Merge branch 'master' into dev

pull/169/head
Josselin 6 years ago
commit b7e3b9e8af
  1. 14
      README.md
  2. 10
      slither/solc_parsing/slitherSolc.py

@ -9,11 +9,13 @@ Slither is a Solidity static analysis framework written in Python 3. It runs a s
* Detects vulnerable Solidity code with low false positives * Detects vulnerable Solidity code with low false positives
* Identifies where the error condition occurs in the source code * Identifies where the error condition occurs in the source code
* Easy integration into continuous integration and Truffle builds * Easily integrates into continuous integration and Truffle builds
* Built-in 'printers' quickly report crucial contract information * Built-in 'printers' quickly report crucial contract information
* Detector API to write custom analyses in Python * Detector API to write custom analyses in Python
* Ability to analyze contracts written with Solidity >= 0.4 * Ability to analyze contracts written with Solidity >= 0.4
* Intermediate representation ([SlithIR](https://github.com/trailofbits/slither/wiki/SlithIR)) enables simple, high-precision analyses * Intermediate representation ([SlithIR](https://github.com/trailofbits/slither/wiki/SlithIR)) enables simple, high-precision analyses
* Correctly parses 99.9% of all public Solidity code
* Average execution time of less than 1 second per contract
## Usage ## Usage
@ -117,19 +119,21 @@ $ git clone https://github.com/trailofbits/slither.git && cd slither
$ python setup.py install $ python setup.py install
``` ```
We recommend to use a Python virtual environment to install slither from git (see the [Developer Installation Instructions](https://github.com/trailofbits/slither/wiki/Developer-installation)) We recommend using an Python virtual environment, as detailed in the [Developer Installation Instructions](https://github.com/trailofbits/slither/wiki/Developer-installation), if you prefer to install Slither via git.
### Using Docker ### Using Docker
We recommend to use [`eth-security-toolbox`](https://github.com/trailofbits/eth-security-toolbox/):
Use the [`eth-security-toolbox`](https://github.com/trailofbits/eth-security-toolbox/) docker image. It includes all of our security tools and every major version of Solidity in a single image. `/home/share` will be mounted to `/share` in the container. Use [`solc-select`](https://github.com/trailofbits/eth-security-toolbox/#usage) to switch the Solidity version.
``` ```
docker pull trailofbits/eth-security-toolbox docker pull trailofbits/eth-security-toolbox
``` ```
To share a directory in the container: To share a directory in the container:
``` ```
docker run -it -v /home/share:/share trailofbits/eth-security-toolbox docker run -it -v /home/share:/share trailofbits/eth-security-toolbox
``` ```
`/home/share` will be mounted to `/share` in the container.
You can switch the solc version using [`solc-select`](https://github.com/trailofbits/eth-security-toolbox/#usage).
## Getting Help ## Getting Help

@ -43,8 +43,18 @@ class SlitherSolc(Slither):
def _parse_contracts_from_json(self, json_data): def _parse_contracts_from_json(self, json_data):
try: try:
data_loaded = json.loads(json_data) data_loaded = json.loads(json_data)
# Truffle AST
if 'ast' in data_loaded:
self._parse_contracts_from_loaded_json(data_loaded['ast'], data_loaded['sourcePath']) self._parse_contracts_from_loaded_json(data_loaded['ast'], data_loaded['sourcePath'])
return True return True
# solc AST, where the non-json text was removed
else:
if 'attributes' in data_loaded:
filename = data_loaded['attributes']['absolutePath']
else:
filename = data_loaded['absolutePath']
self._parse_contracts_from_loaded_json(data_loaded, filename)
return True
except ValueError: except ValueError:
first = json_data.find('{') first = json_data.find('{')

Loading…
Cancel
Save