @ tests/shadowing_builtin_symbols.sol#21) shadows built-in symbol \"abi\"\n", "elements": [{"type": "variable", "name": "abi", "source_mapping": {"start": 365, "length": 8, "filename": "tests/shadowing_builtin_symbols.sol", "lines": [21]}}]}, {"check": "shadowing-builtin", "impact": "Low", "confidence": "High", "description": "Reserved.mutable (state variable @ tests/shadowing_builtin_symbols.sol#32) shadows built-in symbol \"mutable\"\n", "elements": [{"type": "variable", "name": "mutable", "source_mapping": {"start": 527, "length": 15, "filename": "tests/shadowing_builtin_symbols.sol", "lines": [32]}}]}] \ No newline at end of file +[ + { + "check": "shadowing-builtin", + "impact": "Low", + "confidence": "High", + "description": "BaseContract.blockhash (state variable @ tests/shadowing_builtin_symbols.sol#4) shadows built-in symbol \"blockhash\"\n", + "elements": [ + { + "type": "variable", + "name": "blockhash", + "source_mapping": { + "start": 54, + "length": 14, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_relative": "tests/shadowing_builtin_symbols.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_short": "tests/shadowing_builtin_symbols.sol", + "lines": [ + 4 + ], + "starting_column": 5, + "ending_column": 19 + } + } + ] + }, + { + "check": "shadowing-builtin", + "impact": "Low", + "confidence": "High", + "description": "BaseContract.now (state variable @ tests/shadowing_builtin_symbols.sol#5) shadows built-in symbol \"now\"\n", + "elements": [ + { + "type": "variable", + "name": "now", + "source_mapping": { + "start": 74, + "length": 8, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_relative": "tests/shadowing_builtin_symbols.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_short": "tests/shadowing_builtin_symbols.sol", + "lines": [ + 5 + ], + "starting_column": 5, + "ending_column": 13 + } + } + ] + }, + { + "check": "shadowing-builtin", + "impact": "Low", + "confidence": "High", + "description": "BaseContract.revert (event @ tests/shadowing_builtin_symbols.sol#7) shadows built-in symbol \"revert\"\n", + "elements": [ + { + "type": "function", + "name": "revert", + "source_mapping": { + "start": 89, + "length": 29, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_relative": "tests/shadowing_builtin_symbols.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_short": "tests/shadowing_builtin_symbols.sol", + "lines": [ + 7 + ], + "starting_column": 5, + "ending_column": 34 + }, + "contract": { + "type": "contract", + "name": "BaseContract", + "source_mapping": { + "start": 26, + "length": 94, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_relative": "tests/shadowing_builtin_symbols.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_short": "tests/shadowing_builtin_symbols.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7, + 8 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + }, + { + "check": "shadowing-builtin", + "impact": "Low", + "confidence": "High", + "description": "ExtendedContract.assert (function @ tests/shadowing_builtin_symbols.sol#13-15) shadows built-in symbol \"assert\"\n", + "elements": [ + { + "type": "function", + "name": "assert", + "source_mapping": { + "start": 195, + "length": 64, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_relative": "tests/shadowing_builtin_symbols.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_short": "tests/shadowing_builtin_symbols.sol", + "lines": [ + 13, + 14, + 15 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "ExtendedContract", + "source_mapping": { + "start": 122, + "length": 139, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_relative": "tests/shadowing_builtin_symbols.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_short": "tests/shadowing_builtin_symbols.sol", + "lines": [ + 10, + 11, + 12, + 13, + 14, + 15, + 16 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + }, + { + "check": "shadowing-builtin", + "impact": "Low", + "confidence": "High", + "description": "ExtendedContract.assert.msg (local variable @ tests/shadowing_builtin_symbols.sol#14) shadows built-in symbol \"msg\"\n", + "elements": [ + { + "type": "variable", + "name": "msg", + "source_mapping": { + "start": 244, + "length": 8, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_relative": "tests/shadowing_builtin_symbols.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_short": "tests/shadowing_builtin_symbols.sol", + "lines": [ + 14 + ], + "starting_column": 9, + "ending_column": 17 + } + } + ] + }, + { + "check": "shadowing-builtin", + "impact": "Low", + "confidence": "High", + "description": "ExtendedContract.ecrecover (state variable @ tests/shadowing_builtin_symbols.sol#11) shadows built-in symbol \"ecrecover\"\n", + "elements": [ + { + "type": "variable", + "name": "ecrecover", + "source_mapping": { + "start": 170, + "length": 18, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_relative": "tests/shadowing_builtin_symbols.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_short": "tests/shadowing_builtin_symbols.sol", + "lines": [ + 11 + ], + "starting_column": 5, + "ending_column": 23 + } + } + ] + }, + { + "check": "shadowing-builtin", + "impact": "Low", + "confidence": "High", + "description": "FurtherExtendedContract.require (modifier @ tests/shadowing_builtin_symbols.sol#23-28) shadows built-in symbol \"require\"\n", + "elements": [ + { + "type": "function", + "name": "require", + "source_mapping": { + "start": 380, + "length": 120, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_relative": "tests/shadowing_builtin_symbols.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_short": "tests/shadowing_builtin_symbols.sol", + "lines": [ + 23, + 24, + 25, + 26, + 27, + 28 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "FurtherExtendedContract", + "source_mapping": { + "start": 263, + "length": 239, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_relative": "tests/shadowing_builtin_symbols.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_short": "tests/shadowing_builtin_symbols.sol", + "lines": [ + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + }, + { + "check": "shadowing-builtin", + "impact": "Low", + "confidence": "High", + "description": "FurtherExtendedContract.require.keccak256 (local variable @ tests/shadowing_builtin_symbols.sol#25) shadows built-in symbol \"keccak256\"\n", + "elements": [ + { + "type": "variable", + "name": "keccak256", + "source_mapping": { + "start": 449, + "length": 14, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_relative": "tests/shadowing_builtin_symbols.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_short": "tests/shadowing_builtin_symbols.sol", + "lines": [ + 25 + ], + "starting_column": 9, + "ending_column": 23 + } + } + ] + }, + { + "check": "shadowing-builtin", + "impact": "Low", + "confidence": "High", + "description": "FurtherExtendedContract.require.sha3 (local variable @ tests/shadowing_builtin_symbols.sol#26) shadows built-in symbol \"sha3\"\n", + "elements": [ + { + "type": "variable", + "name": "sha3", + "source_mapping": { + "start": 473, + "length": 9, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_relative": "tests/shadowing_builtin_symbols.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_short": "tests/shadowing_builtin_symbols.sol", + "lines": [ + 26 + ], + "starting_column": 9, + "ending_column": 18 + } + } + ] + }, + { + "check": "shadowing-builtin", + "impact": "Low", + "confidence": "High", + "description": "FurtherExtendedContract.blockhash (state variable @ tests/shadowing_builtin_symbols.sol#19) shadows built-in symbol \"blockhash\"\n", + "elements": [ + { + "type": "variable", + "name": "blockhash", + "source_mapping": { + "start": 322, + "length": 18, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_relative": "tests/shadowing_builtin_symbols.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_short": "tests/shadowing_builtin_symbols.sol", + "lines": [ + 19 + ], + "starting_column": 5, + "ending_column": 23 + } + } + ] + }, + { + "check": "shadowing-builtin", + "impact": "Low", + "confidence": "High", + "description": "FurtherExtendedContract.this (state variable @ tests/shadowing_builtin_symbols.sol#20) shadows built-in symbol \"this\"\n", + "elements": [ + { + "type": "variable", + "name": "this", + "source_mapping": { + "start": 346, + "length": 13, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_relative": "tests/shadowing_builtin_symbols.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_short": "tests/shadowing_builtin_symbols.sol", + "lines": [ + 20 + ], + "starting_column": 5, + "ending_column": 18 + } + } + ] + }, + { + "check": "shadowing-builtin", + "impact": "Low", + "confidence": "High", + "description": "FurtherExtendedContract.abi (state variable @ tests/shadowing_builtin_symbols.sol#21) shadows built-in symbol \"abi\"\n", + "elements": [ + { + "type": "variable", + "name": "abi", + "source_mapping": { + "start": 365, + "length": 8, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_relative": "tests/shadowing_builtin_symbols.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_short": "tests/shadowing_builtin_symbols.sol", + "lines": [ + 21 + ], + "starting_column": 5, + "ending_column": 13 + } + } + ] + }, + { + "check": "shadowing-builtin", + "impact": "Low", + "confidence": "High", + "description": "Reserved.mutable (state variable @ tests/shadowing_builtin_symbols.sol#32) shadows built-in symbol \"mutable\"\n", + "elements": [ + { + "type": "variable", + "name": "mutable", + "source_mapping": { + "start": 527, + "length": 15, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_relative": "tests/shadowing_builtin_symbols.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_builtin_symbols.sol", + "filename_short": "tests/shadowing_builtin_symbols.sol", + "lines": [ + 32 + ], + "starting_column": 5, + "ending_column": 20 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/shadowing_builtin_symbols.shadowing-builtin.txt b/tests/expected_json/shadowing_builtin_symbols.shadowing-builtin.txt new file mode 100644 index 000000000..18d9c370a --- /dev/null +++ b/tests/expected_json/shadowing_builtin_symbols.shadowing-builtin.txt @@ -0,0 +1,16 @@ +INFO:Detectors: +BaseContract.blockhash (state variable @ tests/shadowing_builtin_symbols.sol#4) shadows built-in symbol "blockhash" +BaseContract.now (state variable @ tests/shadowing_builtin_symbols.sol#5) shadows built-in symbol "now" +BaseContract.revert (event @ tests/shadowing_builtin_symbols.sol#7) shadows built-in symbol "revert" +ExtendedContract.assert (function @ tests/shadowing_builtin_symbols.sol#13-15) shadows built-in symbol "assert" +ExtendedContract.assert.msg (local variable @ tests/shadowing_builtin_symbols.sol#14) shadows built-in symbol "msg" +ExtendedContract.ecrecover (state variable @ tests/shadowing_builtin_symbols.sol#11) shadows built-in symbol "ecrecover" +FurtherExtendedContract.require (modifier @ tests/shadowing_builtin_symbols.sol#23-28) shadows built-in symbol "require" +FurtherExtendedContract.require.keccak256 (local variable @ tests/shadowing_builtin_symbols.sol#25) shadows built-in symbol "keccak256" +FurtherExtendedContract.require.sha3 (local variable @ tests/shadowing_builtin_symbols.sol#26) shadows built-in symbol "sha3" +FurtherExtendedContract.blockhash (state variable @ tests/shadowing_builtin_symbols.sol#19) shadows built-in