Merge branch 'dev-fix-specific-taint' into dev

6 years ago · 29b42184f2
parent 9cfc57eb77 d95147851d
commit 29b42184f2
6 changed files with 33 additions and 24 deletions
--- a/slither/analyses/taint/specific_variable.py
+++ b/slither/analyses/taint/specific_variable.py
@ -60,8 +60,6 @@ def _visit_node(node, visited, key):
                                                                                 key)
    taints = iterate_over_irs(node.irs, _transfer_func_, taints)

-    taints = [v for v in taints if not isinstance(v, (TemporaryVariable, ReferenceVariable))]
-
    node.function.slither.context[key] = list(set(taints))

    for son in node.sons:
@ -101,7 +99,7 @@ def is_tainted(variable, taint):
    if not isinstance(variable, (Variable, SolidityVariable)):
        return False
    key = make_key(taint)
-    return key in variable.context and variable.context[key]
+    return (key in variable.context and variable.context[key]) or variable == taint

 def is_tainted_from_key(variable, key):
    """
--- a/slither/core/children/child_node.py
+++ b/slither/core/children/child_node.py
@ -10,3 +10,11 @@ class ChildNode(object):
    @property
    def node(self):
        return self._node
+
+    @property
+    def function(self):
+        return self.node.function
+
+    @property
+    def contract(self):
+        return self.node.function.contract
--- a/slither/slithir/convert.py
+++ b/slither/slithir/convert.py
@ -208,7 +208,7 @@ def convert_to_low_level(ir):
    logger.error('Incorrect conversion to low level {}'.format(ir))
    exit(-1)

-def convert_to_push(ir):
+def convert_to_push(ir, node):
    """
    Convert a call to a PUSH operaiton

@ -221,7 +221,7 @@ def convert_to_push(ir):
    if isinstance(ir.arguments[0], list):
        ret = []

-        val = TemporaryVariable()
+        val = TemporaryVariable(node)
        operation = InitArray(ir.arguments[0], val)
        ret.append(operation)

@ -419,7 +419,7 @@ def propagate_types(ir, node):
                # Which leads to return a list of operation
                if isinstance(t, ArrayType):
                    if ir.function_name == 'push' and len(ir.arguments) == 1:
-                        return convert_to_push(ir)
+                        return convert_to_push(ir, node)

            elif isinstance(ir, Index):
                if isinstance(ir.variable_left.type, MappingType):
@ -657,7 +657,7 @@ def convert_expression(expression, node):
    if isinstance(expression, Identifier) and node.type in [NodeType.IF, NodeType.IFLOOP]:
        result =  [Condition(expression.value)]
        return result
-    visitor = ExpressionToSlithIR(expression)
+    visitor = ExpressionToSlithIR(expression, node)
    result = visitor.result()

    result = apply_ir_heuristics(result, node)
--- a/slither/slithir/variables/reference.py
+++ b/slither/slithir/variables/reference.py
@ -8,11 +8,12 @@ class ReferenceVariable(ChildNode, Variable):

    COUNTER = 0

-    def __init__(self):
+    def __init__(self, node):
        super(ReferenceVariable, self).__init__()
        self._index = ReferenceVariable.COUNTER
        ReferenceVariable.COUNTER += 1
        self._points_to = None
+        self._node = node

    @property
    def index(self):
--- a/slither/slithir/variables/temporary.py
+++ b/slither/slithir/variables/temporary.py
@ -6,10 +6,11 @@ class TemporaryVariable(ChildNode, Variable):

    COUNTER = 0

-    def __init__(self):
+    def __init__(self, node):
        super(TemporaryVariable, self).__init__()
        self._index = TemporaryVariable.COUNTER
        TemporaryVariable.COUNTER += 1
+        self._node = node

    @property
    def index(self):
--- a/slither/visitors/slithir/expression_to_slithir.py
+++ b/slither/visitors/slithir/expression_to_slithir.py
@ -61,8 +61,9 @@ def convert_assignment(left, right, t, return_type):

 class ExpressionToSlithIR(ExpressionVisitor):

-    def __init__(self, expression):
+    def __init__(self, expression, node):
        self._expression = expression
+        self._node = node
        self._result = []
        self._visit_expression(self.expression)

