Merge branch 'dev' into dev-exclude-dependencies-flag

pull/269/head
Josselin 6 years ago
commit df595b37ca
  1. 20
      README.md
  2. 68
      scripts/tests_generate_expected_json_4.sh
  3. 2
      scripts/travis_test_etherscan.sh
  4. 126
      slither/detectors/abstract_detector.py
  5. 11
      slither/detectors/functions/external_function.py
  6. 3
      slither/detectors/naming_convention/naming_convention.py
  7. 37
      slither/detectors/source/rtlo.py
  8. 2
      slither/detectors/variables/possible_const_state_variables.py
  9. 12
      tests/expected_json/const_state_variables.constable-states.json
  10. 65
      tests/expected_json/external_function.external-function.json
  11. 3
      tests/expected_json/external_function.external-function.txt
  12. 2
      tests/expected_json/naming_convention.naming-convention.txt
  13. 22
      tests/expected_json/right_to_left_override.rtlo.json
  14. 4
      tests/expected_json/right_to_left_override.rtlo.txt
  15. 12
      tests/external_function.sol
  16. 7
      tests/naming_convention.sol

@ -65,16 +65,16 @@ Num | Detector | What it Detects | Impact | Confidence
24 | `reentrancy-benign` | [Benign reentrancy vulnerabilities](https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-2) | Low | Medium 24 | `reentrancy-benign` | [Benign reentrancy vulnerabilities](https://github.com/crytic/slither/wiki/Detector-Documentation#reentrancy-vulnerabilities-2) | Low | Medium
25 | `timestamp` | [Dangerous usage of `block.timestamp`](https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp) | Low | Medium 25 | `timestamp` | [Dangerous usage of `block.timestamp`](https://github.com/crytic/slither/wiki/Detector-Documentation#block-timestamp) | Low | Medium
26 | `assembly` | [Assembly usage](https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage) | Informational | High 26 | `assembly` | [Assembly usage](https://github.com/crytic/slither/wiki/Detector-Documentation#assembly-usage) | Informational | High
27 | `constable-states` | [State variables that could be declared constant](https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-constant) | Informational | High 27 | `deprecated-standards` | [Deprecated Solidity Standards](https://github.com/crytic/slither/wiki/Detector-Documentation#deprecated-standards) | Informational | High
28 | `deprecated-standards` | [Deprecated Solidity Standards](https://github.com/crytic/slither/wiki/Detector-Documentation#deprecated-standards) | Informational | High 28 | `erc20-indexed` | [Un-indexed ERC20 event parameters](https://github.com/crytic/slither/wiki/Detector-Documentation#unindexed-erc20-event-parameters) | Informational | High
29 | `erc20-indexed` | [Un-indexed ERC20 event parameters](https://github.com/crytic/slither/wiki/Detector-Documentation#unindexed-erc20-event-parameters) | Informational | High 29 | `low-level-calls` | [Low level calls](https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls) | Informational | High
30 | `external-function` | [Public function that could be declared as external](https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-as-external) | Informational | High 30 | `naming-convention` | [Conformance to Solidity naming conventions](https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions) | Informational | High
31 | `low-level-calls` | [Low level calls](https://github.com/crytic/slither/wiki/Detector-Documentation#low-level-calls) | Informational | High 31 | `pragma` | [If different pragma directives are used](https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used) | Informational | High
32 | `naming-convention` | [Conformance to Solidity naming conventions](https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions) | Informational | High 32 | `solc-version` | [Incorrect Solidity version (< 0.4.24 or complex pragma)](https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-version-of-solidity) | Informational | High
33 | `pragma` | [If different pragma directives are used](https://github.com/crytic/slither/wiki/Detector-Documentation#different-pragma-directives-are-used) | Informational | High 33 | `unused-state` | [Unused state variables](https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variables) | Informational | High
34 | `solc-version` | [Incorrect Solidity version (< 0.4.24 or complex pragma)](https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-version-of-solidity) | Informational | High 34 | `too-many-digits` | [Conformance to numeric notation best practices](https://github.com/crytic/slither/wiki/Detector-Documentation#too-many-digits) | Informational | Medium
35 | `unused-state` | [Unused state variables](https://github.com/crytic/slither/wiki/Detector-Documentation#unused-state-variables) | Informational | High 35 | `constable-states` | [State variables that could be declared constant](https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-constant) | Optimization | High
36 | `too-many-digits` | [Conformance to numeric notation best practices](https://github.com/crytic/slither/wiki/Detector-Documentation#too-many-digits) | Informational | Medium 36 | `external-function` | [Public function that could be declared as external](https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-as-external) | Optimization | High
[Contact us](https://www.trailofbits.com/contact/) to get access to additional detectors. [Contact us](https://www.trailofbits.com/contact/) to get access to additional detectors.