symbol "blockhash" +FurtherExtendedContract.this (state variable @ tests/shadowing_builtin_symbols.sol#20) shadows built-in symbol "this" +FurtherExtendedContract.abi (state variable @ tests/shadowing_builtin_symbols.sol#21) shadows built-in symbol "abi" +Reserved.mutable (state variable @ tests/shadowing_builtin_symbols.sol#32) shadows built-in symbol "mutable" +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#builtin-symbol-shadowing +INFO:Slither:tests/shadowing_builtin_symbols.sol analyzed (4 contracts), 13 result(s) found diff --git a/tests/expected_json/shadowing_local_variable.shadowing-local.json b/tests/expected_json/shadowing_local_variable.shadowing-local.json index d0cf0451f..211ca1047 100644 --- a/tests/expected_json/shadowing_local_variable.shadowing-local.json +++ b/tests/expected_json/shadowing_local_variable.shadowing-local.json @@ -1 +1,322 @@ -[{"check": "shadowing-local", "impact": "Low", "confidence": "High", "description": "FurtherExtendedContract.shadowingParent.x (local variable @ tests/shadowing_local_variable.sol#25) shadows:\n\t- FurtherExtendedContract.x (state variable @ tests/shadowing_local_variable.sol#17)\n\t- ExtendedContract.x (state variable @ tests/shadowing_local_variable.sol#9)\n\t- BaseContract.x (state variable @ tests/shadowing_local_variable.sol#4)\n", "elements": [{"type": "variable", "name": "x", "source_mapping": {"start": 376, "length": 6, "filename": "tests/shadowing_local_variable.sol", "lines": [25]}}, {"type": "variable", "name": "x", "source_mapping": {"start": 256, "length": 10, "filename": "tests/shadowing_local_variable.sol", "lines": [17]}}, {"type": "variable", "name": "x", "source_mapping": {"start": 133, "length": 10, "filename": "tests/shadowing_local_variable.sol", "lines": [9]}}, {"type": "variable", "name": "x", "source_mapping": {"start": 54, "length": 10, "filename": "tests/shadowing_local_variable.sol", "lines": [4]}}]}, {"check": "shadowing-local", "impact": "Low", "confidence": "High", "description": "FurtherExtendedContract.shadowingParent.y (local variable @ tests/shadowing_local_variable.sol#25) shadows:\n\t- BaseContract.y (state variable @ tests/shadowing_local_variable.sol#5)\n", "elements": [{"type": "variable", "name": "y", "source_mapping": {"start": 398, "length": 5, "filename": "tests/shadowing_local_variable.sol", "lines": [25]}}, {"type": "variable", "name": "y", "source_mapping": {"start": 70, "length": 10, "filename": "tests/shadowing_local_variable.sol", "lines": [5]}}]}, {"check": "shadowing-local", "impact": "Low", "confidence": "High", "description": "FurtherExtendedContract.shadowingParent.z (local variable @ tests/shadowing_local_variable.sol#25) shadows:\n\t- ExtendedContract.z (function @ tests/shadowing_local_variable.sol#11)\n", "elements": [{"type": "variable", "name": "z", "source_mapping": {"start": 405, "length": 6, "filename": "tests/shadowing_local_variable.sol", "lines": [25]}}, {"type": "function", "name": "z", "source_mapping": {"start": 150, "length": 27, "filename": "tests/shadowing_local_variable.sol", "lines": [11]}, "contract": {"type": "contract", "name": "ExtendedContract", "source_mapping": {"start": 85, "length": 110, "filename": "tests/shadowing_local_variable.sol", "lines": [8, 9, 10, 11, 12, 13, 14]}}}]}, {"check": "shadowing-local", "impact": "Low", "confidence": "High", "description": "FurtherExtendedContract.shadowingParent.w (local variable @ tests/shadowing_local_variable.sol#25) shadows:\n\t- FurtherExtendedContract.w (modifier @ tests/shadowing_local_variable.sol#20-23)\n", "elements": [{"type": "variable", "name": "w", "source_mapping": {"start": 413, "length": 6, "filename": "tests/shadowing_local_variable.sol", "lines": [25]}}, {"type": "function", "name": "w", "source_mapping": {"start": 274, "length": 71, "filename": "tests/shadowing_local_variable.sol", "lines": [20, 21, 22, 23]}, "contract": {"type": "contract", "name": "FurtherExtendedContract", "source_mapping": {"start": 197, "length": 235, "filename": "tests/shadowing_local_variable.sol", "lines": [16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26]}}}]}, {"check": "shadowing-local", "impact": "Low", "confidence": "High", "description": "FurtherExtendedContract.shadowingParent.v (local variable @ tests/shadowing_local_variable.sol#25) shadows:\n\t- ExtendedContract.v (event @ tests/shadowing_local_variable.sol#13)\n", "elements": [{"type": "variable", "name": "v", "source_mapping": {"start": 421, "length": 6, "filename": "tests/shadowing_local_variable.sol", "lines": [25]}}, {"type": "function", "name": "v", "source_mapping": {"start": 183, "length": 10, "filename": "tests/shadowing_local_variable.sol", "lines": [13]}, "contract": {"type": "contract", "name": "ExtendedContract", "source_mapping": {"start": 85, "length": 110, "filename": "tests/shadowing_local_variable.sol", "lines": [8, 9, 10, 11, 12, 13, 14]}}}]}] \ No newline at end of file +[ + { + "check": "shadowing-local", + "impact": "Low", + "confidence": "High", + "description": "FurtherExtendedContract.shadowingParent.x (local variable @ tests/shadowing_local_variable.sol#25) shadows:\n\t- FurtherExtendedContract.x (state variable @ tests/shadowing_local_variable.sol#17)\n\t- ExtendedContract.x (state variable @ tests/shadowing_local_variable.sol#9)\n\t- BaseContract.x (state variable @ tests/shadowing_local_variable.sol#4)\n", + "elements": [ + { + "type": "variable", + "name": "x", + "source_mapping": { + "start": 376, + "length": 6, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_relative": "tests/shadowing_local_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_short": "tests/shadowing_local_variable.sol", + "lines": [ + 25 + ], + "starting_column": 30, + "ending_column": 36 + } + }, + { + "type": "variable", + "name": "x", + "source_mapping": { + "start": 256, + "length": 10, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_relative": "tests/shadowing_local_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_short": "tests/shadowing_local_variable.sol", + "lines": [ + 17 + ], + "starting_column": 5, + "ending_column": 15 + } + }, + { + "type": "variable", + "name": "x", + "source_mapping": { + "start": 133, + "length": 10, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_relative": "tests/shadowing_local_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_short": "tests/shadowing_local_variable.sol", + "lines": [ + 9 + ], + "starting_column": 5, + "ending_column": 15 + } + }, + { + "type": "variable", + "name": "x", + "source_mapping": { + "start": 54, + "length": 10, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_relative": "tests/shadowing_local_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_short": "tests/shadowing_local_variable.sol", + "lines": [ + 4 + ], + "starting_column": 5, + "ending_column": 15 + } + } + ] + }, + { + "check": "shadowing-local", + "impact": "Low", + "confidence": "High", + "description": "FurtherExtendedContract.shadowingParent.y (local variable @ tests/shadowing_local_variable.sol#25) shadows:\n\t- BaseContract.y (state variable @ tests/shadowing_local_variable.sol#5)\n", + "elements": [ + { + "type": "variable", + "name": "y", + "source_mapping": { + "start": 398, + "length": 5, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_relative": "tests/shadowing_local_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_short": "tests/shadowing_local_variable.sol", + "lines": [ + 25 + ], + "starting_column": 52, + "ending_column": 57 + } + }, + { + "type": "variable", + "name": "y", + "source_mapping": { + "start": 70, + "length": 10, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_relative": "tests/shadowing_local_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_short": "tests/shadowing_local_variable.sol", + "lines": [ + 5 + ], + "starting_column": 5, + "ending_column": 15 + } + } + ] + }, + { + "check": "shadowing-local", + "impact": "Low", + "confidence": "High", + "description": "FurtherExtendedContract.shadowingParent.z (local variable @ tests/shadowing_local_variable.sol#25) shadows:\n\t- ExtendedContract.z (function @ tests/shadowing_local_variable.sol#11)\n", + "elements": [ + { + "type": "variable", + "name": "z", + "source_mapping": { + "start": 405, + "length": 6, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_relative": "tests/shadowing_local_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_short": "tests/shadowing_local_variable.sol", + "lines": [ + 25 + ], + "starting_column": 59, + "ending_column": 65 + } + }, + { + "type": "function", + "name": "z", + "source_mapping": { + "start": 150, + "length": 27, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_relative": "tests/shadowing_local_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_short": "tests/shadowing_local_variable.sol", + "lines": [ + 11 + ], + "starting_column": 5, + "ending_column": 32 + }, + "contract": { + "type": "contract", + "name": "ExtendedContract", + "source_mapping": { + "start": 85, + "length": 110, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_relative": "tests/shadowing_local_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_short": "tests/shadowing_local_variable.sol", + "lines": [ + 8, + 9, + 10, + 11, + 12, + 13, + 14 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + }, + { + "check": "shadowing-local", + "impact": "Low", + "confidence": "High", + "description": "FurtherExtendedContract.shadowingParent.w (local variable @ tests/shadowing_local_variable.sol#25) shadows:\n\t- FurtherExtendedContract.w (modifier @ tests/shadowing_local_variable.sol#20-23)\n", + "elements": [ + { + "type": "variable", + "name": "w", + "source_mapping": { + "start": 413, + "length": 6, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_relative": "tests/shadowing_local_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_short": "tests/shadowing_local_variable.sol", + "lines": [ + 25 + ], + "starting_column": 67, + "ending_column": 73 + } + }, + { + "type": "function", + "name": "w", + "source_mapping": { + "start": 274, + "length": 71, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_relative": "tests/shadowing_local_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_short": "tests/shadowing_local_variable.sol", + "lines": [ + 20, + 21, + 22, + 23 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "FurtherExtendedContract", + "source_mapping": { + "start": 197, + "length": 235, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_relative": "tests/shadowing_local_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_short": "tests/shadowing_local_variable.sol", + "lines": [ + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + }, + { + "check": "shadowing-local", + "impact": "Low", + "confidence": "High", + "description": "FurtherExtendedContract.shadowingParent.v (local variable @ tests/shadowing_local_variable.sol#25) shadows:\n\t- ExtendedContract.v (event @ tests/shadowing_local_variable.sol#13)\n", + "elements": [ + { + "type": "variable", + "name": "v", + "source_mapping": { + "start": 421, + "length": 6, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_relative": "tests/shadowing_local_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_short": "tests/shadowing_local_variable.sol", + "lines": [ + 25 + ], + "starting_column": 75, + "ending_column": 81 + } + }, + { + "type": "function", + "name": "v", + "source_mapping": { + "start": 