From 12682c3094d3721466d34e45748a82b5c3bcce6b Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Fri, 10 Mar 2023 09:34:58 -0600 Subject: [PATCH 1/8] make slither-read-storage dependencies explicit --- .github/workflows/read_storage.yml | 3 +-- setup.py | 3 ++- slither/tools/read_storage/read_storage.py | 31 ++++++++++------------ tests/test_read_storage.py | 13 ++++----- 4 files changed, 22 insertions(+), 28 deletions(-) diff --git a/.github/workflows/read_storage.yml b/.github/workflows/read_storage.yml index 638a5c38c..85e399006 100644 --- a/.github/workflows/read_storage.yml +++ b/.github/workflows/read_storage.yml @@ -39,8 +39,7 @@ jobs: - name: Install python dependencies run: | - pip install ".[dev]" - pip install web3 + pip install ".[slither-read-storage]" solc-select install 0.8.1 solc-select install 0.8.10 solc-select use 0.8.1 diff --git a/setup.py b/setup.py index 3d2fa2a35..8e20af1f4 100644 --- a/setup.py +++ b/setup.py @@ -30,7 +30,8 @@ setup( "solc-select>=v1.0.0b1", "openai", "pdoc", - ] + ], + "slither-read-storage": ["solc-select>=v1.0.0b1", "web3>=6.0.0b"], }, license="AGPL-3.0", long_description=long_description, diff --git a/slither/tools/read_storage/read_storage.py b/slither/tools/read_storage/read_storage.py index bb662c4d5..f6789bde1 100644 --- a/slither/tools/read_storage/read_storage.py +++ b/slither/tools/read_storage/read_storage.py @@ -3,20 +3,17 @@ import sys from math import floor from typing import Callable, Optional, Tuple, Union, List, Dict, Any -try: - from web3 import Web3 - from eth_typing.evm import ChecksumAddress - from eth_abi import decode_single, encode_abi - from eth_utils import keccak - from .utils import ( - get_offset_value, - get_storage_data, - coerce_type, - ) -except ImportError: - print("ERROR: in order to use slither-read-storage, you need to install web3") - print("$ pip3 install web3 --user\n") - sys.exit(-1) + +from web3 import Web3 +from eth_typing.evm import ChecksumAddress +from eth_abi import decode, encode +from eth_utils import keccak +from .utils import ( + get_offset_value, + get_storage_data, + coerce_type, +) + import dataclasses from slither.utils.myprettytable import MyPrettyTable @@ -92,7 +89,7 @@ class SlitherReadStorage: if not self.storage_address: raise ValueError if not self._checksum_address: - self._checksum_address = self.web3.toChecksumAddress(self.storage_address) + self._checksum_address = self.web3.to_checksum_address(self.storage_address) return self._checksum_address @property @@ -449,7 +446,7 @@ class SlitherReadStorage: if "int" in key_type: # without this eth_utils encoding fails key = int(key) key = coerce_type(key_type, key) - slot = keccak(encode_abi([key_type, "uint256"], [key, decode_single("uint256", slot)])) + slot = keccak(encode([key_type, "uint256"], [key, decode("uint256", slot)])) if isinstance(target_variable_type.type_to, UserDefinedType) and isinstance( target_variable_type.type_to.type, Structure @@ -471,7 +468,7 @@ class SlitherReadStorage: deep_key = int(deep_key) # If deep map, will be keccak256(abi.encode(key1, keccak256(abi.encode(key0, uint(slot))))) - slot = keccak(encode_abi([key_type, "bytes32"], [deep_key, slot])) + slot = keccak(encode([key_type, "bytes32"], [deep_key, slot])) # mapping(elem => mapping(elem => elem)) target_variable_type_type_to_type_to = target_variable_type.type_to.type_to diff --git a/tests/test_read_storage.py b/tests/test_read_storage.py index 67a89dae8..72e514e18 100644 --- a/tests/test_read_storage.py +++ b/tests/test_read_storage.py @@ -12,13 +12,10 @@ from deepdiff import DeepDiff from slither import Slither from slither.tools.read_storage import SlitherReadStorage -try: - from web3 import Web3 - from web3.contract import Contract -except ImportError: - print("ERROR: in order to use slither-read-storage, you need to install web3") - print("$ pip3 install web3 --user\n") - sys.exit(-1) + +from web3 import Web3 +from web3.contract import Contract + SLITHER_ROOT = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) STORAGE_TEST_ROOT = os.path.join(SLITHER_ROOT, "tests", "storage-layout") @@ -98,7 +95,7 @@ def deploy_contract(w3, ganache, contract_bin, contract_abi) -> Contract: # pylint: disable=too-many-locals @pytest.mark.usefixtures("web3", "ganache") def test_read_storage(web3, ganache) -> None: - assert web3.isConnected() + assert web3.is_connected() bin_path = os.path.join(STORAGE_TEST_ROOT, "StorageLayout.bin") abi_path = os.path.join(STORAGE_TEST_ROOT, "StorageLayout.abi") bytecode = get_source_file(bin_path) From 3861029145cf2b947f4918e8d6ba233b9ed3555a Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Fri, 10 Mar 2023 09:53:14 -0600 Subject: [PATCH 2/8] inspect whether package is installed --- .github/workflows/read_storage.yml | 2 +- setup.py | 2 +- slither/tools/read_storage/read_storage.py | 30 +++++++++++--------- slither/tools/read_storage/utils/__init__.py | 6 +--- slither/tools/read_storage/utils/utils.py | 2 +- 5 files changed, 21 insertions(+), 21 deletions(-) diff --git a/.github/workflows/read_storage.yml b/.github/workflows/read_storage.yml index 85e399006..6822d1034 100644 --- a/.github/workflows/read_storage.yml +++ b/.github/workflows/read_storage.yml @@ -39,7 +39,7 @@ jobs: - name: Install python dependencies run: | - pip install ".[slither-read-storage]" + pip install ".[read-storage]" solc-select install 0.8.1 solc-select install 0.8.10 solc-select use 0.8.1 diff --git a/setup.py b/setup.py index 8e20af1f4..2123f482b 100644 --- a/setup.py +++ b/setup.py @@ -31,7 +31,7 @@ setup( "openai", "pdoc", ], - "slither-read-storage": ["solc-select>=v1.0.0b1", "web3>=6.0.0b"], + "read-storage": ["solc-select>=v1.0.0b1", "web3>=6.0.0b"], }, license="AGPL-3.0", long_description=long_description, diff --git a/slither/tools/read_storage/read_storage.py b/slither/tools/read_storage/read_storage.py index f6789bde1..8bf83db02 100644 --- a/slither/tools/read_storage/read_storage.py +++ b/slither/tools/read_storage/read_storage.py @@ -1,27 +1,31 @@ +import importlib.util import logging import sys from math import floor -from typing import Callable, Optional, Tuple, Union, List, Dict, Any +from typing import Any, Callable, Dict, List, Optional, Tuple, Union +if importlib.util.find_spec("web3").loader is None: + print( + "Please install slither with `pip install slither-analyzer[read-storage]` to use slither-read-storage." + ) + sys.exit(-1) + +import dataclasses -from web3 import Web3 -from eth_typing.evm import ChecksumAddress from eth_abi import decode, encode +from eth_typing.evm import ChecksumAddress from eth_utils import keccak -from .utils import ( - get_offset_value, - get_storage_data, - coerce_type, -) - +from web3 import Web3 -import dataclasses -from slither.utils.myprettytable import MyPrettyTable -from slither.core.solidity_types.type import Type -from slither.core.solidity_types import ArrayType, ElementaryType, UserDefinedType, MappingType from slither.core.declarations import Contract, Structure +from slither.core.solidity_types import (ArrayType, ElementaryType, + MappingType, UserDefinedType) +from slither.core.solidity_types.type import Type from slither.core.variables.state_variable import StateVariable from slither.core.variables.structure_variable import StructureVariable +from slither.utils.myprettytable import MyPrettyTable + +from .utils import coerce_type, get_offset_value, get_storage_data logging.basicConfig() logger = logging.getLogger("Slither-read-storage") diff --git a/slither/tools/read_storage/utils/__init__.py b/slither/tools/read_storage/utils/__init__.py index 2fb43c8b8..9a624a4c7 100644 --- a/slither/tools/read_storage/utils/__init__.py +++ b/slither/tools/read_storage/utils/__init__.py @@ -1,5 +1 @@ -from .utils import ( - get_offset_value, - get_storage_data, - coerce_type, -) +from .utils import coerce_type, get_offset_value, get_storage_data diff --git a/slither/tools/read_storage/utils/utils.py b/slither/tools/read_storage/utils/utils.py index 3e51e2181..befd3d0e7 100644 --- a/slither/tools/read_storage/utils/utils.py +++ b/slither/tools/read_storage/utils/utils.py @@ -1,7 +1,7 @@ from typing import Union from eth_typing.evm import ChecksumAddress -from eth_utils import to_int, to_text, to_checksum_address +from eth_utils import to_checksum_address, to_int, to_text def get_offset_value(hex_bytes: bytes, offset: int, size: int) -> bytes: From d9fda0b85cc05ff97e164df9fccc2c3cdbb68de5 Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Fri, 10 Mar 2023 10:01:30 -0600 Subject: [PATCH 3/8] make dev install read-storage deps --- .github/workflows/read_storage.yml | 2 +- setup.py | 2 +- tests/test_read_storage.py | 11 ++++------- 3 files changed, 6 insertions(+), 9 deletions(-) diff --git a/.github/workflows/read_storage.yml b/.github/workflows/read_storage.yml index 6822d1034..b9ff687ff 100644 --- a/.github/workflows/read_storage.yml +++ b/.github/workflows/read_storage.yml @@ -39,7 +39,7 @@ jobs: - name: Install python dependencies run: | - pip install ".