@ -21,38 +21,38 @@ generate_expected_json(){
} }
generate_expected_json tests/deprecated_calls.sol "deprecated-standards" #generate_expected_json tests/deprecated_calls.sol "deprecated-standards"
generate_expected_json tests/erc20_indexed.sol "erc20-indexed" #generate_expected_json tests/erc20_indexed.sol "erc20-indexed"
generate_expected_json tests/incorrect_erc20_interface.sol "erc20-interface" #generate_expected_json tests/incorrect_erc20_interface.sol "erc20-interface"
generate_expected_json tests/incorrect_erc721_interface.sol "erc721-interface" #generate_expected_json tests/incorrect_erc721_interface.sol "erc721-interface"
generate_expected_json tests/uninitialized.sol "uninitialized-state" #generate_expected_json tests/uninitialized.sol "uninitialized-state"
generate_expected_json tests/backdoor.sol "backdoor" #generate_expected_json tests/backdoor.sol "backdoor"
generate_expected_json tests/backdoor.sol "suicidal" #generate_expected_json tests/backdoor.sol "suicidal"
generate_expected_json tests/pragma.0.4.24.sol "pragma" #generate_expected_json tests/pragma.0.4.24.sol "pragma"
generate_expected_json tests/old_solc.sol.json "solc-version" #generate_expected_json tests/old_solc.sol.json "solc-version"
generate_expected_json tests/reentrancy.sol "reentrancy-eth" #generate_expected_json tests/reentrancy.sol "reentrancy-eth"
generate_expected_json tests/uninitialized_storage_pointer.sol "uninitialized-storage" #generate_expected_json tests/uninitialized_storage_pointer.sol "uninitialized-storage"
generate_expected_json tests/tx_origin.sol "tx-origin" #generate_expected_json tests/tx_origin.sol "tx-origin"
generate_expected_json tests/unused_state.sol "unused-state" #generate_expected_json tests/unused_state.sol "unused-state"
generate_expected_json tests/locked_ether.sol "locked-ether" #generate_expected_json tests/locked_ether.sol "locked-ether"
generate_expected_json tests/arbitrary_send.sol "arbitrary-send" #generate_expected_json tests/arbitrary_send.sol "arbitrary-send"
generate_expected_json tests/inline_assembly_contract.sol "assembly" #generate_expected_json tests/inline_assembly_contract.sol "assembly"
generate_expected_json tests/inline_assembly_library.sol "assembly" #generate_expected_json tests/inline_assembly_library.sol "assembly"
generate_expected_json tests/low_level_calls.sol "low-level-calls" #generate_expected_json tests/low_level_calls.sol "low-level-calls"
generate_expected_json tests/const_state_variables.sol "constable-states" #generate_expected_json tests/const_state_variables.sol "constable-states"
generate_expected_json tests/external_function.sol "external-function" #generate_expected_json tests/external_function.sol "external-function"
generate_expected_json tests/external_function_2.sol "external-function" #generate_expected_json tests/external_function_2.sol "external-function"
generate_expected_json tests/naming_convention.sol "naming-convention" #generate_expected_json tests/naming_convention.sol "naming-convention"
generate_expected_json tests/uninitialized_local_variable.sol "uninitialized-local" #generate_expected_json tests/uninitialized_local_variable.sol "uninitialized-local"
generate_expected_json tests/controlled_delegatecall.sol "controlled-delegatecall" #generate_expected_json tests/controlled_delegatecall.sol "controlled-delegatecall"
generate_expected_json tests/constant.sol "constant-function" #generate_expected_json tests/constant.sol "constant-function"
generate_expected_json tests/unused_return.sol "unused-return" #generate_expected_json tests/unused_return.sol "unused-return"
generate_expected_json tests/shadowing_state_variable.sol "shadowing-state" #generate_expected_json tests/shadowing_state_variable.sol "shadowing-state"
generate_expected_json tests/shadowing_abstract.sol "shadowing-abstract" #generate_expected_json tests/shadowing_abstract.sol "shadowing-abstract"
generate_expected_json tests/timestamp.sol "timestamp" #generate_expected_json tests/timestamp.sol "timestamp"
generate_expected_json tests/multiple_calls_in_loop.sol "calls-loop" #generate_expected_json tests/multiple_calls_in_loop.sol "calls-loop"
generate_expected_json tests/shadowing_builtin_symbols.sol "shadowing-builtin" #generate_expected_json tests/shadowing_builtin_symbols.sol "shadowing-builtin"
generate_expected_json tests/shadowing_local_variable.sol "shadowing-local" #generate_expected_json tests/shadowing_local_variable.sol "shadowing-local"
generate_expected_json tests/solc_version_incorrect.sol "solc-version" #generate_expected_json tests/solc_version_incorrect.sol "solc-version"
generate_expected_json tests/right_to_left_override.sol "rtlo" generate_expected_json tests/right_to_left_override.sol "rtlo"
generate_expected_json tests/unchecked_lowlevel.sol "unchecked-lowlevel" #generate_expected_json tests/unchecked_lowlevel.sol "unchecked-lowlevel"