183, + "length": 10, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_relative": "tests/shadowing_local_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_short": "tests/shadowing_local_variable.sol", + "lines": [ + 13 + ], + "starting_column": 5, + "ending_column": 15 + }, + "contract": { + "type": "contract", + "name": "ExtendedContract", + "source_mapping": { + "start": 85, + "length": 110, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_relative": "tests/shadowing_local_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_local_variable.sol", + "filename_short": "tests/shadowing_local_variable.sol", + "lines": [ + 8, + 9, + 10, + 11, + 12, + 13, + 14 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/shadowing_local_variable.shadowing-local.txt b/tests/expected_json/shadowing_local_variable.shadowing-local.txt new file mode 100644 index 000000000..944c3bd1b --- /dev/null +++ b/tests/expected_json/shadowing_local_variable.shadowing-local.txt @@ -0,0 +1,15 @@ +INFO:Detectors: +FurtherExtendedContract.shadowingParent.x (local variable @ tests/shadowing_local_variable.sol#25) shadows: + - FurtherExtendedContract.x (state variable @ tests/shadowing_local_variable.sol#17) + - ExtendedContract.x (state variable @ tests/shadowing_local_variable.sol#9) + - BaseContract.x (state variable @ tests/shadowing_local_variable.sol#4) +FurtherExtendedContract.shadowingParent.y (local variable @ tests/shadowing_local_variable.sol#25) shadows: + - BaseContract.y (state variable @ tests/shadowing_local_variable.sol#5) +FurtherExtendedContract.shadowingParent.z (local variable @ tests/shadowing_local_variable.sol#25) shadows: + - ExtendedContract.z (function @ tests/shadowing_local_variable.sol#11) +FurtherExtendedContract.shadowingParent.w (local variable @ tests/shadowing_local_variable.sol#25) shadows: + - FurtherExtendedContract.w (modifier @ tests/shadowing_local_variable.sol#20-23) +FurtherExtendedContract.shadowingParent.v (local variable @ tests/shadowing_local_variable.sol#25) shadows: + - ExtendedContract.v (event @ tests/shadowing_local_variable.sol#13) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#local-variable-shadowing +INFO:Slither:tests/shadowing_local_variable.sol analyzed (3 contracts), 5 result(s) found diff --git a/tests/expected_json/shadowing_state_variable.shadowing-state.json b/tests/expected_json/shadowing_state_variable.shadowing-state.json index 24a48c0da..01c75c083 100644 --- a/tests/expected_json/shadowing_state_variable.shadowing-state.json +++ b/tests/expected_json/shadowing_state_variable.shadowing-state.json @@ -1 +1,44 @@ -[{"check": "shadowing-state", "impact": "High", "confidence": "High", "description": "DerivedContract.owner (tests/shadowing_state_variable.sol#12) shadows:\n\t- BaseContract.owner (tests/shadowing_state_variable.sol#2)\n", "elements": [{"type": "variable", "name": "owner", "source_mapping": {"start": 172, "length": 13, "filename": "tests/shadowing_state_variable.sol", "lines": [12]}}, {"type": "variable", "name": "owner", "source_mapping": {"start": 27, "length": 13, "filename": "tests/shadowing_state_variable.sol", "lines": [2]}}]}] \ No newline at end of file +[ + { + "check": "shadowing-state", + "impact": "High", + "confidence": "High", + "description": "DerivedContract.owner (tests/shadowing_state_variable.sol#12) shadows:\n\t- BaseContract.owner (tests/shadowing_state_variable.sol#2)\n", + "elements": [ + { + "type": "variable", + "name": "owner", + "source_mapping": { + "start": 172, + "length": 13, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_state_variable.sol", + "filename_relative": "tests/shadowing_state_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_state_variable.sol", + "filename_short": "tests/shadowing_state_variable.sol", + "lines": [ + 12 + ], + "starting_column": 5, + "ending_column": 18 + } + }, + { + "type": "variable", + "name": "owner", + "source_mapping": { + "start": 27, + "length": 13, + "filename_used": "/home/travis/build/crytic/slither/tests/shadowing_state_variable.sol", + "filename_relative": "tests/shadowing_state_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/shadowing_state_variable.sol", + "filename_short": "tests/shadowing_state_variable.sol", + "lines": [ + 2 + ], + "starting_column": 5, + "ending_column": 18 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/shadowing_state_variable.shadowing-state.txt b/tests/expected_json/shadowing_state_variable.shadowing-state.txt new file mode 100644 index 000000000..965837378 --- /dev/null +++ b/tests/expected_json/shadowing_state_variable.shadowing-state.txt @@ -0,0 +1,5 @@ +INFO:Detectors: +DerivedContract.owner (tests/shadowing_state_variable.sol#12) shadows: + - BaseContract.owner (tests/shadowing_state_variable.sol#2) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#state-variable-shadowing +INFO:Slither:tests/shadowing_state_variable.sol analyzed (2 contracts), 1 result(s) found diff --git a/tests/expected_json/solc_version_incorrect.solc-version.json b/tests/expected_json/solc_version_incorrect.solc-version.json index 89c8bf84f..753975a09 100644 --- a/tests/expected_json/solc_version_incorrect.solc-version.json +++ b/tests/expected_json/solc_version_incorrect.solc-version.json @@ -1 +1,44 @@ -[{"check": "solc-version", "impact": "Informational", "confidence": "High", "description": "Detected issues with version pragma in tests/solc_version_incorrect.sol:\n\t- pragma solidity^0.4.23 (tests/solc_version_incorrect.sol#2): it allows old versions\n\t- pragma solidity>=0.4.0<0.6.0 (tests/solc_version_incorrect.sol#3): it allows old versions\n", "elements": [{"type": "expression", "expression": "^0.4.23", "source_mapping": {"start": 63, "length": 24, "filename": "tests/solc_version_incorrect.sol", "lines": [2]}}, {"type": "expression", "expression": ">=0.4.0<0.6.0", "source_mapping": {"start": 89, "length": 31, "filename": "tests/solc_version_incorrect.sol", "lines": [3]}}]}] \ No newline at end of file +[ + { + "check": "solc-version", + "impact": "Informational", + "confidence": "High", + "description": "Detected issues with version pragma in :\n\t- pragma solidity^0.4.23 (tests/solc_version_incorrect.sol#2): it allows old versions\n\t- pragma solidity>=0.4.0<0.6.0 (tests/solc_version_incorrect.sol#3): it allows old versions\n", + "elements": [ + { + "type": "expression", + "expression": "^0.4.23", + "source_mapping": { + "start": 63, + "length": 24, + "filename_used": "/home/travis/build/crytic/slither/tests/solc_version_incorrect.sol", + "filename_relative": "tests/solc_version_incorrect.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/solc_version_incorrect.sol", + "filename_short": "tests/solc_version_incorrect.sol", + "lines": [ + 2 + ], + "starting_column": 1, + "ending_column": 25 + } + }, + { + "type": "expression", + "expression": ">=0.4.0<0.6.0", + "source_mapping": { + "start": 89, + "length": 31, + "filename_used": "/home/travis/build/crytic/slither/tests/solc_version_incorrect.sol", + "filename_relative": "tests/solc_version_incorrect.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/solc_version_incorrect.sol", + "filename_short": "tests/solc_version_incorrect.sol", + "lines": [ + 3 + ], + "starting_column": 1, + "ending_column": 32 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/solc_version_incorrect.solc-version.txt b/tests/expected_json/solc_version_incorrect.solc-version.txt new file mode 100644 index 000000000..7790cc023 --- /dev/null +++ b/tests/expected_json/solc_version_incorrect.solc-version.txt @@ -0,0 +1,6 @@ +INFO:Detectors: +Detected issues with version pragma in : + - pragma solidity^0.4.23 (tests/solc_version_incorrect.sol#2): it allows old versions + - pragma solidity>=0.4.0<0.6.0 (tests/solc_version_incorrect.sol#3): it allows old versions +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-version-of-solidity +INFO:Slither:tests/solc_version_incorrect.sol analyzed (1 contracts), 1 result(s) found diff --git a/tests/expected_json/timestamp.timestamp.json b/tests/expected_json/timestamp.timestamp.json index 373f673b6..665e25eb1 100644 --- a/tests/expected_json/timestamp.timestamp.json +++ b/tests/expected_json/timestamp.timestamp.json @@ -1 +1,243 @@ -[{"check": "timestamp", "impact": "Low", "confidence": "Medium", "description": "Timestamp.bad0 (tests/timestamp.sol#4-6) uses timestamp for comparisons\n\tDangerous comparisons:\n\t- require(bool)(block.timestamp == 0) (tests/timestamp.sol#5)\n", "elements": [{"type": "function", "name": "bad0", "source_mapping": {"start": 47, "length": 70, "filename": "tests/timestamp.sol", "lines": [4, 5, 6]}, "contract": {"type": "contract", "name": "Timestamp", "source_mapping": {"start": 0, "length": 402, "filename": "tests/timestamp.sol", "lines": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20]}}}, {"type": "expression", "expression": "require(bool)(block.timestamp == 0)", "source_mapping": {"start": 81, "length": 29, "filename": "tests/timestamp.sol", "lines": [5]}}]}, {"check": "timestamp", "impact": "Low", "confidence": "Medium", "description": "Timestamp.bad1 (tests/timestamp.sol#8-11) uses timestamp for comparisons\n\tDangerous comparisons:\n\t- require(bool)(time == 0) (tests/timestamp.sol#10)\n", "elements": [{"type": "function", "name": "bad1", "source_mapping": {"start": 126, "length": 96, "filename": "tests/timestamp.sol", "lines": [8, 9, 10, 11]}, "contract": {"type": "contract", "name": "Timestamp", "source_mapping": {"start": 0, "length": 402, "filename": "tests/timestamp.sol", "lines": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20]}}}, {"type": "expression", "expression": "require(bool)(time == 0)", "source_mapping": {"start": 197, "length": 18, "filename": "tests/timestamp.sol", "lines": [10]}}]}, {"check": "timestamp", "impact": "Low", "confidence": "Medium", "description": "Timestamp.bad2 (tests/timestamp.sol#13-15) uses timestamp for comparisons\n\tDangerous comparisons:\n\t- block.timestamp > 0 (tests/timestamp.sol#14)\n", "elements": [{"type": "function", "name": "bad2", "source_mapping": {"start": 231, "length": 79, "filename": "tests/timestamp.sol", "lines": [13, 14, 15]}, "contract": {"type": "contract", "name": "Timestamp", "source_mapping": {"start": 0, "length": 402, "filename": "tests/timestamp.sol", "lines": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20]}}}, {"type": "expression", "expression": "block.timestamp > 0", "source_mapping": {"start": 279, "length": 24, "filename": "tests/timestamp.sol", "lines": [14]}}]}] \ No newline at end of file +[ + { + "check": "timestamp", + "impact": "Low", + "confidence": "Medium", + "description": "Timestamp.bad0 (tests/timestamp.sol#4-6) uses timestamp for comparisons\n\tDangerous comparisons:\n\t- require(bool)(block.timestamp == 0) (tests/timestamp.sol#5)\n", + "elements": [ + { + "type": "function", + "name": "bad0", + "source_mapping": { + "start": 47, + "length": 70, + "filename_used": "/home/travis/build/crytic/slither/tests/timestamp.sol", + "filename_relative": "tests/timestamp.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/timestamp.sol", + "filename_short": "tests/timestamp.sol", + "lines": [ + 4, + 5, + 6 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Timestamp", + "source_mapping": { + "start": 0, + "length": 402, + "filename_used": "/home/travis/build/crytic/slither/tests/timestamp.sol", + "filename_relative": "tests/timestamp.