From 39f560bf973acbc31c908991f94d4cb57a7e4828 Mon Sep 17 00:00:00 2001 From: Josselin Date: Tue, 30 Oct 2018 09:18:49 +0100 Subject: [PATCH 1/8] Version 0.2.0 --- setup.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/setup.py b/setup.py index 8de27eb00..99368e649 100644 --- a/setup.py +++ b/setup.py @@ -5,7 +5,7 @@ setup( description='Slither is a Solidity static analysis framework written in Python 3.', url='https://github.com/trailofbits/slither', author='Trail of Bits', - version='0.1.0', + version='0.2.0', packages=find_packages(), python_requires='>=3.6', install_requires=['prettytable>=0.7.2'], From 3700283c8588762df1beab660f7e3c067fde8455 Mon Sep 17 00:00:00 2001 From: Rene Date: Tue, 30 Oct 2018 14:35:25 +0100 Subject: [PATCH 2/8] small typos in print statement --- examples/scripts/functions_called.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/examples/scripts/functions_called.py b/examples/scripts/functions_called.py index f3e63f003..5f25477d0 100644 --- a/examples/scripts/functions_called.py +++ b/examples/scripts/functions_called.py @@ -2,7 +2,7 @@ import sys from slither.slither import Slither if len(sys.argv) != 2: - print('python.py function_called.py functions_called.sol') + print('python functions_called.py functions_called.sol') exit(-1) # Init slither From a1758a1421094cd82c357a01402b924bc4b9d0e0 Mon Sep 17 00:00:00 2001 From: Josselin Date: Tue, 30 Oct 2018 19:00:39 +0100 Subject: [PATCH 3/8] Fix typos in print statement --- examples/scripts/convert_to_ir.py | 9 ++++----- examples/scripts/export_to_dot.py | 2 +- examples/scripts/functions_writing.py | 2 +- examples/scripts/slithIR.py | 2 +- examples/scripts/taint_mapping.py | 2 +- examples/scripts/variable_in_condition.py | 2 +- 6 files changed, 9 insertions(+), 10 deletions(-) diff --git a/examples/scripts/convert_to_ir.py b/examples/scripts/convert_to_ir.py index fe71f1bd1..72f79ba64 100644 --- a/examples/scripts/convert_to_ir.py +++ b/examples/scripts/convert_to_ir.py @@ -3,19 +3,18 @@ from slither.slither import Slither from slither.slithir.convert import convert_expression -if len(sys.argv) != 4: - print('python.py function_called.py functions_called.sol Contract function()') +if len(sys.argv) != 2: + print('python function_called.py functions_called.sol') exit(-1) # Init slither slither = Slither(sys.argv[1]) # Get the contract -contract = slither.get_contract_from_name(sys.argv[2]) +contract = slither.get_contract_from_name('Test') # Get the variable -test = contract.get_function_from_signature(sys.argv[3]) -#test = contract.get_function_from_signature('two()') +test = contract.get_function_from_signature('one()') nodes = test.nodes diff --git a/examples/scripts/export_to_dot.py b/examples/scripts/export_to_dot.py index ef4e79779..628747515 100644 --- a/examples/scripts/export_to_dot.py +++ b/examples/scripts/export_to_dot.py @@ -3,7 +3,7 @@ from slither.slither import Slither if len(sys.argv) != 2: - print('python.py function_called.py') + print('python function_called.py contract.sol') exit(-1) # Init slither diff --git a/examples/scripts/functions_writing.py b/examples/scripts/functions_writing.py index e545c6f22..4609e9f6c 100644 --- a/examples/scripts/functions_writing.py +++ b/examples/scripts/functions_writing.py @@ -2,7 +2,7 @@ import sys from slither.slither import Slither if len(sys.argv) != 2: - print('python.py function_writing.py functions_writing.sol') + print('python function_writing.py functions_writing.sol') exit(-1) # Init slither diff --git a/examples/scripts/slithIR.py b/examples/scripts/slithIR.py index f676e6cd5..04fe255c8 100644 --- a/examples/scripts/slithIR.py +++ b/examples/scripts/slithIR.py @@ -2,7 +2,7 @@ import sys from slither import Slither if len(sys.argv) != 2: - print('python.py slithIR.py contract.sol') + print('python slithIR.py contract.sol') exit(-1) # Init slither diff --git a/examples/scripts/taint_mapping.py b/examples/scripts/taint_mapping.py index 64e46b49a..db88b0d91 100644 --- a/examples/scripts/taint_mapping.py +++ b/examples/scripts/taint_mapping.py @@ -56,7 +56,7 @@ def check_call(func, taints): if __name__ == "__main__": if len(sys.argv) != 2: - print('python.py taint.py taint.sol') + print('python taint_mapping.py taint.sol') exit(-1) # Init slither diff --git a/examples/scripts/variable_in_condition.py b/examples/scripts/variable_in_condition.py index 90463c25e..d931a744b 100644 --- a/examples/scripts/variable_in_condition.py +++ b/examples/scripts/variable_in_condition.py @@ -2,7 +2,7 @@ import sys from slither.slither import Slither if len(sys.argv) != 2: - print('python.py variable_in_condition.py variable_in_condition.sol') + print('python variable_in_condition.py variable_in_condition.sol') exit(-1) # Init slither From 8ca89eda96191393567876bfae0a50c55549f573 Mon Sep 17 00:00:00 2001 From: Alexander Remie Date: Tue, 30 Oct 2018 23:13:39 +0100 Subject: [PATCH 4/8] fix vars-and-auth print bug --- slither/printers/functions/authorization.