From d95147851ddd5ce74e7e13070ef0a7a70bbd70fb Mon Sep 17 00:00:00 2001 From: Josselin Date: Mon, 29 Oct 2018 13:11:05 +0000 Subject: [PATCH] Add node ref to Temporary/Reference Remove filter to slithir var in specific taint --- slither/analyses/taint/specific_variable.py | 4 +-- slither/core/children/child_node.py | 8 +++++ slither/slithir/convert.py | 8 ++--- slither/slithir/variables/reference.py | 3 +- slither/slithir/variables/temporary.py | 3 +- .../visitors/slithir/expression_to_slithir.py | 31 ++++++++++--------- 6 files changed, 33 insertions(+), 24 deletions(-) diff --git a/slither/analyses/taint/specific_variable.py b/slither/analyses/taint/specific_variable.py index 304b89b4d..34f90e4c0 100644 --- a/slither/analyses/taint/specific_variable.py +++ b/slither/analyses/taint/specific_variable.py @@ -60,8 +60,6 @@ def _visit_node(node, visited, key): key) taints = iterate_over_irs(node.irs, _transfer_func_, taints) - taints = [v for v in taints if not isinstance(v, (TemporaryVariable, ReferenceVariable))] - node.function.slither.context[key] = list(set(taints)) for son in node.sons: @@ -101,7 +99,7 @@ def is_tainted(variable, taint): if not isinstance(variable, (Variable, SolidityVariable)): return False key = make_key(taint) - return key in variable.context and variable.context[key] + return (key in variable.context and variable.context[key]) or variable == taint def is_tainted_from_key(variable, key): """ diff --git a/slither/core/children/child_node.py b/slither/core/children/child_node.py index 747b7d285..8c16e3106 100644 --- a/slither/core/children/child_node.py +++ b/slither/core/children/child_node.py @@ -10,3 +10,11 @@ class ChildNode(object): @property def node(self): return self._node + + @property + def function(self): + return self.node.function + + @property + def contract(self): + return self.node.function.contract diff --git a/slither/slithir/convert.py b/slither/slithir/convert.py index 3748f4403..010ffbb1c 100644 --- a/slither/slithir/convert.py +++ b/slither/slithir/convert.py @@ -208,7 +208,7 @@ def convert_to_low_level(ir): logger.error('Incorrect conversion to low level {}'.format(ir)) exit(-1) -def convert_to_push(ir): +def convert_to_push(ir, node): """ Convert a call to a PUSH operaiton @@ -221,7 +221,7 @@ def convert_to_push(ir): if isinstance(ir.arguments[0], list): ret = [] - val = TemporaryVariable() + val = TemporaryVariable(node) operation = InitArray(ir.arguments[0], val) ret.append(operation) @@ -419,7 +419,7 @@ def propagate_types(ir, node): # Which leads to return a list of operation if isinstance(t, ArrayType): if ir.function_name == 'push' and len(ir.arguments) == 1: - return convert_to_push(ir) + return convert_to_push(ir, node) elif isinstance(ir, Index): if isinstance(ir.variable_left.type, MappingType): @@ -657,7 +657,7 @@ def convert_expression(expression, node): if isinstance(expression, Identifier) and node.type in [NodeType.IF, NodeType.IFLOOP]: result = [Condition(expression.value)] return result - visitor = ExpressionToSlithIR(expression) + visitor = ExpressionToSlithIR(expression, node) result = visitor.result() result = apply_ir_heuristics(result, node) diff --git a/slither/slithir/variables/reference.py b/slither/slithir/variables/reference.py index 9763202ef..defccaaea 100644 --- a/slither/slithir/variables/reference.py +++ b/slither/slithir/variables/reference.py @@ -8,11 +8,12 @@ class ReferenceVariable(ChildNode, Variable): COUNTER = 0 - def __init__(self): + def __init__(self, node): super(ReferenceVariable, self).__init__() self._index = ReferenceVariable.COUNTER ReferenceVariable.COUNTER += 1 self._points_to = None + self._node = node @property def index(self): diff --git a/slither/slithir/variables/temporary.py b/slither/slithir/variables/temporary.py index 910ff51b1..a736a3dd1 100644 --- a/slither/slithir/variables/temporary.py +++ b/slither/slithir/variables/temporary.py @@ -6,10 +6,11 @@ class TemporaryVariable(ChildNode, Variable): COUNTER = 0 - def __init__(self): + def __init__(self, node): super(TemporaryVariable, self).