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/timestamp.sol", + "filename_short": "tests/timestamp.sol", + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "require(bool)(block.timestamp == 0)", + "source_mapping": { + "start": 81, + "length": 29, + "filename_used": "/home/travis/build/crytic/slither/tests/timestamp.sol", + "filename_relative": "tests/timestamp.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/timestamp.sol", + "filename_short": "tests/timestamp.sol", + "lines": [ + 5 + ], + "starting_column": 9, + "ending_column": 38 + } + } + ] + }, + { + "check": "timestamp", + "impact": "Low", + "confidence": "Medium", + "description": "Timestamp.bad1 (tests/timestamp.sol#8-11) uses timestamp for comparisons\n\tDangerous comparisons:\n\t- require(bool)(time == 0) (tests/timestamp.sol#10)\n", + "elements": [ + { + "type": "function", + "name": "bad1", + "source_mapping": { + "start": 126, + "length": 96, + "filename_used": "/home/travis/build/crytic/slither/tests/timestamp.sol", + "filename_relative": "tests/timestamp.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/timestamp.sol", + "filename_short": "tests/timestamp.sol", + "lines": [ + 8, + 9, + 10, + 11 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Timestamp", + "source_mapping": { + "start": 0, + "length": 402, + "filename_used": "/home/travis/build/crytic/slither/tests/timestamp.sol", + "filename_relative": "tests/timestamp.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/timestamp.sol", + "filename_short": "tests/timestamp.sol", + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "require(bool)(time == 0)", + "source_mapping": { + "start": 197, + "length": 18, + "filename_used": "/home/travis/build/crytic/slither/tests/timestamp.sol", + "filename_relative": "tests/timestamp.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/timestamp.sol", + "filename_short": "tests/timestamp.sol", + "lines": [ + 10 + ], + "starting_column": 9, + "ending_column": 27 + } + } + ] + }, + { + "check": "timestamp", + "impact": "Low", + "confidence": "Medium", + "description": "Timestamp.bad2 (tests/timestamp.sol#13-15) uses timestamp for comparisons\n\tDangerous comparisons:\n\t- block.timestamp > 0 (tests/timestamp.sol#14)\n", + "elements": [ + { + "type": "function", + "name": "bad2", + "source_mapping": { + "start": 231, + "length": 79, + "filename_used": "/home/travis/build/crytic/slither/tests/timestamp.sol", + "filename_relative": "tests/timestamp.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/timestamp.sol", + "filename_short": "tests/timestamp.sol", + "lines": [ + 13, + 14, + 15 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Timestamp", + "source_mapping": { + "start": 0, + "length": 402, + "filename_used": "/home/travis/build/crytic/slither/tests/timestamp.sol", + "filename_relative": "tests/timestamp.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/timestamp.sol", + "filename_short": "tests/timestamp.sol", + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "block.timestamp > 0", + "source_mapping": { + "start": 279, + "length": 24, + "filename_used": "/home/travis/build/crytic/slither/tests/timestamp.sol", + "filename_relative": "tests/timestamp.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/timestamp.sol", + "filename_short": "tests/timestamp.sol", + "lines": [ + 14 + ], + "starting_column": 9, + "ending_column": 33 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/timestamp.timestamp.txt b/tests/expected_json/timestamp.timestamp.txt new file mode 100644 index 000000000..4c6c54479 --- /dev/null +++ b/tests/expected_json/timestamp.timestamp.txt @@ -0,0 +1,12 @@ +INFO:Detectors: +Timestamp.bad0 (tests/timestamp.sol#4-6) uses timestamp for comparisons + Dangerous comparisons: + - require(bool)(block.timestamp == 0) (tests/timestamp.sol#5) +Timestamp.bad1 (tests/timestamp.sol#8-11) uses timestamp for comparisons + Dangerous comparisons: + - require(bool)(time == 0) (tests/timestamp.sol#10) +Timestamp.bad2 (tests/timestamp.sol#13-15) uses timestamp for comparisons + Dangerous comparisons: + - block.timestamp > 0 (tests/timestamp.sol#14) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp +INFO:Slither:tests/timestamp.sol analyzed (1 contracts), 3 result(s) found diff --git a/tests/expected_json/too_many_digits.too-many-digits.json b/tests/expected_json/too_many_digits.too-many-digits.json new file mode 100644 index 000000000..96768b95e --- /dev/null +++ b/tests/expected_json/too_many_digits.too-many-digits.json @@ -0,0 +1,196 @@ +[ + { + "check": "too-many-digits", + "impact": "Informational", + "confidence": "Medium", + "description": "C.f (tests/too_many_digits.sol#9-15) uses literals with too many digits:\n\t- x1 = 0x000001\n\t- x2 = 0x0000000000001\n\t- x3 = 1000000000000000000\n\t- x4 = 100000\n\tUse the proper denomination (ether-unit, time-unit,or the scientific notation\n", + "elements": [ + { + "type": "expression", + "expression": "x1 = 0x000001", + "source_mapping": { + "start": 206, + "length": 18, + "filename_used": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_relative": "tests/too_many_digits.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_short": "tests/too_many_digits.sol", + "lines": [ + 10 + ], + "starting_column": 9, + "ending_column": 27 + } + }, + { + "type": "expression", + "expression": "x2 = 0x0000000000001", + "source_mapping": { + "start": 234, + "length": 25, + "filename_used": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_relative": "tests/too_many_digits.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_short": "tests/too_many_digits.sol", + "lines": [ + 11 + ], + "starting_column": 9, + "ending_column": 34 + } + }, + { + "type": "expression", + "expression": "x3 = 1000000000000000000", + "source_mapping": { + "start": 269, + "length": 29, + "filename_used": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_relative": "tests/too_many_digits.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_short": "tests/too_many_digits.sol", + "lines": [ + 12 + ], + "starting_column": 9, + "ending_column": 38 + } + }, + { + "type": "expression", + "expression": "x4 = 100000", + "source_mapping": { + "start": 308, + "length": 16, + "filename_used": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_relative": "tests/too_many_digits.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_short": "tests/too_many_digits.sol", + "lines": [ + 13 + ], + "starting_column": 9, + "ending_column": 25 + } + } + ] + }, + { + "check": "too-many-digits", + "impact": "Informational", + "confidence": "Medium", + "description": "C.h (tests/too_many_digits.sol#20-24) uses literals with too many digits:\n\t- x2 = 100000\n\tUse the proper denomination (ether-unit, time-unit,or the scientific notation\n", + "elements": [ + { + "type": "expression", + "expression": "x2 = 100000", + "source_mapping": { + "start": 509, + "length": 16, + "filename_used": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_relative": "tests/too_many_digits.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_short": "tests/too_many_digits.sol", + "lines": [ + 22 + ], + "starting_column": 9, + "ending_column": 25 + } + } + ] + }, + { + "check": "too-many-digits", + "impact": "Informational", + "confidence": "Medium", + "description": "C.i (tests/too_many_digits.sol#29-33) uses literals with too many digits:\n\t- x2 = 1000000000000 + 10000000000000 + 100000000000000 + 1000000000000000 + 10000000000000000\n\t- x2 = 1000000000000 + 10000000000000 + 100000000000000 + 1000000000000000 + 10000000000000000\n\t- x2 = 1000000000000 + 10000000000000 + 100000000000000 + 1000000000000000 + 10000000000000000\n\t- x2 = 1000000000000 + 10000000000000 + 100000000000000 + 1000000000000000 + 10000000000000000\n\t- x2 = 1000000000000 + 10000000000000 + 100000000000000 + 1000000000000000 + 10000000000000000\n\tUse the proper denomination (ether-unit, time-unit,or the scientific notation\n", + "elements": [ + { + "type": "expression", + "expression": "x2 = 1000000000000 + 10000000000000 + 100000000000000 + 1000000000000000 + 10000000000000000", + "source_mapping": { + "start": 749, + "length": 67, + "filename_used": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_relative": "tests/too_many_digits.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_short": "tests/too_many_digits.sol", + "lines": [ + 31 + ], + "starting_column": 9, + "ending_column": 76 + } + }, + { + "type": "expression", + "expression": "x2 = 1000000000000 + 10000000000000 + 100000000000000 + 1000000000000000 + 10000000000000000", + "source_mapping": { + "start": 749, + "length": 67, + "filename_used": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_relative": "tests/too_many_digits.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_short": "tests/too_many_digits.sol", + "lines": [ + 31 + ], + "starting_column": 9, + "ending_column": 76 + } + }, + { + "type": "expression", + "expression": "x2 = 1000000000000 + 10000000000000 + 100000000000000 + 1000000000000000 + 10000000000000000", + "source_mapping": { + "start": 749, + "length": 67, + "filename_used": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_relative": "tests/too_many_digits.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_short": "tests/too_many_digits.sol", + "lines": [ + 31 + ], + "starting_column": 9, + "ending_column": 76 + } + }, + { + "type": "expression", + "expression": "x2 = 1000000000000 + 10000000000000 + 100000000000000 + 1000000000000000 + 10000000000000000", + "source_mapping": { + "start": 749, + "length": 67, + "filename_used": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_relative": "tests/too_many_digits.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_short": "tests/too_many_digits.sol", + "lines": [ + 31 + ], + "starting_column": 9, + "ending_column": 76 + } + }, + { + "type": "expression", + "expression": "x2 = 1000000000000 + 10000000000000 + 100000000000000 + 1000000000000000 + 10000000000000000", + "source_mapping": { + "start": 749, + "length": 67, + "filename_used": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_relative": "tests/too_many_digits.