Merge branch '1476-refactor-vulnerable-solc-version' of github.com:devtooligan/slither into devtooligan-1476-refactor-vulnerable-solc-version

2 years ago · 36711ed630
parent b96beeaa57 2412f834f0
commit 36711ed630
2 changed files with 20 additions and 18 deletions
--- a/slither/detectors/abstract_detector.py
+++ b/slither/detectors/abstract_detector.py
@ -61,6 +61,11 @@ class AbstractDetector(metaclass=abc.ABCMeta):

    STANDARD_JSON = True

+    # list of vulnerable solc versions as strings (e.g. ["0.4.25", "0.5.0"])
+    # if this list is not empty then the detector will not run unless the solc version is on the list
+    # an empty list means that the detector will run on any solc version
+    VULNERABLE_SOLC_VERSIONS: List[str] = []
+
    def __init__(
        self, compilation_unit: SlitherCompilationUnit, slither: "Slither", logger: Logger
    ):
@ -139,6 +144,11 @@ class AbstractDetector(metaclass=abc.ABCMeta):
        if self.logger:
            self.logger.info(self.color(info))

+    def _uses_vulnerable_solc_version(self) -> bool:
+        if self.VULNERABLE_SOLC_VERSIONS:
+            return self.compilation_unit.solc_version in self.VULNERABLE_SOLC_VERSIONS
+        return True
+
    @abc.abstractmethod
    def _detect(self) -> List[Output]:
        """TODO Documentation"""
@ -147,6 +157,11 @@ class AbstractDetector(metaclass=abc.ABCMeta):
    # pylint: disable=too-many-branches
    def detect(self) -> List[Dict]:
        results: List[Dict] = []
+
+        # check solc version
+        if not self._uses_vulnerable_solc_version():
+            return results
+
        # only keep valid result, and remove duplicate
        # Keep only dictionaries
        for r in [output.data for output in self._detect()]:
--- a/slither/detectors/compiler_bugs/enum_conversion.py
+++ b/slither/detectors/compiler_bugs/enum_conversion.py
@ -7,18 +7,6 @@ from slither.slithir.operations import TypeConversion
 from slither.core.declarations.enum import Enum


-def _uses_vulnerable_solc_version(version):
-    """Detect if used compiler version is 0.4.[0|1|2|3|4]
-    Args:
-       version (solc version used)
-    Returns:
-       Bool
-    """
-    if version in ["0.4.0", "0.4.1", "0.4.2", "0.4.3", "0.4.4"]:
-        return True
-    return False
-
-
 def _detect_dangerous_enum_conversions(contract):
    """Detect dangerous conversion to enum by checking IR
    Args:
@ -54,11 +42,11 @@ class EnumConversion(AbstractDetector):
 ```solidity
    pragma solidity 0.4.2;
    contract Test{
-    
+
    enum E{a}
-    
+
    function bug(uint a) public returns(E){
-        return E(a);   
+        return E(a);
    }
 }
 ```
@ -67,12 +55,11 @@ Attackers can trigger unexpected behaviour by calling `bug(1)`."""

    WIKI_RECOMMENDATION = "Use a recent compiler version. If `solc` <`0.4.5` is required, check the `enum` conversion range."

+    VULNERABLE_SOLC_VERSIONS = ["0.4.0", "0.4.1", "0.4.2", "0.4.3", "0.4.4"]
+
    def _detect(self):
        """Detect dangerous conversion to enum"""
        results = []
-        # If solc version >= 0.4.5 then return
-        if not _uses_vulnerable_solc_version(self.compilation_unit.solc_version):
-            return results

        for c in self.compilation_unit.contracts:
            ret = _detect_dangerous_enum_conversions(c)