[read-storage]" + pip install ".[dev]" solc-select install 0.8.1 solc-select install 0.8.10 solc-select use 0.8.1 diff --git a/setup.py b/setup.py index 2123f482b..1ffee1589 100644 --- a/setup.py +++ b/setup.py @@ -27,7 +27,7 @@ setup( "pytest-xdist", "deepdiff", "numpy", - "solc-select>=v1.0.0b1", + "slither-analyzer[read-storage]", "openai", "pdoc", ], diff --git a/tests/test_read_storage.py b/tests/test_read_storage.py index 72e514e18..7aec6ff40 100644 --- a/tests/test_read_storage.py +++ b/tests/test_read_storage.py @@ -1,7 +1,6 @@ -import re -import os -import sys import json +import os +import re import shutil import subprocess from time import sleep @@ -9,13 +8,11 @@ from typing import Generator import pytest from deepdiff import DeepDiff -from slither import Slither -from slither.tools.read_storage import SlitherReadStorage - - from web3 import Web3 from web3.contract import Contract +from slither import Slither +from slither.tools.read_storage import SlitherReadStorage SLITHER_ROOT = os.path.dirname(os.path.dirname(os.path.abspath(__file__))) STORAGE_TEST_ROOT = os.path.join(SLITHER_ROOT, "tests", "storage-layout") From 6236e54b3e344f3d29bb8be8955fc83759c25652 Mon Sep 17 00:00:00 2001 From: Simone Date: Fri, 10 Mar 2023 22:47:33 +0100 Subject: [PATCH 4/8] Improve top level functions format --- slither/printers/summary/slithir.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slither/printers/summary/slithir.py b/slither/printers/summary/slithir.py index 6f64d7624..be9ebc8f5 100644 --- a/slither/printers/summary/slithir.py +++ b/slither/printers/summary/slithir.py @@ -46,7 +46,7 @@ class PrinterSlithIR(AbstractPrinter): txt += f"\tModifier {modifier.canonical_name}\n" txt += _print_function(modifier) if compilation_unit.functions_top_level: - txt += "Top level functions" + txt += "Top level functions\n" for function in compilation_unit.functions_top_level: txt += f"\tFunction {function.canonical_name}\n" txt += _print_function(function) From f67c96b827b334ab20b585abb6464d5ad29b7233 Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Sun, 12 Mar 2023 23:06:26 -0500 Subject: [PATCH 5/8] update filter-paths help --- slither/__main__.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slither/__main__.py b/slither/__main__.py index 385dc608f..5d0dda9e0 100644 --- a/slither/__main__.py +++ b/slither/__main__.py @@ -514,7 +514,7 @@ def parse_args( group_misc.add_argument( "--filter-paths", - help="Comma-separated list of paths for which results will be excluded", + help="Regex filter to exclude detector results matching file path e.g. (mocks/|test/)", action="store", dest="filter_paths", default=defaults_flag_in_config["filter_paths"], From 517d36e315ab50b9a756e6bd2a8f4ec5db010b02 Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Tue, 14 Mar 2023 08:56:52 -0500 Subject: [PATCH 6/8] add issue template for false neg. and positive --- .github/ISSUE_TEMPLATE/false_negative.yml | 61 +++++++++++++++++++++++ .github/ISSUE_TEMPLATE/false_positive.yml | 61 +++++++++++++++++++++++ 2 files changed, 122 insertions(+) create mode 100644 .github/ISSUE_TEMPLATE/false_negative.yml create mode 100644 .github/ISSUE_TEMPLATE/false_positive.yml diff --git a/.github/ISSUE_TEMPLATE/false_negative.yml b/.github/ISSUE_TEMPLATE/false_negative.yml new file mode 100644 index 000000000..f07d389fa --- /dev/null +++ b/.github/ISSUE_TEMPLATE/false_negative.yml @@ -0,0 +1,61 @@ +--- +body: + - + attributes: + value: | + Please check the issues tab to avoid duplicates. + Thanks for helping make Slither the best it can be! + type: markdown + - + attributes: + label: "What bug did Slither miss and which detector did you anticipate would catch it?" + id: what-happened + type: textarea + validations: + required: true + - + attributes: + label: Frequency + description: How often do you run across this false positive? + options: + - Very Frequently + - Occasionally + - Rarely + - Not sure + id: frequency + type: dropdown + validations: + required: true + - + attributes: + description: "It can be a github repo, etherscan link, or code snippet." + label: "Code example to reproduce the issue:" + placeholder: "`contract A {}`\n" + id: reproduce + type: textarea + validations: + required: true + - + attributes: + description: | + What version of slither are you running? + Run `slither --version` + label: "Version:" + id: version + type: textarea + validations: + required: true + - + attributes: + description: | + Please copy