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/too_many_digits.sol", + "filename_short": "tests/too_many_digits.sol", + "lines": [ + 31 + ], + "starting_column": 9, + "ending_column": 76 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/too_many_digits.too-many-digits.txt b/tests/expected_json/too_many_digits.too-many-digits.txt new file mode 100644 index 000000000..a80d381ca --- /dev/null +++ b/tests/expected_json/too_many_digits.too-many-digits.txt @@ -0,0 +1,19 @@ +INFO:Detectors: +C.f (tests/too_many_digits.sol#9-15) uses literals with too many digits: + - x1 = 0x000001 + - x2 = 0x0000000000001 + - x3 = 1000000000000000000 + - x4 = 100000 + Use the proper denomination (ether-unit, time-unit,or the scientific notation +C.h (tests/too_many_digits.sol#20-24) uses literals with too many digits: + - x2 = 100000 + Use the proper denomination (ether-unit, time-unit,or the scientific notation +C.i (tests/too_many_digits.sol#29-33) uses literals with too many digits: + - x2 = 1000000000000 + 10000000000000 + 100000000000000 + 1000000000000000 + 10000000000000000 + - x2 = 1000000000000 + 10000000000000 + 100000000000000 + 1000000000000000 + 10000000000000000 + - x2 = 1000000000000 + 10000000000000 + 100000000000000 + 1000000000000000 + 10000000000000000 + - x2 = 1000000000000 + 10000000000000 + 100000000000000 + 1000000000000000 + 10000000000000000 + - x2 = 1000000000000 + 10000000000000 + 100000000000000 + 1000000000000000 + 10000000000000000 + Use the proper denomination (ether-unit, time-unit,or the scientific notation +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#too-many-digits +INFO:Slither:tests/too_many_digits.sol analyzed (1 contracts), 3 result(s) found diff --git a/tests/expected_json/tx_origin-0.5.1.tx-origin.json b/tests/expected_json/tx_origin-0.5.1.tx-origin.json index 689eb1970..e88d33ad9 100644 --- a/tests/expected_json/tx_origin-0.5.1.tx-origin.json +++ b/tests/expected_json/tx_origin-0.5.1.tx-origin.json @@ -1 +1,174 @@ -[{"check": "tx-origin", "impact": "Medium", "confidence": "Medium", "description": "TxOrigin.bug0 uses tx.origin for authorization:\n\t- require(bool)(tx.origin == owner) (tests/tx_origin-0.5.1.sol#10)\n", "elements": [{"type": "function", "name": "bug0", "source_mapping": {"start": 127, "length": 66, "filename": "tests/tx_origin-0.5.1.sol", "lines": [9, 10, 11]}, "contract": {"type": "contract", "name": "TxOrigin", "source_mapping": {"start": 25, "length": 442, "filename": "tests/tx_origin-0.5.1.sol", "lines": [3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26]}}}, {"type": "expression", "expression": "require(bool)(tx.origin == owner)", "source_mapping": {"start": 159, "length": 27, "filename": "tests/tx_origin-0.5.1.sol", "lines": [10]}}]}, {"check": "tx-origin", "impact": "Medium", "confidence": "Medium", "description": "TxOrigin.bug2 uses tx.origin for authorization:\n\t- tx.origin != owner (tests/tx_origin-0.5.1.sol#14-16)\n", "elements": [{"type": "function", "name": "bug2", "source_mapping": {"start": 199, "length": 95, "filename": "tests/tx_origin-0.5.1.sol", "lines": [13, 14, 15, 16, 17]}, "contract": {"type": "contract", "name": "TxOrigin", "source_mapping": {"start": 25, "length": 442, "filename": "tests/tx_origin-0.5.1.sol", "lines": [3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26]}}}, {"type": "expression", "expression": "tx.origin != owner", "source_mapping": {"start": 231, "length": 57, "filename": "tests/tx_origin-0.5.1.sol", "lines": [14, 15, 16]}}]}] \ No newline at end of file +[ + { + "check": "tx-origin", + "impact": "Medium", + "confidence": "Medium", + "description": "TxOrigin.bug0 uses tx.origin for authorization:\n\t- require(bool)(tx.origin == owner) (tests/tx_origin-0.5.1.sol#10)\n", + "elements": [ + { + "type": "function", + "name": "bug0", + "source_mapping": { + "start": 127, + "length": 66, + "filename_used": "/home/travis/build/crytic/slither/tests/tx_origin-0.5.1.sol", + "filename_relative": "tests/tx_origin-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/tx_origin-0.5.1.sol", + "filename_short": "tests/tx_origin-0.5.1.sol", + "lines": [ + 9, + 10, + 11 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "TxOrigin", + "source_mapping": { + "start": 25, + "length": 442, + "filename_used": "/home/travis/build/crytic/slither/tests/tx_origin-0.5.1.sol", + "filename_relative": "tests/tx_origin-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/tx_origin-0.5.1.sol", + "filename_short": "tests/tx_origin-0.5.1.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "require(bool)(tx.origin == owner)", + "source_mapping": { + "start": 159, + "length": 27, + "filename_used": "/home/travis/build/crytic/slither/tests/tx_origin-0.5.1.sol", + "filename_relative": "tests/tx_origin-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/tx_origin-0.5.1.sol", + "filename_short": "tests/tx_origin-0.5.1.sol", + "lines": [ + 10 + ], + "starting_column": 9, + "ending_column": 36 + } + } + ] + }, + { + "check": "tx-origin", + "impact": "Medium", + "confidence": "Medium", + "description": "TxOrigin.bug2 uses tx.origin for authorization:\n\t- tx.origin != owner (tests/tx_origin-0.5.1.sol#14-16)\n", + "elements": [ + { + "type": "function", + "name": "bug2", + "source_mapping": { + "start": 199, + "length": 95, + "filename_used": "/home/travis/build/crytic/slither/tests/tx_origin-0.5.1.sol", + "filename_relative": "tests/tx_origin-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/tx_origin-0.5.1.sol", + "filename_short": "tests/tx_origin-0.5.1.sol", + "lines": [ + 13, + 14, + 15, + 16, + 17 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "TxOrigin", + "source_mapping": { + "start": 25, + "length": 442, + "filename_used": "/home/travis/build/crytic/slither/tests/tx_origin-0.5.1.sol", + "filename_relative": "tests/tx_origin-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/tx_origin-0.5.1.sol", + "filename_short": "tests/tx_origin-0.5.1.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "tx.origin != owner", + "source_mapping": { + "start": 231, + "length": 57, + "filename_used": "/home/travis/build/crytic/slither/tests/tx_origin-0.5.1.sol", + "filename_relative": "tests/tx_origin-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/tx_origin-0.5.1.sol", + "filename_short": "tests/tx_origin-0.5.1.sol", + "lines": [ + 14, + 15, + 16 + ], + "starting_column": 9, + "ending_column": 10 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/tx_origin-0.5.1.tx-origin.txt b/tests/expected_json/tx_origin-0.5.1.tx-origin.txt new file mode 100644 index 000000000..a2c09823b --- /dev/null +++ b/tests/expected_json/tx_origin-0.5.1.tx-origin.txt @@ -0,0 +1,7 @@ +INFO:Detectors: +TxOrigin.bug0 uses tx.origin for authorization: + - require(bool)(tx.origin == owner) (tests/tx_origin-0.5.1.sol#10) +TxOrigin.bug2 uses tx.origin for authorization: + - tx.origin != owner (tests/tx_origin-0.5.1.sol#14-16) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-usage-of-txorigin +INFO:Slither:tests/tx_origin-0.5.1.sol analyzed (1 contracts), 2 result(s) found diff --git a/tests/expected_json/tx_origin.tx-origin.json b/tests/expected_json/tx_origin.tx-origin.json index 4c5fecf15..692e4c4db 100644 --- a/tests/expected_json/tx_origin.tx-origin.json +++ b/tests/expected_json/tx_origin.tx-origin.json @@ -1 +1,174 @@ -[{"check": "tx-origin", "impact": "Medium", "confidence": "Medium", "description": "TxOrigin.bug0 uses tx.origin for authorization:\n\t- require(bool)(tx.origin == owner) (tests/tx_origin.sol#10)\n", "elements": [{"type": "function", "name": "bug0", "source_mapping": {"start": 116, "length": 60, "filename": "tests/tx_origin.sol", "lines": [9, 10, 11]}, "contract": {"type": "contract", "name": "TxOrigin", "source_mapping": {"start": 28, "length": 393, "filename": "tests/tx_origin.sol", "lines": [3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26]}}}, {"type": "expression", "expression": "require(bool)(tx.origin == owner)", "source_mapping": {"start": 142, "length": 27, "filename": "tests/tx_origin.sol", "lines": [10]}}]}, {"check": "tx-origin", "impact": "Medium", "confidence": "Medium", "description": "TxOrigin.bug2 uses tx.origin for authorization:\n\t- tx.origin != owner (tests/tx_origin.sol#14-16)\n", "elements": [{"type": "function", "name": "bug2", "source_mapping": {"start": 182, "length": 89, "filename": "tests/tx_origin.sol", "lines": [13, 14, 15, 16, 17]}, "contract": {"type": "contract", "name": "TxOrigin", "source_mapping": {"start": 28, "length": 393, "filename": "tests/tx_origin.sol", "lines": [3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26]}}}, {"type": "expression", "expression": "tx.origin != owner", "source_mapping": {"start": 208, "length": 57, "filename": "tests/tx_origin.sol", "lines": [14, 15, 16]}}]}] \ No newline at end of file +[ + { + "check": "tx-origin", + "impact": "Medium", + "confidence": "Medium", + "description": "TxOrigin.bug0 uses tx.origin for authorization:\n\t- require(bool)(tx.origin == owner) (tests/tx_origin.sol#10)\n", + "elements": [ + { + "type": "function", + "name": "bug0", + "source_mapping": { + "start": 116, + "length": 60, + "filename_used": "/home/travis/build/crytic/slither/tests/tx_origin.sol", + "filename_relative": "tests/tx_origin.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/tx_origin.sol", + "filename_short": "tests/tx_origin.sol", + "lines": [ + 9, + 10, + 11 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "TxOrigin", + "source_mapping": { + "start": 28, + "length": 393, + "filename_used": "/home/travis/build/crytic/slither/tests/tx_origin.sol", + "filename_relative": "tests/tx_origin.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/tx_origin.sol", + "filename_short": "tests/tx_origin.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "require(bool)(tx.origin == owner)", + "source_mapping": { + "start": 142, + "length": 27, + "filename_used": "/home/travis/build/crytic/slither/tests/tx_origin.sol", + "filename_relative": "tests/tx_origin.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/tx_origin.sol", + "filename_short": "tests/tx_origin.sol", + "lines": [ + 10 + ], + "starting_column": 9, + "ending_column": 36 + } + } + ] + }, + { + "check": "tx-origin", + "impact": "Medium", + "confidence": "Medium", + "description": "TxOrigin.bug2 uses tx.origin for authorization:\n\t- tx.origin != owner (tests/tx_origin.sol#14-16)\n", + "elements": [ + { + "type": "function", + "name": "bug2", + "source_mapping": { + "start": 182, + "length": 89, + "filename_used": "/home/travis/build/crytic/slither/tests/tx_origin.sol", + "filename_relative": "tests/tx_origin.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/tx_origin.sol", + "filename_short": "tests/tx_origin.sol", + "lines": [ + 13, + 14, + 15, + 16, + 17 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "TxOrigin", + "source_mapping": { + "start": 28, + "length": 393, + "filename_used": "/home/travis/build/crytic/slither/tests/tx_origin.sol", + "filename_relative": "tests/tx_origin.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/tx_origin.sol", + "filename_short": "tests/tx_origin.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "tx.origin != owner", + "source_mapping": { + "start": 208, + "length": 57, + "filename_used": "/home/travis/build/crytic/slither/tests/tx_origin.sol", + "filename_relative": "tests/tx_origin.