From 68333ff7bd212165de7cac82cbbc4d0f8942d473 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emilio=20L=C3=B3pez?= Date: Thu, 16 Dec 2021 18:08:52 -0300 Subject: [PATCH 1/2] Add pip-audit action workflow This adds a new GitHub Actions workflow. This workflow runs pip-audit on the repository on each new commit and pull request to the `dev` and `master` branches, as well as every Tuesday morning. If any known vulnerable dependency is found, this workflow will fail. --- .github/workflows/pip-audit.yml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) create mode 100644 .github/workflows/pip-audit.yml diff --git a/.github/workflows/pip-audit.yml b/.github/workflows/pip-audit.yml new file mode 100644 index 000000000..f6360056c --- /dev/null +++ b/.github/workflows/pip-audit.yml @@ -0,0 +1,27 @@ +name: pip-audit + +on: + push: + branches: [ dev, master ] + pull_request: + branches: [ dev, master ] + schedule: [ cron: "0 7 * * 2" ] + +jobs: + audit: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v2 + - name: Set up Python 3.10 + uses: actions/setup-python@v2 + with: + python-version: "3.10" + - name: Install pip-audit + run: | + python -m pip install --upgrade pip + python -m pip install pip-audit + - name: Run pip-audit + run: | + python -m pip install . + pip-audit --desc -v From 7aa7cd457661b6191184283d5f6691f139461424 Mon Sep 17 00:00:00 2001 From: disconnect3d Date: Fri, 14 Jan 2022 13:07:41 +0100 Subject: [PATCH 2/2] Fix slither-check-erc output This commit makes the `slither-check-erc` more relevant: - when we confirm function interface's return type, we will now show it properly - we had a mistake that we logged that the "value" is incorrect while we meant "type" --- slither/tools/erc_conformance/erc/ercs.py | 4 ++-- tests/check-erc/test_1.txt | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/slither/tools/erc_conformance/erc/ercs.py b/slither/tools/erc_conformance/erc/ercs.py index da16558b5..1c64dc4a7 100644 --- a/slither/tools/erc_conformance/erc/ercs.py +++ b/slither/tools/erc_conformance/erc/ercs.py @@ -65,10 +65,10 @@ def _check_signature(erc_function, contract, ret): if function_return_type: function_return_type = ",".join([str(x) for x in function_return_type]) if function_return_type == return_type: - txt = f"\t[✓] {sig} -> () (correct return value)" + txt = f"\t[✓] {sig} -> ({function_return_type}) (correct return type)" logger.info(txt) else: - txt = f"\t[ ] {sig} -> () should return {return_type}" + txt = f"\t[ ] {sig} -> ({function_return_type}) should return {return_type}" logger.info(txt) incorrect_return = output.Output( diff --git a/tests/check-erc/test_1.txt b/tests/check-erc/test_1.txt index 1e088017f..014653f1f 100644 --- a/tests/check-erc/test_1.txt +++ b/tests/check-erc/test_1.txt @@ -2,7 +2,7 @@ ## Check functions [✓] totalSupply() is present - [✓] totalSupply() -> () (correct return value) + [✓] totalSupply() -> (uint256) (correct return type) [✓] totalSupply() is view [ ] balanceOf(address) is missing [ ] transfer(address,uint256) is missing