@ -10,7 +10,7 @@ chmod +x solc-0.4.25
slither 0x7F37f78cBD74481E593F9C737776F7113d76B315 --solc "./solc-0.4.25" slither 0x7F37f78cBD74481E593F9C737776F7113d76B315 --solc "./solc-0.4.25"
if [ $? -ne 6 ] if [ $? -ne 5 ]
then then
echo "Etherscan test failed" echo "Etherscan test failed"
exit -1 exit -1

@ -2,9 +2,10 @@ import abc
import re import re
from slither.utils.colors import green, yellow, red from slither.utils.colors import green, yellow, red
from slither.core.source_mapping.source_mapping import SourceMapping
from collections import OrderedDict from collections import OrderedDict
class IncorrectDetectorInitialization(Exception): class IncorrectDetectorInitialization(Exception):
pass pass
@ -14,22 +15,26 @@ class DetectorClassification:
MEDIUM = 1 MEDIUM = 1
LOW = 2 LOW = 2
INFORMATIONAL = 3 INFORMATIONAL = 3
OPTIMIZATION = 4
classification_colors = { classification_colors = {
DetectorClassification.INFORMATIONAL: green, DetectorClassification.INFORMATIONAL: green,
DetectorClassification.OPTIMIZATION: green,
DetectorClassification.LOW: green, DetectorClassification.LOW: green,
DetectorClassification.MEDIUM: yellow, DetectorClassification.MEDIUM: yellow,
DetectorClassification.HIGH: red, DetectorClassification.HIGH: red
} }
classification_txt = { classification_txt = {
DetectorClassification.INFORMATIONAL: 'Informational', DetectorClassification.INFORMATIONAL: 'Informational',
DetectorClassification.OPTIMIZATION: 'Optimization',
DetectorClassification.LOW: 'Low', DetectorClassification.LOW: 'Low',
DetectorClassification.MEDIUM: 'Medium', DetectorClassification.MEDIUM: 'Medium',
DetectorClassification.HIGH: 'High', DetectorClassification.HIGH: 'High',
} }
class AbstractDetector(metaclass=abc.ABCMeta): class AbstractDetector(metaclass=abc.ABCMeta):
ARGUMENT = '' # run the detector with slither.py --ARGUMENT ARGUMENT = '' # run the detector with slither.py --ARGUMENT
HELP = '' # help information HELP = '' # help information
@ -43,7 +48,6 @@ class AbstractDetector(metaclass=abc.ABCMeta):
WIKI_EXPLOIT_SCENARIO = '' WIKI_EXPLOIT_SCENARIO = ''
WIKI_RECOMMENDATION = '' WIKI_RECOMMENDATION = ''
def __init__(self, slither, logger): def __init__(self, slither, logger):
self.slither = slither self.slither = slither
self.contracts = slither.contracts self.contracts = slither.contracts
@ -65,7 +69,8 @@ class AbstractDetector(metaclass=abc.ABCMeta):
if not self.WIKI_DESCRIPTION: if not self.WIKI_DESCRIPTION:
raise IncorrectDetectorInitialization('WIKI_DESCRIPTION is not initialized {}'.format(self.__class__.__name__)) raise IncorrectDetectorInitialization('WIKI_DESCRIPTION is not initialized {}'.format(self.__class__.__name__))
if not self.WIKI_EXPLOIT_SCENARIO and self.IMPACT != DetectorClassification.INFORMATIONAL: if not self.WIKI_EXPLOIT_SCENARIO and self.IMPACT not in [DetectorClassification.INFORMATIONAL,
DetectorClassification.OPTIMIZATION]:
raise IncorrectDetectorInitialization('WIKI_EXPLOIT_SCENARIO is not initialized {}'.format(self.__class__.__name__)) raise IncorrectDetectorInitialization('WIKI_EXPLOIT_SCENARIO is not initialized {}'.format(self.__class__.__name__))
if not self.WIKI_RECOMMENDATION: if not self.WIKI_RECOMMENDATION:
@ -77,16 +82,17 @@ class AbstractDetector(metaclass=abc.ABCMeta):
if self.IMPACT not in [DetectorClassification.LOW, if self.IMPACT not in [DetectorClassification.LOW,
DetectorClassification.MEDIUM, DetectorClassification.MEDIUM,
DetectorClassification.HIGH, DetectorClassification.HIGH,
DetectorClassification.INFORMATIONAL]: DetectorClassification.INFORMATIONAL,
DetectorClassification.OPTIMIZATION]:
raise IncorrectDetectorInitialization('IMPACT is not initialized {}'.format(self.__class__.__name__)) raise IncorrectDetectorInitialization('IMPACT is not initialized {}'.format(self.__class__.__name__))
if self.CONFIDENCE not in [DetectorClassification.LOW, if self.CONFIDENCE not in [DetectorClassification.LOW,
DetectorClassification.MEDIUM, DetectorClassification.MEDIUM,
DetectorClassification.HIGH, DetectorClassification.HIGH,
DetectorClassification.INFORMATIONAL]: DetectorClassification.INFORMATIONAL,
DetectorClassification.OPTIMIZATION]:
raise IncorrectDetectorInitialization('CONFIDENCE is not initialized {}'.format(self.__class__.__name__)) raise IncorrectDetectorInitialization('CONFIDENCE is not initialized {}'.format(self.__class__.__name__))
def _log(self, info): def _log(self, info):
self.logger.info(self.color(info)) self.logger.info(self.color(info))
@ -129,7 +135,6 @@ class AbstractDetector(metaclass=abc.ABCMeta):
self.logger.error(yellow('Malformed input. Example of valid input: 0,1,2,3')) self.logger.error(yellow('Malformed input. Example of valid input: 0,1,2,3'))
return results return results
@property @property
def color(self): def color(self):
return classification_colors[self.IMPACT] return classification_colors[self.IMPACT]
@ -156,104 +161,94 @@ class AbstractDetector(metaclass=abc.ABCMeta):
element['additional_fields'] = additional_fields element['additional_fields'] = additional_fields
return element return element
@staticmethod def _create_parent_element(self, element):
def _create_parent_element(element):
from slither.core.children.child_contract import ChildContract from slither.core.children.child_contract import ChildContract
from slither.core.children.child_function import ChildFunction from slither.core.children.child_function import ChildFunction
from slither.core.children.child_inheritance import ChildInheritance from slither.core.children.child_inheritance import ChildInheritance
if isinstance(element, ChildInheritance): if isinstance(element, ChildInheritance):
if element.contract_declarer: if element.contract_declarer:
contract = {'elements': []} contract = {'elements': []}
AbstractDetector.add_contract_to_json(element.contract_declarer, contract) self.add_contract_to_json(element.contract_declarer, contract)
return contract['elements'][0] return contract['elements'][0]
elif isinstance(element, ChildContract): elif isinstance(element, ChildContract):
if element.contract: if element.contract:
contract = {'elements': []} contract = {'elements': []}
AbstractDetector.add_contract_to_json(element.contract, contract) self.add_contract_to_json(element.contract, contract)
return contract['elements'][0] return contract['elements'][0]
elif isinstance(element, ChildFunction): elif isinstance(element, ChildFunction):
if element.function: if element.function:
function = {'elements': []} function = {'elements': []}
AbstractDetector.add_function_to_json(element.function, function) self.add_function_to_json(element.function, function)
return function['elements'][0] return function['elements'][0]
return None return None
@staticmethod def add_variable_to_json(self, variable, d, additional_fields={}):
def add_variable_to_json(variable, d, additional_fields={}):