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/tx_origin.sol", + "filename_short": "tests/tx_origin.sol", + "lines": [ + 14, + 15, + 16 + ], + "starting_column": 9, + "ending_column": 10 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/tx_origin.tx-origin.txt b/tests/expected_json/tx_origin.tx-origin.txt new file mode 100644 index 000000000..412810eb8 --- /dev/null +++ b/tests/expected_json/tx_origin.tx-origin.txt @@ -0,0 +1,7 @@ +INFO:Detectors: +TxOrigin.bug0 uses tx.origin for authorization: + - require(bool)(tx.origin == owner) (tests/tx_origin.sol#10) +TxOrigin.bug2 uses tx.origin for authorization: + - tx.origin != owner (tests/tx_origin.sol#14-16) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#dangerous-usage-of-txorigin +INFO:Slither:tests/tx_origin.sol analyzed (1 contracts), 2 result(s) found diff --git a/tests/expected_json/uninitialized-0.5.1.uninitialized-state.json b/tests/expected_json/uninitialized-0.5.1.uninitialized-state.json index 90d28a079..e21385e35 100644 --- a/tests/expected_json/uninitialized-0.5.1.uninitialized-state.json +++ b/tests/expected_json/uninitialized-0.5.1.uninitialized-state.json @@ -1 +1,301 @@ -[{"check": "uninitialized-state", "impact": "High", "confidence": "High", "description": "Uninitialized.destination (tests/uninitialized-0.5.1.sol#5) is never initialized. It is used in:\n\t- transfer (tests/uninitialized-0.5.1.sol#7-9)\n", "elements": [{"type": "variable", "name": "destination", "source_mapping": {"start": 54, "length": 27, "filename": "tests/uninitialized-0.5.1.sol", "lines": [5]}}, {"type": "function", "name": "transfer", "source_mapping": {"start": 88, "length": 82, "filename": "tests/uninitialized-0.5.1.sol", "lines": [7, 8, 9]}, "contract": {"type": "contract", "name": "Uninitialized", "source_mapping": {"start": 25, "length": 148, "filename": "tests/uninitialized-0.5.1.sol", "lines": [3, 4, 5, 6, 7, 8, 9, 10, 11]}}}]}, {"check": "uninitialized-state", "impact": "High", "confidence": "High", "description": "Test.balances (tests/uninitialized-0.5.1.sol#15) is never initialized. It is used in:\n\t- use (tests/uninitialized-0.5.1.sol#23-26)\n", "elements": [{"type": "variable", "name": "balances", "source_mapping": {"start": 196, "length": 34, "filename": "tests/uninitialized-0.5.1.sol", "lines": [15]}}, {"type": "function", "name": "use", "source_mapping": {"start": 369, "length": 154, "filename": "tests/uninitialized-0.5.1.sol", "lines": [23, 24, 25, 26]}, "contract": {"type": "contract", "name": "Test", "source_mapping": {"start": 176, "length": 349, "filename": "tests/uninitialized-0.5.1.sol", "lines": [14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27]}}}]}, {"check": "uninitialized-state", "impact": "High", "confidence": "High", "description": "Test2.st (tests/uninitialized-0.5.1.sol#45) is never initialized. It is used in:\n\t- use (tests/uninitialized-0.5.1.sol#53-56)\n", "elements": [{"type": "variable", "name": "st", "source_mapping": {"start": 726, "length": 15, "filename": "tests/uninitialized-0.5.1.sol", "lines": [45]}}, {"type": "function", "name": "use", "source_mapping": {"start": 913, "length": 129, "filename": "tests/uninitialized-0.5.1.sol", "lines": [53, 54, 55, 56]}, "contract": {"type": "contract", "name": "Test2", "source_mapping": {"start": 672, "length": 373, "filename": "tests/uninitialized-0.5.1.sol", "lines": [42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58]}}}]}, {"check": "uninitialized-state", "impact": "High", "confidence": "High", "description": "Test2.v (tests/uninitialized-0.5.1.sol#47) is never initialized. It is used in:\n\t- init (tests/uninitialized-0.5.1.sol#49-51)\n", "elements": [{"type": "variable", "name": "v", "source_mapping": {"start": 779, "length": 6, "filename": "tests/uninitialized-0.5.1.sol", "lines": [47]}}, {"type": "function", "name": "init", "source_mapping": {"start": 848, "length": 59, "filename": "tests/uninitialized-0.5.1.sol", "lines": [49, 50, 51]}, "contract": {"type": "contract", "name": "Test2", "source_mapping": {"start": 672, "length": 373, "filename": "tests/uninitialized-0.5.1.sol", "lines": [42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58]}}}]}] \ No newline at end of file +[ + { + "check": "uninitialized-state", + "impact": "High", + "confidence": "High", + "description": "Uninitialized.destination (tests/uninitialized-0.5.1.sol#5) is never initialized. It is used in:\n\t- transfer (tests/uninitialized-0.5.1.sol#7-9)\n", + "elements": [ + { + "type": "variable", + "name": "destination", + "source_mapping": { + "start": 54, + "length": 27, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_relative": "tests/uninitialized-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_short": "tests/uninitialized-0.5.1.sol", + "lines": [ + 5 + ], + "starting_column": 5, + "ending_column": 32 + } + }, + { + "type": "function", + "name": "transfer", + "source_mapping": { + "start": 88, + "length": 82, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_relative": "tests/uninitialized-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_short": "tests/uninitialized-0.5.1.sol", + "lines": [ + 7, + 8, + 9 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Uninitialized", + "source_mapping": { + "start": 25, + "length": 148, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_relative": "tests/uninitialized-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_short": "tests/uninitialized-0.5.1.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + }, + { + "check": "uninitialized-state", + "impact": "High", + "confidence": "High", + "description": "Test.balances (tests/uninitialized-0.5.1.sol#15) is never initialized. It is used in:\n\t- use (tests/uninitialized-0.5.1.sol#23-26)\n", + "elements": [ + { + "type": "variable", + "name": "balances", + "source_mapping": { + "start": 196, + "length": 34, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_relative": "tests/uninitialized-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_short": "tests/uninitialized-0.5.1.sol", + "lines": [ + 15 + ], + "starting_column": 5, + "ending_column": 39 + } + }, + { + "type": "function", + "name": "use", + "source_mapping": { + "start": 369, + "length": 154, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_relative": "tests/uninitialized-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_short": "tests/uninitialized-0.5.1.sol", + "lines": [ + 23, + 24, + 25, + 26 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Test", + "source_mapping": { + "start": 176, + "length": 349, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_relative": "tests/uninitialized-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_short": "tests/uninitialized-0.5.1.sol", + "lines": [ + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + }, + { + "check": "uninitialized-state", + "impact": "High", + "confidence": "High", + "description": "Test2.st (tests/uninitialized-0.5.1.sol#45) is never initialized. It is used in:\n\t- use (tests/uninitialized-0.5.1.sol#53-56)\n", + "elements": [ + { + "type": "variable", + "name": "st", + "source_mapping": { + "start": 726, + "length": 15, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_relative": "tests/uninitialized-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_short": "tests/uninitialized-0.5.1.sol", + "lines": [ + 45 + ], + "starting_column": 5, + "ending_column": 20 + } + }, + { + "type": "function", + "name": "use", + "source_mapping": { + "start": 913, + "length": 129, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_relative": "tests/uninitialized-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_short": "tests/uninitialized-0.5.1.sol", + "lines": [ + 53, + 54, + 55, + 56 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Test2", + "source_mapping": { + "start": 672, + "length": 373, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_relative": "tests/uninitialized-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_short": "tests/uninitialized-0.5.1.sol", + "lines": [ + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + }, + { + "check": "uninitialized-state", + "impact": "High", + "confidence": "High", + "description": "Test2.v (tests/uninitialized-0.5.1.sol#47) is never initialized. It is used in:\n\t- init (tests/uninitialized-0.5.1.sol#49-51)\n", + "elements": [ + { + "type": "variable", + "name": "v", + "source_mapping": { + "start": 779, + "length": 6, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_relative": "tests/uninitialized-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_short": "tests/uninitialized-0.5.1.sol", + "lines": [ + 47 + ], + "starting_column": 5, + "ending_column": 11 + } + }, + { + "type": "function", + "name": "init", + "source_mapping": { + "start": 848, + "length": 59, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_relative": "tests/uninitialized-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_short": "tests/uninitialized-0.5.1.sol", + "lines": [ + 49, + 50, + 51 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Test2", + "source_mapping": { + "start": 672, + "length": 373, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_relative": "tests/uninitialized-0.5.1.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized-0.5.1.sol", + "filename_short": "tests/uninitialized-0.5.1.sol", + "lines": [ + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/uninitialized-0.5.1.uninitialized-state.txt b/tests/expected_json/uninitialized-0.5.1.uninitialized-state.txt new file mode 100644 index 000000000..ea27bfd31 --- /dev/null +++ b/tests/expected_json/uninitialized-0.5.1.uninitialized-state.txt @@ -0,0 +1,11 @@ +INFO:Detectors: +Uninitialized.destination (tests/uninitialized-0.5.1.sol#5) is never initialized. It is used in: + - transfer (tests/uninitialized-0.5.1.sol#7-9) +Test.balances (tests/uninitialized-0.5.1.sol#15) is never initialized. It is used in: + - use (tests/uninitialized-0.5.1.sol#23-26) +Test2.st (tests/uninitialized-0.5.1.sol#45) is never initialized. It is used in: + - use (tests/uninitialized-0.5.1.sol#53-56) +Test2.v (tests/uninitialized-0.5.1.sol#47) is never initialized. It is used in: + - init (tests/uninitialized-0.5.1.sol#49-51) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables +INFO:Slither:tests/uninitialized-0.5.1.sol analyzed (4 contracts), 4 result(s) found diff --git a/tests/expected_json/uninitialized.uninitialized-state.json b/tests/expected_json/uninitialized.uninitialized-state.json index e99a18e22..f5dfa23f3 100644 --- a/tests/expected_json/uninitialized.uninitialized-state.json +++ b/tests/expected_json/uninitialized.uninitialized-state.json @@ -1 +1,301 @@ -[{"check": "uninitialized-state", "impact": "High", "confidence": "High", "description": "Uninitialized.destination (tests/uninitialized.sol#5) is never initialized. It is used in:\n\t- transfer (tests/uninitialized.sol#7-9)\n", "elements": [{"type": "variable", "name": "destination", "source_mapping": {"start": 55, "length": 19, "filename": "tests/uninitialized.sol", "lines": [5]}}, {"type": "function", "name": "transfer", "source_mapping": {"start": 81, "length": 82, "filename": "tests/uninitialized.sol", "lines": [7, 8, 9]}, "contract": {"type": "contract", "name": "Uninitialized", "source_mapping": {"start": 26, "length": 140, "filename": "tests/uninitialized.sol", "lines": [3, 4, 5, 6, 7, 8, 9, 10, 11]}}}]}, {"check": "uninitialized-state", "impact": "High", "confidence": "High", "description": "Test.balances (tests/uninitialized.sol#15) is never initialized. It is used in:\n\t- use (tests/uninitialized.sol#23-26)\n", "elements": [{"type": "variable", "name": "balances", "source_mapping": {"start": 189, "length": 34, "filename": "tests/uninitialized.sol", "lines": [15]}}, {"type": "function", "name": "use", "source_mapping": {"start": 356, "length": 143, "filename": "tests/uninitialized.sol", "lines": [23, 24, 25, 26]}, "contract": {"type": "contract", "name": "Test", "source_mapping": {"start": 169, "length": 332, "filename": "tests/uninitialized.sol", "lines": [14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27]}}}]}, {"check": "uninitialized-state", "impact": "High", "confidence": "High", "description": "Test2.st (tests/uninitialized.sol#45) is never initialized. It is used in:\n\t- use (tests/uninitialized.sol#53-56)\n", "elements": [{"type": "variable", "name": "st", "source_mapping": {"start": 695, "length": 15, "filename": "tests/uninitialized.sol", "lines": [45]}}, {"type": "function", "name": "use", "source_mapping": {"start": 875, "length": 117, "filename": "tests/uninitialized.sol", "lines": [53, 54, 55, 56]}, "contract": {"type": "contract", "name": "Test2", "source_mapping": {"start": 641, "length": 354, "filename": "tests/uninitialized.sol", "lines": [42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58]}}}]}, {"check": "uninitialized-state", "impact": "High", "confidence": "High", "description": "Test2.v (tests/uninitialized.sol#47) is never initialized. It is used in:\n\t- init (tests/uninitialized.sol#49-51)\n", "elements": [{"type": "variable", "name": "v", "source_mapping": {"start": 748, "length": 6, "filename": "tests/uninitialized.sol", "lines": [47]}}, {"type": "function", "name": "init", "source_mapping": {"start": 817, "length": 52, "filename": "tests/uninitialized.sol", "lines": [49, 50, 51]}, "contract": {"type": "contract", "name": "Test2", "source_mapping": {"start": 641, "length": 354, "filename": "tests/uninitialized.sol", "lines": [42, 43, 44, 45, 46, 47, 48, 49, 50, 51, 52, 53, 54, 55, 56, 57, 58]}}}]}] \ No newline at end of file +[ + { + "check": "uninitialized-state", + "impact": "High", + "confidence": "High", + "description": "Uninitialized.destination (tests/uninitialized.sol#5) is never initialized. It is used in:\n\t- transfer (tests/uninitialized.sol#7-9)\n", + "elements": [ + { + "type": "variable", + "name": "destination", + "source_mapping": { + "start": 55, + "length": 19, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_relative": "tests/uninitialized.