@ -104,7 +105,7 @@ class ExpressionToSlithIR(ExpressionVisitor):
    def _post_binary_operation(self, expression):
        left = get(expression.expression_left)
        right = get(expression.expression_right)
-        val = TemporaryVariable()
+        val = TemporaryVariable(self._node)

        operation = Binary(val, left, right, expression.type)
        self._result.append(operation)
@ -123,18 +124,18 @@ class ExpressionToSlithIR(ExpressionVisitor):
            if expression.type_call.startswith('tuple(') and expression.type_call != 'tuple()':
                val = TupleVariable()
            else:
-                val = TemporaryVariable()
+                val = TemporaryVariable(self._node)
            internal_call = InternalCall(called, len(args), val, expression.type_call)
            self._result.append(internal_call)
            set_val(expression, val)
        else:
-            val = TemporaryVariable()
+            val = TemporaryVariable(self._node)

            # If tuple
            if expression.type_call.startswith('tuple(') and expression.type_call != 'tuple()':
                val = TupleVariable()
            else:
-                val = TemporaryVariable()
+                val = TemporaryVariable(self._node)

            message_call = TmpCall(called, len(args), val, expression.type_call)
            self._result.append(message_call)
@ -152,7 +153,7 @@ class ExpressionToSlithIR(ExpressionVisitor):
    def _post_index_access(self, expression):
        left = get(expression.expression_left)
        right = get(expression.expression_right)
-        val = ReferenceVariable()
+        val = ReferenceVariable(self._node)
        operation = Index(val, left, right, expression.type)
        self._result.append(operation)
        set_val(expression, val)
@ -162,26 +163,26 @@ class ExpressionToSlithIR(ExpressionVisitor):

    def _post_member_access(self, expression):
        expr = get(expression.expression)
-        val = ReferenceVariable()
+        val = ReferenceVariable(self._node)
        member = Member(expr, Constant(expression.member_name), val)
        self._result.append(member)
        set_val(expression, val)

    def _post_new_array(self, expression):
-        val = TemporaryVariable()
+        val = TemporaryVariable(self._node)
        operation = TmpNewArray(expression.depth, expression.array_type, val)
        self._result.append(operation)
        set_val(expression, val)

    def _post_new_contract(self, expression):
-        val = TemporaryVariable()
+        val = TemporaryVariable(self._node)
        operation = TmpNewContract(expression.contract_name, val)
        self._result.append(operation)
        set_val(expression, val)

    def _post_new_elementary_type(self, expression):
        # TODO unclear if this is ever used?
-        val = TemporaryVariable()
+        val = TemporaryVariable(self._node)
        operation = TmpNewElementaryType(expression.type, val)
        self._result.append(operation)
        set_val(expression, val)
@ -196,7 +197,7 @@ class ExpressionToSlithIR(ExpressionVisitor):

    def _post_type_conversion(self, expression):
        expr = get(expression.expression)
-        val = TemporaryVariable()
+        val = TemporaryVariable(self._node)
        operation = TypeConversion(val, expr, expression.type)
        self._result.append(operation)
        set_val(expression, val)
@ -204,7 +205,7 @@ class ExpressionToSlithIR(ExpressionVisitor):
    def _post_unary_operation(self, expression):
        value = get(expression.expression)
        if expression.type in [UnaryOperationType.BANG, UnaryOperationType.TILD]:
-            lvalue = TemporaryVariable()
+            lvalue = TemporaryVariable(self._node)
            operation = Unary(lvalue, value, expression.type)
            self._result.append(operation)
            set_val(expression, lvalue)
@ -221,14 +222,14 @@ class ExpressionToSlithIR(ExpressionVisitor):
            self._result.append(operation)
            set_val(expression, value)
        elif expression.type in [UnaryOperationType.PLUSPLUS_POST]:
-            lvalue = TemporaryVariable()
+            lvalue = TemporaryVariable(self._node)
            operation = Assignment(lvalue, value, value.type)
            self._result.append(operation)
            operation = Binary(value, value, Constant("1"), BinaryType.ADDITION)
            self._result.append(operation)
            set_val(expression, lvalue)
        elif expression.type in [UnaryOperationType.MINUSMINUS_POST]:
-            lvalue = TemporaryVariable()
+            lvalue = TemporaryVariable(self._node)
            operation = Assignment(lvalue, value, value.type)
            self._result.append(operation)
            operation = Binary(value, value, Constant("1"), BinaryType.SUBTRACTION)
@ -237,7 +238,7 @@ class ExpressionToSlithIR(ExpressionVisitor):
        elif expression.type in [UnaryOperationType.PLUS_PRE]:
            set_val(expression, value)
        elif expression.type in [UnaryOperationType.MINUS_PRE]:
-            lvalue = TemporaryVariable()
+            lvalue = TemporaryVariable(self._node)
            operation = Binary(lvalue, Constant("0"), value, BinaryType.SUBTRACTION)
            self._result.append(operation)
            set_val(expression, lvalue)