type_specific_fields = { type_specific_fields = {
'parent': AbstractDetector._create_parent_element(variable) 'parent': self._create_parent_element(variable)
} }
element = AbstractDetector._create_base_element('variable', element = self._create_base_element('variable',
variable.name, variable.name,
variable.source_mapping, variable.source_mapping,
type_specific_fields, type_specific_fields,
additional_fields) additional_fields)
d['elements'].append(element) d['elements'].append(element)
@staticmethod def add_variables_to_json(self, variables, d):
def add_variables_to_json(variables, d):
for variable in sorted(variables, key=lambda x:x.name): for variable in sorted(variables, key=lambda x:x.name):
AbstractDetector.add_variable_to_json(variable, d) self.add_variable_to_json(variable, d)
@staticmethod def add_contract_to_json(self, contract, d, additional_fields={}):
def add_contract_to_json(contract, d, additional_fields={}): element = self._create_base_element('contract',
element = AbstractDetector._create_base_element('contract',
contract.name, contract.name,
contract.source_mapping, contract.source_mapping,
{}, {},
additional_fields) additional_fields)
d['elements'].append(element) d['elements'].append(element)
@staticmethod def add_function_to_json(self, function, d, additional_fields={}):
def add_function_to_json(function, d, additional_fields={}):
type_specific_fields = { type_specific_fields = {
'parent': AbstractDetector._create_parent_element(function), 'parent': self._create_parent_element(function),
'signature': function.full_name 'signature': function.full_name
} }
element = AbstractDetector._create_base_element('function', element = self._create_base_element('function',
function.name, function.name,
function.source_mapping, function.source_mapping,
type_specific_fields, type_specific_fields,
additional_fields) additional_fields)
d['elements'].append(element) d['elements'].append(element)
def add_functions_to_json(self, functions, d, additional_fields={}):
@staticmethod
def add_functions_to_json(functions, d, additional_fields={}):
for function in sorted(functions, key=lambda x: x.name): for function in sorted(functions, key=lambda x: x.name):
AbstractDetector.add_function_to_json(function, d, additional_fields) self.add_function_to_json(function, d, additional_fields)
@staticmethod def add_enum_to_json(self, enum, d, additional_fields={}):
def add_enum_to_json(enum, d, additional_fields={}):
type_specific_fields = { type_specific_fields = {
'parent': AbstractDetector._create_parent_element(enum) 'parent': self._create_parent_element(enum)
} }
element = AbstractDetector._create_base_element('enum', element = self._create_base_element('enum',
enum.name, enum.name,
enum.source_mapping, enum.source_mapping,
type_specific_fields, type_specific_fields,
additional_fields) additional_fields)
d['elements'].append(element) d['elements'].append(element)
@staticmethod def add_struct_to_json(self, struct, d, additional_fields={}):
def add_struct_to_json(struct, d, additional_fields={}):
type_specific_fields = { type_specific_fields = {
'parent': AbstractDetector._create_parent_element(struct) 'parent': self._create_parent_element(struct)
} }
element = AbstractDetector._create_base_element('struct', element = self._create_base_element('struct',
struct.name, struct.name,
struct.source_mapping, struct.source_mapping,
type_specific_fields, type_specific_fields,
additional_fields) additional_fields)
d['elements'].append(element) d['elements'].append(element)
@staticmethod def add_event_to_json(self, event, d, additional_fields={}):
def add_event_to_json(event, d, additional_fields={}):
type_specific_fields = { type_specific_fields = {
'parent': AbstractDetector._create_parent_element(event), 'parent': self._create_parent_element(event),
'signature': event.full_name 'signature': event.full_name
} }
element = AbstractDetector._create_base_element('event', element = self._create_base_element('event',
event.name, event.name,
event.source_mapping, event.source_mapping,
type_specific_fields, type_specific_fields,
@ -261,34 +256,57 @@ class AbstractDetector(metaclass=abc.ABCMeta):
d['elements'].append(element) d['elements'].append(element)
@staticmethod def add_node_to_json(self, node, d, additional_fields={}):
def add_node_to_json(node, d, additional_fields={}):
type_specific_fields = { type_specific_fields = {
'parent': AbstractDetector._create_parent_element(node), 'parent': self._create_parent_element(node),
} }
node_name = str(node.expression) if node.expression else "" node_name = str(node.expression) if node.expression else ""
element = AbstractDetector._create_base_element('node', element = self._create_base_element('node',
node_name, node_name,
node.source_mapping, node.source_mapping,
type_specific_fields, type_specific_fields,
additional_fields) additional_fields)
d['elements'].append(element) d['elements'].append(element)
def add_nodes_to_json(self, nodes, d):
@staticmethod
def add_nodes_to_json(nodes, d):
for node in sorted(nodes, key=lambda x: x.node_id): for node in sorted(nodes, key=lambda x: x.node_id):
AbstractDetector.add_node_to_json(node, d) self.add_node_to_json(node, d)
@staticmethod def add_pragma_to_json(self, pragma, d, additional_fields={}):
def add_pragma_to_json(pragma, d, additional_fields={}):
type_specific_fields = { type_specific_fields = {
'directive': pragma.directive 'directive': pragma.directive
} }
element = AbstractDetector._create_base_element('pragma', element = self._create_base_element('pragma',
pragma.version, pragma.version,
pragma.source_mapping, pragma.source_mapping,
type_specific_fields, type_specific_fields,
additional_fields) additional_fields)
d['elements'].append(element)
def add_other_to_json(self, name, source_mapping, d, additional_fields={}):
# If this a tuple with (filename, start, end), convert it to a source mapping.
if isinstance(source_mapping, tuple):
# Parse the source id
(filename, start, end) = source_mapping
source_id = next((source_unit_id for (source_unit_id, source_unit_filename) in self.slither.source_units.items() if source_unit_filename == filename), -1)
# Convert to a source mapping string
source_mapping = f"{start}:{end}:{source_id}"
# If this is a source mapping string, parse it.
if isinstance(source_mapping, str):
source_mapping_str = source_mapping
source_mapping = SourceMapping()
source_mapping.set_offset(source_mapping_str, self.slither)
# If this is a source mapping object, get the underlying source mapping dictionary
if isinstance(source_mapping, SourceMapping):
source_mapping = source_mapping.source_mapping
# Create the underlying element and add it to our resulting json
element = self._create_base_element('other',
name,
source_mapping,
{},
additional_fields)
d['elements'].append(element) d['elements'].append(element)