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/slither/printers/functions/authorization.py b/slither/printers/functions/authorization.py index ff1666331..b2e2a1086 100644 --- a/slither/printers/functions/authorization.py +++ b/slither/printers/functions/authorization.py @@ -39,4 +39,4 @@ class PrinterWrittenVariablesAndAuthorization(AbstractPrinter): state_variables_written = [v.name for v in function.all_state_variables_written()] msg_sender_condition = self.get_msg_sender_checks(function) table.add_row([function.name, str(state_variables_written), str(msg_sender_condition)]) - self.info(txt + str(table)) + self.info(txt + str(table)) From a94292ceed5590704fa1959cb7021040289f4167 Mon Sep 17 00:00:00 2001 From: Josselin Date: Thu, 1 Nov 2018 08:56:19 +0100 Subject: [PATCH 5/8] Disable ComplexFunction detector until benchmark is performed --- README.md | 1 - slither/__main__.py | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/README.md b/README.md index 6244c6938..1c654acd5 100644 --- a/README.md +++ b/README.md @@ -62,7 +62,6 @@ Num | Detector | What it Detects | Impact | Confidence 13 | `pragma` | If different pragma directives are used | Informational | High 14 | `solc-version` | Old versions of Solidity (< 0.4.23) | Informational | High 15 | `unused-state` | Unused state variables | Informational | High -16 | `complex-function` | Complex functions | Informational | Medium [Contact us](https://www.trailofbits.com/contact/) to get access to additional detectors. diff --git a/slither/__main__.py b/slither/__main__.py index 21bd5ec3e..017bebaa6 100644 --- a/slither/__main__.py +++ b/slither/__main__.py @@ -127,7 +127,7 @@ def get_detectors_and_printers(): LowLevelCalls, NamingConvention, ConstCandidateStateVars, - ComplexFunction, + #ComplexFunction, ExternalFunction] from slither.printers.summary.function import FunctionSummary From 4c14041942e8978c3b5609e9635b1e412df6a5b5 Mon Sep 17 00:00:00 2001 From: Josselin Date: Thu, 1 Nov 2018 08:57:25 +0100 Subject: [PATCH 6/8] Update travis --- scripts/travis_test.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/travis_test.sh b/scripts/travis_test.sh index 918342a97..a6b4dcbc9 100755 --- a/scripts/travis_test.sh +++ b/scripts/travis_test.sh @@ -26,7 +26,7 @@ test_slither tests/tx_origin.sol "tx-origin" 2 test_slither tests/unused_state.sol "unused-state" 1 test_slither tests/locked_ether.sol "locked-ether" 1 test_slither tests/arbitrary_send.sol "arbitrary-send" 2 -test_slither tests/complex_func.sol "complex-function" 3 +#test_slither tests/complex_func.sol "complex-function" 3 test_slither tests/inline_assembly_contract.sol "assembly" 1 test_slither tests/inline_assembly_library.sol "assembly" 2 test_slither tests/low_level_calls.sol "low-level-calls" 1 From c40776121a331b0ec859277984c7a089258fe07b Mon Sep 17 00:00:00 2001 From: Josselin Date: Thu, 1 Nov 2018 09:03:01 +0100 Subject: [PATCH 7/8] Improve specific taint --- slither/analyses/taint/specific_variable.py | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/slither/analyses/taint/specific_variable.py b/slither/analyses/taint/specific_variable.py index 34f90e4c0..fc508c963 100644 --- a/slither/analyses/taint/specific_variable.py +++ b/slither/analyses/taint/specific_variable.py @@ -15,9 +15,7 @@ from .common import iterate_over_irs def make_key(variable): if isinstance(variable, Variable): - key = 'TAINT_{}{}{}'.format(variable.contract.name, - variable.name, - str(type(variable))) + key = 'TAINT_{}'.format(id(variable)) else: assert isinstance(variable, SolidityVariable) key = 'TAINT_{}{}'.format(variable.name, From 916cbf7acfb0a3263269bd7326719615053ebb64 Mon Sep 17 00:00:00 2001 From: Josselin Date: Sun, 4 Nov 2018 10:39:51 +0100 Subject: [PATCH 8/8] Improve support for constant variables init --- slither/solc_parsing/declarations/contract.py | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) diff --git a/slither/solc_parsing/declarations/contract.py b/slither/solc_parsing/declarations/contract.py index 087750577..f3e7c3c15 100644 --- a/slither/solc_parsing/declarations/contract.py +++ b/slither/solc_parsing/declarations/contract.py @@ -234,9 +234,14 @@ class ContractSolc04(Contract): self._variables[var.name] = var def analyze_constant_state_variables(self): + from slither.solc_parsing.expressions.expression_parsing import VariableNotFound for var in self.variables: if var.is_constant: - var.analyze(self) + # cant parse constant expression based on function calls + try: + var.analyze(self) + except VariableNotFound: + pass return def analyze_state_variables(self):