TheDude
/
slither
mirror of https://github.com/crytic/slither
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Standardized reentrancy-eth + reentrancy-benign + reentrancy-no-eth detector output (use of provided json functions)

Browse Source
pull/226/head
David Pokora 6 years ago
parent 148d3e51ed
commit 472608fa5c
No known key found for this signature in database
GPG Key ID: 3CED48D1BB21BDD7
3 changed files with 75 additions and 49 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 46
      slither/detectors/reentrancy/reentrancy_benign.py
  2. 46
      slither/detectors/reentrancy/reentrancy_eth.py
  3. 32
      slither/detectors/reentrancy/reentrancy_read_before_write.py

46
slither/detectors/reentrancy/reentrancy_benign.py
Unescape View File

@ -95,27 +95,37 @@ Only report reentrancy that acts as a double call (see `reentrancy-eth`, `reentr
info += '\t- {} ({})\n'.format(call_info.expression, call_info.source_mapping_str)
info += '\tState variables written after the call(s):\n'
for (v, node) in sorted(varsWritten, key=lambda x: (x[0].name, x[1].node_id)):
info += '\t- {} ({})\n'.format(v, node.source_mapping_str)
sending_eth_json = []
if calls != send_eth:
sending_eth_json = [{'type' : 'external_calls_sending_eth',
'expression': str(call_info.expression),
'source_mapping': call_info.source_mapping}
for call_info in send_eth]
info += '\t- {} ({})\n'.format(v, node.source_mapping_str)
# Create our JSON result
json = self.generate_json_result(info)
# Add the function with the re-entrancy first
self.add_function_to_json(func, json)
json['elements'] += [{'type': 'external_calls',
'expression': str(call_info.expression),
'source_mapping': call_info.source_mapping}
for call_info in calls]
json['elements'] += sending_eth_json
json['elements'] += [{'type':'variables_written',
'name': v.name,
'expression': str(node.expression),
'source_mapping': node.source_mapping}
for (v, node) in varsWritten]
# Add all underlying calls in the function which are potentially problematic.
for call_info in calls:
self.add_node_to_json(call_info, json, {
"underlying_type": "external_calls"
})
#
# If the calls are not the same ones that send eth, add the eth sending nodes.
if calls != send_eth:
for call_info in send_eth:
self.add_node_to_json(call_info, json, {
"underlying_type": "external_calls_sending_eth"
})
# Add all variables written via nodes which write them.
for (v, node) in varsWritten:
self.add_node_to_json(node, json, {
"underlying_type": "variables_written",
"variable_name": v.name
})
# Append our result
results.append(json)
return results

46
slither/detectors/reentrancy/reentrancy_eth.py
Unescape View File

@ -98,27 +98,37 @@ Bob uses the re-entrancy bug to call `withdrawBalance` two times, and withdraw m
info += '\t- {} ({})\n'.format(call_info.expression, call_info.source_mapping_str)
info += '\tState variables written after the call(s):\n'
for (v, node) in sorted(varsWritten, key=lambda x: (x[0].name, x[1].node_id)):
info += '\t- {} ({})\n'.format(v, node.source_mapping_str)
sending_eth_json = []
if calls != send_eth:
sending_eth_json = [{'type' : 'external_calls_sending_eth',
'expression': str(call_info.expression),
'source_mapping': call_info.source_mapping}
for call_info in send_eth]
info += '\t- {} ({})\n'.format(v, node.source_mapping_str)
# Create our JSON result
json = self.generate_json_result(info)
# Add the function with the re-entrancy first
self.add_function_to_json(func, json)
json['elements'] += [{'type': 'external_calls',
'expression': str(call_info.expression),
'source_mapping': call_info.source_mapping}
for call_info in calls]
json['elements'] += sending_eth_json
json['elements'] += [{'type':'variables_written',
'name': v.name,
'expression': str(node.expression),
'source_mapping': node.source_mapping}
for (v, node) in varsWritten]
# Add all underlying calls in the function which are potentially problematic.
for call_info in calls:
self.add_node_to_json(call_info, json, {
"underlying_type": "external_calls"
})
#
# If the calls are not the same ones that send eth, add the eth sending nodes.
if calls != send_eth:
for call_info in send_eth:
self.add_node_to_json(call_info, json, {
"underlying_type": "external_calls_sending_eth"
})
# Add all variables written via nodes which write them.
for (v, node) in varsWritten:
self.add_node_to_json(node, json, {
"underlying_type": "variables_written",
"variable_name": v.name
})
# Append our result
results.append(json)
return results

32
slither/detectors/reentrancy/reentrancy_read_before_write.py
Unescape View File

@ -89,22 +89,28 @@ Do not report reentrancies that involve ethers (see `reentrancy-eth`)'''
info += '\t- {} ({})\n'.format(call_info.expression, call_info.source_mapping_str)
info += '\tState variables written after the call(s):\n'
for (v, node) in sorted(varsWritten, key=lambda x: (x[0].name, x[1].node_id)):
info += '\t- {} ({})\n'.format(v, node.source_mapping_str)
sending_eth_json = []
info += '\t- {} ({})\n'.format(v, node.source_mapping_str)
# Create our JSON result
json = self.generate_json_result(info)
# Add the function with the re-entrancy first
self.add_function_to_json(func, json)
json['elements'] += [{'type': 'external_calls',
'expression': str(call_info.expression),
'source_mapping': call_info.source_mapping}
for call_info in calls]
json['elements'] += sending_eth_json
json['elements'] += [{'type':'variables_written',
'name': v.name,
'expression': str(node.expression),
'source_mapping': node.source_mapping}
for (v, node) in varsWritten]
# Add all underlying calls in the function which are potentially problematic.
for call_info in calls:
self.add_node_to_json(call_info, json, {
"underlying_type": "external_calls"
})
# Add all variables written via nodes which write them.
for (v, node) in varsWritten:
self.add_node_to_json(node, json, {
"underlying_type": "variables_written",
"variable_name": v.name
})
# Append our result
results.append(json)
return results

Write Preview
Loading…
Cancel
Save