@ -13,7 +13,7 @@ class ExternalFunction(AbstractDetector):
ARGUMENT = 'external-function' ARGUMENT = 'external-function'
HELP = 'Public function that could be declared as external' HELP = 'Public function that could be declared as external'
IMPACT = DetectorClassification.INFORMATIONAL IMPACT = DetectorClassification.OPTIMIZATION
CONFIDENCE = DetectorClassification.HIGH CONFIDENCE = DetectorClassification.HIGH
WIKI = 'https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-as-external' WIKI = 'https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-as-external'
@ -96,6 +96,10 @@ class ExternalFunction(AbstractDetector):
for function in derived_contract.functions for function in derived_contract.functions
if function.full_name == base_most_function.full_name] if function.full_name == base_most_function.full_name]
@staticmethod
def function_parameters_written(function):
return any(p in function.variables_written for p in function.parameters)
def _detect(self): def _detect(self):
results = [] results = []
@ -130,6 +134,11 @@ class ExternalFunction(AbstractDetector):
if function in completed_functions: if function in completed_functions:
continue continue
# If the function has parameters which are written-to in function body, we skip
# because parameters of external functions will be allocated in calldata region which is immutable
if self.function_parameters_written(function):
continue
# Get the base-most function to know our origin of this function. # Get the base-most function to know our origin of this function.
base_most_function = self.get_base_most_function(function) base_most_function = self.get_base_most_function(function)