and paste the result output. This + will be automatically formatted into code, so no need for backticks. + render: shell + label: "Relevant log output:" + id: logs + type: textarea +description: "Slither missed a bug it should find." +labels: + - false-negative +name: False Negative" +title: "[False Negative]: " diff --git a/.github/ISSUE_TEMPLATE/false_positive.yml b/.github/ISSUE_TEMPLATE/false_positive.yml new file mode 100644 index 000000000..258a70dfb --- /dev/null +++ b/.github/ISSUE_TEMPLATE/false_positive.yml @@ -0,0 +1,61 @@ +--- +body: + - + attributes: + value: | + Please check the issues tab to avoid duplicates. + Thanks for helping make Slither the best it can be! + type: markdown + - + attributes: + label: "Describe the false alarm that Slither raise and how you know it's inaccurate:" + id: what-happened + type: textarea + validations: + required: true + - + attributes: + label: Frequency + description: How often do you run across this false positive? + options: + - Very Frequently + - Occasionally + - Rarely + - Not sure + id: frequency + type: dropdown + validations: + required: true + - + attributes: + description: "It can be a github repo, etherscan link, or code snippet." + label: "Code example to reproduce the issue:" + placeholder: "`contract A {}`\n" + id: reproduce + type: textarea + validations: + required: true + - + attributes: + description: | + What version of slither are you running? + Run `slither --version` + label: "Version:" + id: version + type: textarea + validations: + required: true + - + attributes: + description: | + Please copy and paste the result output. This + will be automatically formatted into code, so no need for backticks. + render: shell + label: "Relevant log output:" + id: logs + type: textarea +description: "Slither warned of an issue that is not legitimate and does not need to be fixed." +labels: + - false-positive +name: "False Positive" +title: "[False-Positive]: " From 4a69025afb1b32f1e1ba5380034a79d2b57fd9e6 Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Tue, 14 Mar 2023 08:58:10 -0500 Subject: [PATCH 7/8] Update .github/ISSUE_TEMPLATE/false_negative.yml --- .github/ISSUE_TEMPLATE/false_negative.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/ISSUE_TEMPLATE/false_negative.yml b/.github/ISSUE_TEMPLATE/false_negative.yml index f07d389fa..e11b6ca8d 100644 --- a/.github/ISSUE_TEMPLATE/false_negative.yml +++ b/.github/ISSUE_TEMPLATE/false_negative.yml @@ -16,7 +16,7 @@ body: - attributes: label: Frequency - description: How often do you run across this false positive? + description: How often do you run across this false negative? options: - Very Frequently - Occasionally From a31282b483d579ae84c56069e40aa92764843023 Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Wed, 15 Mar 2023 11:12:10 -0500 Subject: [PATCH 8/8] make web3>=6.0.0 a dependency --- setup.py | 3 +-- slither/tools/read_storage/read_storage.py | 11 +---------- 2 files changed, 2 insertions(+), 12 deletions(-) diff --git a/setup.py b/setup.py index 1ffee1589..0d26167b3 100644 --- a/setup.py +++ b/setup.py @@ -27,11 +27,10 @@ setup( "pytest-xdist", "deepdiff", "numpy", - "slither-analyzer[read-storage]", "openai", "pdoc", + "web3>=6.0.0", ], - "read-storage": ["solc-select>=v1.0.0b1", "web3>=6.0.0b"], }, license="AGPL-3.0", long_description=long_description, diff --git a/slither/tools/read_storage/read_storage.py b/slither/tools/read_storage/read_storage.py index 8bf83db02..387aa619a 100644 --- a/slither/tools/read_storage/read_storage.py +++ b/slither/tools/read_storage/read_storage.py @@ -1,15 +1,7 @@ -import importlib.util import logging -import sys from math import floor from typing import Any, Callable, Dict, List, Optional, Tuple, Union -if importlib.util.find_spec("web3").loader is None: - print( - "Please install slither with `pip install slither-analyzer[read-storage]` to use slither-read-storage." - ) - sys.exit(-1) - import dataclasses from eth_abi import decode, encode @@ -18,8 +10,7 @@ from eth_utils import keccak from web3 import Web3 from slither.core.declarations import Contract, Structure -from slither.core.solidity_types import (ArrayType, ElementaryType, - MappingType, UserDefinedType) +from slither.core.solidity_types import ArrayType, ElementaryType, MappingType, UserDefinedType from slither.core.solidity_types.type import Type from slither.core.variables.state_variable import StateVariable from slither.core.variables.structure_variable import StructureVariable