__init__() self._index = TemporaryVariable.COUNTER TemporaryVariable.COUNTER += 1 + self._node = node @property def index(self): diff --git a/slither/visitors/slithir/expression_to_slithir.py b/slither/visitors/slithir/expression_to_slithir.py index 3dfe07ce9..e1c90c595 100644 --- a/slither/visitors/slithir/expression_to_slithir.py +++ b/slither/visitors/slithir/expression_to_slithir.py @@ -61,8 +61,9 @@ def convert_assignment(left, right, t, return_type): class ExpressionToSlithIR(ExpressionVisitor): - def __init__(self, expression): + def __init__(self, expression, node): self._expression = expression + self._node = node self._result = [] self._visit_expression(self.expression) @@ -104,7 +105,7 @@ class ExpressionToSlithIR(ExpressionVisitor): def _post_binary_operation(self, expression): left = get(expression.expression_left) right = get(expression.expression_right) - val = TemporaryVariable() + val = TemporaryVariable(self._node) operation = Binary(val, left, right, expression.type) self._result.append(operation) @@ -123,18 +124,18 @@ class ExpressionToSlithIR(ExpressionVisitor): if expression.type_call.startswith('tuple(') and expression.type_call != 'tuple()': val = TupleVariable() else: - val = TemporaryVariable() + val = TemporaryVariable(self._node) internal_call = InternalCall(called, len(args), val, expression.type_call) self._result.append(internal_call) set_val(expression, val) else: - val = TemporaryVariable() + val = TemporaryVariable(self._node) # If tuple if expression.type_call.startswith('tuple(') and expression.type_call != 'tuple()': val = TupleVariable() else: - val = TemporaryVariable() + val = TemporaryVariable(self._node) message_call = TmpCall(called, len(args), val, expression.type_call) self._result.append(message_call) @@ -152,7 +153,7 @@ class ExpressionToSlithIR(ExpressionVisitor): def _post_index_access(self, expression): left = get(expression.expression_left) right = get(expression.expression_right) - val = ReferenceVariable() + val = ReferenceVariable(self._node) operation = Index(val, left, right, expression.type) self._result.append(operation) set_val(expression, val) @@ -162,26 +163,26 @@ class ExpressionToSlithIR(ExpressionVisitor): def _post_member_access(self, expression): expr = get(expression.expression) - val = ReferenceVariable() + val = ReferenceVariable(self._node) member = Member(expr, Constant(expression.member_name), val) self._result.append(member) set_val(expression, val) def _post_new_array(self, expression): - val = TemporaryVariable() + val = TemporaryVariable(self._node) operation = TmpNewArray(expression.depth, expression.array_type, val) self._result.append(operation) set_val(expression, val) def _post_new_contract(self, expression): - val = TemporaryVariable() + val = TemporaryVariable(self._node) operation = TmpNewContract(expression.contract_name, val) self._result.append(operation) set_val(expression, val) def _post_new_elementary_type(self, expression): # TODO unclear if this is ever used? - val = TemporaryVariable() + val = TemporaryVariable(self._node) operation = TmpNewElementaryType(expression.type, val) self._result.append(operation) set_val(expression, val) @@ -196,7 +197,7 @@ class ExpressionToSlithIR(ExpressionVisitor): def _post_type_conversion(self, expression): expr = get(expression.expression) - val = TemporaryVariable() + val = TemporaryVariable(self._node) operation = TypeConversion(val, expr, expression.type) self._result.append(operation) set_val(expression, val) @@ -204,7 +205,7 @@ class ExpressionToSlithIR(ExpressionVisitor): def _post_unary_operation(self, expression): value = get(expression.expression) if expression.type in [UnaryOperationType.BANG, UnaryOperationType.TILD]: - lvalue = TemporaryVariable() + lvalue = TemporaryVariable(self._node) operation = Unary(lvalue, value, expression.type) self._result.append(operation) set_val(expression, lvalue) @@ -221,14 +222,14 @@ class ExpressionToSlithIR(ExpressionVisitor): self._result.append(operation) set_val(expression, value) elif expression.type in [UnaryOperationType.PLUSPLUS_POST]: - lvalue = TemporaryVariable() + lvalue = TemporaryVariable(self._node) operation = Assignment(lvalue, value, value.type) self._result.append(operation) operation = Binary(value, value, Constant("1"), BinaryType.ADDITION) self._result.append(operation) set_val(expression, lvalue) elif expression.type in [UnaryOperationType.MINUSMINUS_POST]: - lvalue = TemporaryVariable() + lvalue = TemporaryVariable(self._node) operation = Assignment(lvalue, value, value.type) self._result.append(operation) operation = Binary(value, value, Constant("1"), BinaryType.SUBTRACTION) @@ -237,7 +238,7 @@ class ExpressionToSlithIR(ExpressionVisitor): elif expression.type in [UnaryOperationType.PLUS_PRE]: set_val(expression, value) elif expression.type in [UnaryOperationType.MINUS_PRE]: - lvalue = TemporaryVariable() + lvalue = TemporaryVariable(self._node) operation = Binary(lvalue, Constant("0"), value, BinaryType.SUBTRACTION) self._result.append(operation) set_val(expression, lvalue)