@ -104,6 +104,9 @@ Solidity defines a [naming convention](https://solidity.readthedocs.io/en/v0.4.2
results.append(json) results.append(json)
for argument in func.parameters: for argument in func.parameters:
# Ignore parameter names that are not specified i.e. empty strings
if argument.name == "":
continue
if argument in func.variables_read_or_written: if argument in func.variables_read_or_written:
correct_naming = self.is_mixed_case(argument.name) correct_naming = self.is_mixed_case(argument.name)
else: else:

@ -44,20 +44,39 @@ contract Token
''' '''
WIKI_RECOMMENDATION = 'Special control characters must not be allowed.' WIKI_RECOMMENDATION = 'Special control characters must not be allowed.'
RTLO_CHARACTER_ENCODED = "\u202e".encode('utf-8')
def _detect(self): def _detect(self):
results = [] results = []
pattern = re.compile(".*\u202e.*".encode('utf-8'))
pattern = re.compile(".*\u202e.*")
for filename, source in self.slither.source_code.items(): for filename, source in self.slither.source_code.items():
info = "{} contains a unicode right-to-left-override character:\n".format(filename) # Attempt to find all RTLO characters in this source file.
found = False original_source_encoded = source.encode('utf-8')
for match in pattern.finditer(source): start_index = 0
match_line = match.group(0)
info += "\t- {}\n".format(match_line) # Keep searching all file contents for the character.
found = True while True:
source_encoded = original_source_encoded[start_index:]
if found: result_index = source_encoded.find(self.RTLO_CHARACTER_ENCODED)
# If we couldn't find the character in the remainder of source, stop.
if result_index == -1:
break
else:
# We found another instance of the character, define our output
idx = start_index + result_index
info = f"{filename} contains a unicode right-to-left-override character at byte offset {idx}:\n"
# We have a patch, so pattern.find will return at least one result
info += f"\t- {pattern.findall(source_encoded)[0]}\n"
json = self.generate_json_result(info) json = self.generate_json_result(info)
self.add_other_to_json("rtlo-character",
(filename, idx, len(self.RTLO_CHARACTER_ENCODED)), json)
results.append(json) results.append(json)
# Advance the start index for the next iteration
start_index = result_index + 1
return results return results

@ -18,7 +18,7 @@ class ConstCandidateStateVars(AbstractDetector):
ARGUMENT = 'constable-states' ARGUMENT = 'constable-states'
HELP = 'State variables that could be declared constant' HELP = 'State variables that could be declared constant'
IMPACT = DetectorClassification.INFORMATIONAL IMPACT = DetectorClassification.OPTIMIZATION
CONFIDENCE = DetectorClassification.HIGH CONFIDENCE = DetectorClassification.HIGH
WIKI = 'https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-constant' WIKI = 'https://github.com/crytic/slither/wiki/Detector-Documentation#state-variables-that-could-be-declared-constant'