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_short": "tests/uninitialized.sol", + "lines": [ + 5 + ], + "starting_column": 5, + "ending_column": 24 + } + }, + { + "type": "function", + "name": "transfer", + "source_mapping": { + "start": 81, + "length": 82, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_relative": "tests/uninitialized.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_short": "tests/uninitialized.sol", + "lines": [ + 7, + 8, + 9 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Uninitialized", + "source_mapping": { + "start": 26, + "length": 140, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_relative": "tests/uninitialized.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_short": "tests/uninitialized.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + }, + { + "check": "uninitialized-state", + "impact": "High", + "confidence": "High", + "description": "Test.balances (tests/uninitialized.sol#15) is never initialized. It is used in:\n\t- use (tests/uninitialized.sol#23-26)\n", + "elements": [ + { + "type": "variable", + "name": "balances", + "source_mapping": { + "start": 189, + "length": 34, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_relative": "tests/uninitialized.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_short": "tests/uninitialized.sol", + "lines": [ + 15 + ], + "starting_column": 5, + "ending_column": 39 + } + }, + { + "type": "function", + "name": "use", + "source_mapping": { + "start": 356, + "length": 143, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_relative": "tests/uninitialized.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_short": "tests/uninitialized.sol", + "lines": [ + 23, + 24, + 25, + 26 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Test", + "source_mapping": { + "start": 169, + "length": 332, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_relative": "tests/uninitialized.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_short": "tests/uninitialized.sol", + "lines": [ + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + }, + { + "check": "uninitialized-state", + "impact": "High", + "confidence": "High", + "description": "Test2.st (tests/uninitialized.sol#45) is never initialized. It is used in:\n\t- use (tests/uninitialized.sol#53-56)\n", + "elements": [ + { + "type": "variable", + "name": "st", + "source_mapping": { + "start": 695, + "length": 15, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_relative": "tests/uninitialized.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_short": "tests/uninitialized.sol", + "lines": [ + 45 + ], + "starting_column": 5, + "ending_column": 20 + } + }, + { + "type": "function", + "name": "use", + "source_mapping": { + "start": 875, + "length": 117, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_relative": "tests/uninitialized.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_short": "tests/uninitialized.sol", + "lines": [ + 53, + 54, + 55, + 56 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Test2", + "source_mapping": { + "start": 641, + "length": 354, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_relative": "tests/uninitialized.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_short": "tests/uninitialized.sol", + "lines": [ + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + }, + { + "check": "uninitialized-state", + "impact": "High", + "confidence": "High", + "description": "Test2.v (tests/uninitialized.sol#47) is never initialized. It is used in:\n\t- init (tests/uninitialized.sol#49-51)\n", + "elements": [ + { + "type": "variable", + "name": "v", + "source_mapping": { + "start": 748, + "length": 6, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_relative": "tests/uninitialized.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_short": "tests/uninitialized.sol", + "lines": [ + 47 + ], + "starting_column": 5, + "ending_column": 11 + } + }, + { + "type": "function", + "name": "init", + "source_mapping": { + "start": 817, + "length": 52, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_relative": "tests/uninitialized.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_short": "tests/uninitialized.sol", + "lines": [ + 49, + 50, + 51 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Test2", + "source_mapping": { + "start": 641, + "length": 354, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_relative": "tests/uninitialized.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized.sol", + "filename_short": "tests/uninitialized.sol", + "lines": [ + 42, + 43, + 44, + 45, + 46, + 47, + 48, + 49, + 50, + 51, + 52, + 53, + 54, + 55, + 56, + 57, + 58 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/uninitialized.uninitialized-state.txt b/tests/expected_json/uninitialized.uninitialized-state.txt new file mode 100644 index 000000000..a516750bf --- /dev/null +++ b/tests/expected_json/uninitialized.uninitialized-state.txt @@ -0,0 +1,11 @@ +INFO:Detectors: +Uninitialized.destination (tests/uninitialized.sol#5) is never initialized. It is used in: + - transfer (tests/uninitialized.sol#7-9) +Test.balances (tests/uninitialized.sol#15) is never initialized. It is used in: + - use (tests/uninitialized.sol#23-26) +Test2.st (tests/uninitialized.sol#45) is never initialized. It is used in: + - use (tests/uninitialized.sol#53-56) +Test2.v (tests/uninitialized.sol#47) is never initialized. It is used in: + - init (tests/uninitialized.sol#49-51) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-state-variables +INFO:Slither:tests/uninitialized.sol analyzed (4 contracts), 4 result(s) found diff --git a/tests/expected_json/uninitialized_local_variable.uninitialized-local.json b/tests/expected_json/uninitialized_local_variable.uninitialized-local.json index c981e6c63..107149125 100644 --- a/tests/expected_json/uninitialized_local_variable.uninitialized-local.json +++ b/tests/expected_json/uninitialized_local_variable.uninitialized-local.json @@ -1 +1,73 @@ -[{"check": "uninitialized-local", "impact": "Medium", "confidence": "Medium", "description": "uint_not_init in Uninitialized.func (tests/uninitialized_local_variable.sol#4) is a local variable never initialiazed\n", "elements": [{"type": "variable", "name": "uint_not_init", "source_mapping": {"start": 77, "length": 18, "filename": "tests/uninitialized_local_variable.sol", "lines": [4]}}, {"type": "function", "name": "func", "source_mapping": {"start": 29, "length": 143, "filename": "tests/uninitialized_local_variable.sol", "lines": [3, 4, 5, 6, 7]}, "contract": {"type": "contract", "name": "Uninitialized", "source_mapping": {"start": 0, "length": 179, "filename": "tests/uninitialized_local_variable.sol", "lines": [1, 2, 3, 4, 5, 6, 7, 8, 9]}}}]}] \ No newline at end of file +[ + { + "check": "uninitialized-local", + "impact": "Medium", + "confidence": "Medium", + "description": "uint_not_init in Uninitialized.func (tests/uninitialized_local_variable.sol#4) is a local variable never initialiazed\n", + "elements": [ + { + "type": "variable", + "name": "uint_not_init", + "source_mapping": { + "start": 77, + "length": 18, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized_local_variable.sol", + "filename_relative": "tests/uninitialized_local_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized_local_variable.sol", + "filename_short": "tests/uninitialized_local_variable.sol", + "lines": [ + 4 + ], + "starting_column": 9, + "ending_column": 27 + } + }, + { + "type": "function", + "name": "func", + "source_mapping": { + "start": 29, + "length": 143, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized_local_variable.sol", + "filename_relative": "tests/uninitialized_local_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized_local_variable.sol", + "filename_short": "tests/uninitialized_local_variable.sol", + "lines": [ + 3, + 4, + 5, + 6, + 7 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Uninitialized", + "source_mapping": { + "start": 0, + "length": 179, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized_local_variable.sol", + "filename_relative": "tests/uninitialized_local_variable.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized_local_variable.sol", + "filename_short": "tests/uninitialized_local_variable.sol", + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/uninitialized_local_variable.uninitialized-local.txt b/tests/expected_json/uninitialized_local_variable.uninitialized-local.txt new file mode 100644 index 000000000..f4ff963e3 --- /dev/null +++ b/tests/expected_json/uninitialized_local_variable.uninitialized-local.txt @@ -0,0 +1,4 @@ +INFO:Detectors: +uint_not_init in Uninitialized.func (tests/uninitialized_local_variable.sol#4) is a local variable never initialiazed +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#uninitialized-local-variables +INFO:Slither:tests/uninitialized_local_variable.sol analyzed (1 contracts), 1 result(s) found diff --git a/tests/expected_json/uninitialized_storage_pointer.uninitialized-storage.json b/tests/expected_json/uninitialized_storage_pointer.uninitialized-storage.json index 40b5b9e80..475c3cf7d 100644 --- a/tests/expected_json/uninitialized_storage_pointer.uninitialized-storage.json +++ b/tests/expected_json/uninitialized_storage_pointer.uninitialized-storage.json @@ -1 +1,79 @@ -[{"check": "uninitialized-storage", "impact": "High", "confidence": "High", "description": "st_bug in Uninitialized.func (tests/uninitialized_storage_pointer.sol#10) is a storage variable never initialiazed\n", "elements": [{"type": "variable", "name": "st_bug", "source_mapping": {"start": 171, "length": 9, "filename": "tests/uninitialized_storage_pointer.sol", "lines": [10]}}, {"type": "function", "name": "func", "source_mapping": {"start": 67, "length": 143, "filename": "tests/uninitialized_storage_pointer.sol", "lines": [7, 8, 9, 10, 11, 12]}, "contract": {"type": "contract", "name": "Uninitialized", "source_mapping": {"start": 0, "length": 217, "filename": "tests/uninitialized_storage_pointer.sol", "lines": [1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14]}}}]}] \ No newline at end of file +[ + { + "check": "uninitialized-storage", + "impact": "High", + "confidence": "High", + "description": "st_bug in Uninitialized.func (tests/uninitialized_storage_pointer.sol#10) is a storage variable never initialiazed\n", + "elements": [ + { + "type": "variable", + "name": "st_bug", + "source_mapping": { + "start": 171, + "length": 9, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized_storage_pointer.sol", + "filename_relative": "tests/uninitialized_storage_pointer.