@ -5,7 +5,7 @@
"detectors": [ "detectors": [
{ {
"check": "constable-states", "check": "constable-states",
"impact": "Informational", "impact": "Optimization",
"confidence": "High", "confidence": "High",
"description": "A.myFriendsAddress should be constant (tests/const_state_variables.sol#7)\n", "description": "A.myFriendsAddress should be constant (tests/const_state_variables.sol#7)\n",
"elements": [ "elements": [
@ -66,7 +66,7 @@
}, },
{ {
"check": "constable-states", "check": "constable-states",
"impact": "Informational", "impact": "Optimization",
"confidence": "High", "confidence": "High",
"description": "A.test should be constant (tests/const_state_variables.sol#10)\n", "description": "A.test should be constant (tests/const_state_variables.sol#10)\n",
"elements": [ "elements": [
@ -127,7 +127,7 @@
}, },
{ {
"check": "constable-states", "check": "constable-states",
"impact": "Informational", "impact": "Optimization",
"confidence": "High", "confidence": "High",
"description": "A.text2 should be constant (tests/const_state_variables.sol#14)\n", "description": "A.text2 should be constant (tests/const_state_variables.sol#14)\n",
"elements": [ "elements": [
@ -188,7 +188,7 @@
}, },
{ {
"check": "constable-states", "check": "constable-states",
"impact": "Informational", "impact": "Optimization",
"confidence": "High", "confidence": "High",
"description": "B.mySistersAddress should be constant (tests/const_state_variables.sol#26)\n", "description": "B.mySistersAddress should be constant (tests/const_state_variables.sol#26)\n",
"elements": [ "elements": [
@ -245,7 +245,7 @@
}, },
{ {
"check": "constable-states", "check": "constable-states",
"impact": "Informational", "impact": "Optimization",
"confidence": "High", "confidence": "High",
"description": "MyConc.should_be_constant should be constant (tests/const_state_variables.sol#42)\n", "description": "MyConc.should_be_constant should be constant (tests/const_state_variables.sol#42)\n",
"elements": [ "elements": [
@ -302,7 +302,7 @@
}, },
{ {
"check": "constable-states", "check": "constable-states",
"impact": "Informational", "impact": "Optimization",
"confidence": "High", "confidence": "High",
"description": "MyConc.should_be_constant_2 should be constant (tests/const_state_variables.sol#43)\n", "description": "MyConc.should_be_constant_2 should be constant (tests/const_state_variables.sol#43)\n",
"elements": [ "elements": [

@ -5,7 +5,7 @@
"detectors": [ "detectors": [
{ {
"check": "external-function", "check": "external-function",
"impact": "Informational", "impact": "Optimization",
"confidence": "High", "confidence": "High",
"description": "ContractWithFunctionNotCalled.funcNotCalled3() (tests/external_function.sol#13-15) should be declared external\n", "description": "ContractWithFunctionNotCalled.funcNotCalled3() (tests/external_function.sol#13-15) should be declared external\n",
"elements": [ "elements": [
@ -70,7 +70,7 @@
}, },
{ {
"check": "external-function", "check": "external-function",
"impact": "Informational", "impact": "Optimization",
"confidence": "High", "confidence": "High",
"description": "ContractWithFunctionNotCalled.funcNotCalled2() (tests/external_function.sol#17-19) should be declared external\n", "description": "ContractWithFunctionNotCalled.funcNotCalled2() (tests/external_function.sol#17-19) should be declared external\n",
"elements": [ "elements": [
@ -135,7 +135,7 @@
}, },
{ {
"check": "external-function", "check": "external-function",
"impact": "Informational", "impact": "Optimization",
"confidence": "High", "confidence": "High",
"description": "ContractWithFunctionNotCalled.funcNotCalled() (tests/external_function.sol#21-23) should be declared external\n", "description": "ContractWithFunctionNotCalled.funcNotCalled() (tests/external_function.sol#21-23) should be declared external\n",
"elements": [ "elements": [
@ -200,7 +200,7 @@
}, },
{ {
"check": "external-function", "check": "external-function",
"impact": "Informational", "impact": "Optimization",
"confidence": "High", "confidence": "High",
"description": "ContractWithFunctionNotCalled2.funcNotCalled() (tests/external_function.sol#32-39) should be declared external\n", "description": "ContractWithFunctionNotCalled2.funcNotCalled() (tests/external_function.sol#32-39) should be declared external\n",
"elements": [ "elements": [
@ -258,6 +258,63 @@
} }
} }
] ]
},
{
"check": "external-function",
"impact": "Optimization",
"confidence": "High",
"description": "FunctionParameterWrite.parameter_read_ok_for_external(uint256) (tests/external_function.sol#74-76) should be declared external\n",
"elements": [
{
"type": "function",
"name": "parameter_read_ok_for_external",
"source_mapping": {
"start": 1420,
"length": 81,
"filename_used": "/home/travis/build/crytic/slither/tests/external_function.sol",
"filename_relative": "tests/external_function.sol",
"filename_absolute": "/home/travis/build/crytic/slither/tests/external_function.sol",
"filename_short": "tests/external_function.sol",
"lines": [
74,
75,
76
],
"starting_column": 3,
"ending_column": 4
},
"type_specific_fields": {
"parent": {
"type": "contract",
"name": "FunctionParameterWrite",
"source_mapping": {
"start": 1381,
"length": 234,
"filename_used": "/home/travis/build/crytic/slither/tests/external_function.sol",
"filename_relative": "tests/external_function.sol",
"filename_absolute": "/home/travis/build/crytic/slither/tests/external_function.sol",
"filename_short": "tests/external_function.sol",
"lines": [
72,
73,
74,
75,
76,
77,
78,
79,
80,
81,
82
],
"starting_column": 1,
"ending_column": 2
}
},
"signature": "parameter_read_ok_for_external(uint256)"
}
}
]
} }
] ]
} }

@ -3,5 +3,6 @@ ContractWithFunctionNotCalled.funcNotCalled3() (tests/external_function.sol#13-1
ContractWithFunctionNotCalled.funcNotCalled2() (tests/external_function.sol#17-19) should be declared external ContractWithFunctionNotCalled.funcNotCalled2() (tests/external_function.sol#17-19) should be declared external
ContractWithFunctionNotCalled.funcNotCalled() (tests/external_function.sol#21-23) should be declared external ContractWithFunctionNotCalled.funcNotCalled() (tests/external_function.sol#21-23) should be declared external
ContractWithFunctionNotCalled2.funcNotCalled() (tests/external_function.sol#32-39) should be declared external ContractWithFunctionNotCalled2.funcNotCalled() (tests/external_function.sol#32-39) should be declared external
FunctionParameterWrite.parameter_read_ok_for_external(uint256) (tests/external_function.sol#74-76) should be declared external
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-as-external Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#public-function-that-could-be-declared-as-external
INFO:Slither:tests/external_function.sol analyzed (5 contracts), 4 result(s) found INFO:Slither:tests/external_function.sol analyzed (6 contracts), 5 result(s) found

@ -12,4 +12,4 @@ Parameter '_used' of _used (tests/naming_convention.sol#59) is not in mixedCase
Variable 'T._myPublicVar' (tests/naming_convention.sol#56) is not in mixedCase Variable 'T._myPublicVar' (tests/naming_convention.sol#56) is not in mixedCase
Variable 'T.l' (tests/naming_convention.sol#67) used l, O, I, which should not be used Variable 'T.l' (tests/naming_convention.sol#67) used l, O, I, which should not be used
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#conformance-to-solidity-naming-conventions
INFO:Slither:tests/naming_convention.sol analyzed (3 contracts), 12 result(s) found INFO:Slither:tests/naming_convention.sol analyzed (4 contracts), 12 result(s) found

@ -7,8 +7,26 @@
"check": "rtlo", "check": "rtlo",
"impact": "High", "impact": "High",
"confidence": "High", "confidence": "High",
"description": "/home/travis/build/crytic/slither/tests/right_to_left_override.sol contains a unicode right-to-left-override character:\n\t- test1(/*A\u202e/*B*/2 , 1/*\u202d\n", "description": "/home/travis/build/crytic/slither/tests/right_to_left_override.sol contains a unicode right-to-left-override character at byte offset 96:\n\t- b' test1(/*A\\xe2\\x80\\xae/*B*/2 , 1/*\\xe2\\x80\\xad'\n",
"elements": [] "elements": [
{
"type": "other",
"name": "rtlo-character",
"source_mapping": {
"start": 96,
"length": 3,
"filename_used": "/home/travis/build/crytic/slither/tests/right_to_left_override.sol",
"filename_relative": "tests/right_to_left_override.sol",
"filename_absolute": "/home/travis/build/crytic/slither/tests/right_to_left_override.sol",
"filename_short": "tests/right_to_left_override.sol",
"lines": [
7
],
"starting_column": 18,
"ending_column": 21
}
}
]
} }
] ]
} }

@ -1,5 +1,5 @@
INFO:Detectors: INFO:Detectors:
/home/travis/build/crytic/slither/tests/right_to_left_override.sol contains a unicode right-to-left-override character: /home/travis/build/crytic/slither/tests/right_to_left_override.sol contains a unicode right-to-left-override character at byte offset 96:
- test1(/*A/*B*/2 , 1/* - b' test1(/*A\xe2\x80\xae/*B*/2 , 1/*\xe2\x80\xad'
Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#right-to-left-override-character Reference: https://github.com/crytic/slither/wiki/Detector-Documentation#right-to-left-override-character
INFO:Slither:tests/right_to_left_override.sol analyzed (1 contracts), 1 result(s) found INFO:Slither:tests/right_to_left_override.sol analyzed (1 contracts), 1 result(s) found

@ -68,3 +68,15 @@ contract InternalCall {
} }
} }
contract FunctionParameterWrite {
function parameter_read_ok_for_external (uint i) public {
uint local = i;
}
function parameter_read_not_ok_for_external (uint i) public returns (uint) {
i += 1;
return (i);
}
}

@ -66,3 +66,10 @@ contract T {
uint l = 1; uint l = 1;
} }
contract ParameterNameEmptyString {
function foo (uint) public {
}
}

Loading…
Cancel
Save