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized_storage_pointer.sol", + "filename_short": "tests/uninitialized_storage_pointer.sol", + "lines": [ + 10 + ], + "starting_column": 9, + "ending_column": 18 + } + }, + { + "type": "function", + "name": "func", + "source_mapping": { + "start": 67, + "length": 143, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized_storage_pointer.sol", + "filename_relative": "tests/uninitialized_storage_pointer.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized_storage_pointer.sol", + "filename_short": "tests/uninitialized_storage_pointer.sol", + "lines": [ + 7, + 8, + 9, + 10, + 11, + 12 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "Uninitialized", + "source_mapping": { + "start": 0, + "length": 217, + "filename_used": "/home/travis/build/crytic/slither/tests/uninitialized_storage_pointer.sol", + "filename_relative": "tests/uninitialized_storage_pointer.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/uninitialized_storage_pointer.sol", + "filename_short": "tests/uninitialized_storage_pointer.sol", + "lines": [ + 1, + 2, + 3, + 4, + 5, + 6, + 7, + 8, + 9, + 10, + 11, + 12, + 13, + 14 + ], + "starting_column": 1, + "ending_column": 2 + } + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/uninitialized_storage_pointer.uninitialized-storage.txt b/tests/expected_json/uninitialized_storage_pointer.uninitialized-storage.txt new file mode 100644 index 000000000..a7b868f1e --- /dev/null +++ b/tests/expected_json/uninitialized_storage_pointer.uninitialized-storage.txt @@ -0,0 +1,14 @@ +ERROR:Slither:Invalid compilation +ERROR:Slither:Invalid solc compilation tests/uninitialized_storage_pointer.sol:7:5: Error: No visibility specified. Did you intend to add "public"? + function func() { + ^ (Relevant source part starts here and spans across multiple lines). +tests/uninitialized_storage_pointer.sol:1:1: Warning: Source file does not specify required compiler version! Consider adding "pragma solidity ^0.5.1;" +contract Uninitialized{ +^ (Relevant source part starts here and spans across multiple lines). +tests/uninitialized_storage_pointer.sol:8:9: Error: Data location must be "storage" or "memory" for variable, but none was given. + St st; // non init, but never read so its fine + ^---^ +tests/uninitialized_storage_pointer.sol:10:9: Error: Data location must be "storage" or "memory" for variable, but none was given. + St st_bug; + ^-------^ + diff --git a/tests/expected_json/unused_return.unused-return.json b/tests/expected_json/unused_return.unused-return.json index 3aedbe7f6..136b93c39 100644 --- a/tests/expected_json/unused_return.unused-return.json +++ b/tests/expected_json/unused_return.unused-return.json @@ -1 +1,107 @@ -[{"check": "unused-return", "impact": "Medium", "confidence": "Medium", "description": "User.test (tests/unused_return.sol#17-29) does not use the value returned by external calls:\n\t-t.f() (tests/unused_return.sol#18)\n\t-a.add(0) (tests/unused_return.sol#22)\n", "elements": [{"type": "function", "name": "test", "source_mapping": {"start": 239, "length": 354, "filename": "tests/unused_return.sol", "lines": [17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29]}, "contract": {"type": "contract", "name": "User", "source_mapping": {"start": 189, "length": 406, "filename": "tests/unused_return.sol", "lines": [13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30]}}}, {"type": "expression", "expression": "t.f()", "source_mapping": {"start": 279, "length": 5, "filename": "tests/unused_return.sol", "lines": [18]}}, {"type": "expression", "expression": "a.add(0)", "source_mapping": {"start": 353, "length": 8, "filename": "tests/unused_return.sol", "lines": [22]}}]}] \ No newline at end of file +[ + { + "check": "unused-return", + "impact": "Medium", + "confidence": "Medium", + "description": "User.test (tests/unused_return.sol#17-29) does not use the value returned by external calls:\n\t-t.f() (tests/unused_return.sol#18)\n\t-a.add(0) (tests/unused_return.sol#22)\n", + "elements": [ + { + "type": "function", + "name": "test", + "source_mapping": { + "start": 239, + "length": 354, + "filename_used": "/home/travis/build/crytic/slither/tests/unused_return.sol", + "filename_relative": "tests/unused_return.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/unused_return.sol", + "filename_short": "tests/unused_return.sol", + "lines": [ + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29 + ], + "starting_column": 5, + "ending_column": 6 + }, + "contract": { + "type": "contract", + "name": "User", + "source_mapping": { + "start": 189, + "length": 406, + "filename_used": "/home/travis/build/crytic/slither/tests/unused_return.sol", + "filename_relative": "tests/unused_return.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/unused_return.sol", + "filename_short": "tests/unused_return.sol", + "lines": [ + 13, + 14, + 15, + 16, + 17, + 18, + 19, + 20, + 21, + 22, + 23, + 24, + 25, + 26, + 27, + 28, + 29, + 30 + ], + "starting_column": 1, + "ending_column": 2 + } + } + }, + { + "type": "expression", + "expression": "t.f()", + "source_mapping": { + "start": 279, + "length": 5, + "filename_used": "/home/travis/build/crytic/slither/tests/unused_return.sol", + "filename_relative": "tests/unused_return.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/unused_return.sol", + "filename_short": "tests/unused_return.sol", + "lines": [ + 18 + ], + "starting_column": 9, + "ending_column": 14 + } + }, + { + "type": "expression", + "expression": "a.add(0)", + "source_mapping": { + "start": 353, + "length": 8, + "filename_used": "/home/travis/build/crytic/slither/tests/unused_return.sol", + "filename_relative": "tests/unused_return.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/unused_return.sol", + "filename_short": "tests/unused_return.sol", + "lines": [ + 22 + ], + "starting_column": 9, + "ending_column": 17 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/unused_return.unused-return.txt b/tests/expected_json/unused_return.unused-return.txt new file mode 100644 index 000000000..1747daca3 --- /dev/null +++ b/tests/expected_json/unused_return.unused-return.txt @@ -0,0 +1,6 @@ +INFO:Detectors: +User.test (tests/unused_return.sol#17-29) does not use the value returned by external calls: + -t.f() (tests/unused_return.sol#18) + -a.add(0) (tests/unused_return.sol#22) +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-return +INFO:Slither:tests/unused_return.sol analyzed (3 contracts), 1 result(s) found diff --git a/tests/expected_json/unused_state.unused-state.json b/tests/expected_json/unused_state.unused-state.json index b970e391c..2b9d48969 100644 --- a/tests/expected_json/unused_state.unused-state.json +++ b/tests/expected_json/unused_state.unused-state.json @@ -1 +1,27 @@ -[{"check": "unused-state", "impact": "Informational", "confidence": "High", "description": "A.unused (tests/unused_state.sol#4) is never used in B\n", "elements": [{"type": "variable", "name": "unused", "source_mapping": {"start": 44, "length": 14, "filename": "tests/unused_state.sol", "lines": [4]}}]}] \ No newline at end of file +[ + { + "check": "unused-state", + "impact": "Informational", + "confidence": "High", + "description": "A.unused (tests/unused_state.sol#4) is never used in B\n", + "elements": [ + { + "type": "variable", + "name": "unused", + "source_mapping": { + "start": 44, + "length": 14, + "filename_used": "/home/travis/build/crytic/slither/tests/unused_state.sol", + "filename_relative": "tests/unused_state.sol", + "filename_absolute": "/home/travis/build/crytic/slither/tests/unused_state.sol", + "filename_short": "tests/unused_state.sol", + "lines": [ + 4 + ], + "starting_column": 5, + "ending_column": 19 + } + } + ] + } +] \ No newline at end of file diff --git a/tests/expected_json/unused_state.unused-state.txt b/tests/expected_json/unused_state.unused-state.txt new file mode 100644 index 000000000..d8156d712 --- /dev/null +++ b/tests/expected_json/unused_state.unused-state.txt @@ -0,0 +1,4 @@ +INFO:Detectors: +A.unused (tests/unused_state.sol#4) is never used in B +Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variables +INFO:Slither:tests/unused_state.sol analyzed (2 contracts), 1 result(s) found diff --git a/tests/incorrect_erc20_interface.sol b/tests/incorrect_erc20_interface.sol index e082b77ef..6fdcb71a2 100644 --- a/tests/incorrect_erc20_interface.sol +++ b/tests/incorrect_erc20_interface.sol @@ -1,7 +1,10 @@ pragma solidity ^0.4.24; contract Token{ - function transfer(address to, uint value) external; - + function approve(address spender, uint value) external; + function transferFrom(address from, address to, uint value) external; + function totalSupply() external; + function balanceOf(address who) external; + function allowance(address owner, address spender) external; } diff --git a/tests/incorrect_erc721_interface.sol b/tests/incorrect_erc721_interface.sol new file mode 100644 index 000000000..a8e3e607b --- /dev/null +++ b/tests/incorrect_erc721_interface.sol @@ -0,0 +1,16 @@ +pragma solidity ^0.4.24; + +interface IERC165 { + function supportsInterface(bytes4 interfaceID) external; +} +contract Token is IERC165{ + function balanceOf(address _owner) external; + function ownerOf(uint256 _tokenId) external; + function safeTransferFrom(address _from, address _to, uint256 _tokenId, bytes data) external returns (bool); + function safeTransferFrom(address _from, address _to, uint256 _tokenId) external returns (bool); + function transferFrom(address _from, address _to, uint256 _tokenId) external returns (bool); + function approve(address _approved, uint256 _tokenId) external returns (bool); + function setApprovalForAll(address _operator, bool _approved) external returns (bool); + function getApproved(uint256 _tokenId) external; + function isApprovedForAll(address _owner, address _operator) external; +} diff --git a/tests/too_many_digits.sol b/tests/too_many_digits.sol new file mode 100644 index 000000000..84e930056 --- /dev/null +++ b/tests/too_many_digits.sol @@ -0,0 +1,35 @@ +pragma solidity ^0.5.1; + +contract C { + uint balance; + + /** + * @dev Variables are not Ok - using too many digits in place of the Ether denomination. + */ + function f() external { + uint x1 = 0x000001; + uint x2 = 0x0000000000001; + uint x3 = 1000000000000000000; + uint x4 = 100000; + balance += x1 + x2 + x3 + x4; + } + + /** + * @dev Variables are Ok - not using too many digits. + */ + function h() external { + uint x1 = 1000; + uint x2 = 100000; + balance += x1 + x2 + 100; + } + + /** + * @dev Variables are Ok - Using Ether denominations. + */ + function i() external { + uint x1 = 1 wei + 10 wei + 100 wei + 1000 wei + 10000 wei; + uint x2 = 1 szabo + 10 szabo + 100 szabo + 1000 szabo + 10000 szabo; + balance += x1 + x2; + } + +}