UNPKG

truffle-analyze

Version:

Add vulnerability and weakness analysis via the MythX

github.com/consensys/truffle-analyze

consensys/truffle-analyze

170 lines (165 loc) 5.35 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
const report = { "issues": [ { "swcID": "SWC-103", "swcTitle": "Floating Pragma", "description": { "head": "A floating pragma is set.", "tail": "It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently any version equal or grater than \"0.4.15\" is allowed." }, "severity": "", "locations": [ { "sourceMap": "0:24:1" } ], "extra": {} }, { "swcID": "SWC-100", "swcTitle": "Function Default Visibility", "description": { "head": "The function visibility is not set.", "tail": "The function \"bid\" does not have an explicit visibility set. The default visibility is set to public and anyone call the function." }, "severity": "", "locations": [ { "sourceMap": "199:410:1" } ], "extra": {} }, { "swcID": "SWC-108", "swcTitle": "State Variable Default Visibility", "description": { "head": "The state variable visibility is not set.", "tail": "It is best practice to set the visibility of state variables explicitly. The default visibility for \"currentFrontrunner\" is internal. Other possible visibility values are public and private." }, "severity": "", "locations": [ { "sourceMap": "94:18:0" }, { "sourceMap": "687:18:1" } ], "extra": {} }, { "swcID": "SWC-108", "swcTitle": "State Variable Default Visibility", "description": { "head": "The state variable visibility is not set.", "tail": "It is best practice to set the visibility of state variables explicitly. The default visibility for \"currentBid\" is internal. Other possible visibility values are public and private." }, "severity": "", "locations": [ { "sourceMap": "121:10:0" }, { "sourceMap": "717:10:0" } ], "extra": {} }, { "swcID": "SWC-108", "swcTitle": "State Variable Default Visibility", "description": { "head": "The state variable visibility is not set.", "tail": "It is best practice to set the visibility of state variables explicitly. The default visibility for \"refunds\" is internal. Other possible visibility values are public and private." }, "severity": "", "locations": [ { "sourceMap": "798:7:0" } ], "extra": {} }, { "swcID": "SWC-104", "swcTitle": "Unchecked Call Return Value", "description": { "head": "Unchecked return value from low level call.", "tail": "Return value for \"msg.send\" is not checked. Always check the return value for low level calls like call(), send() and delegatecall() as they can fail." }, "severity": "", "locations": [ { "sourceMap": "1360:23:0" } ], "extra": {} }, { "swcID": "SWC-119", "swcTitle": "Shadowing State Variables", "description": { "head": "State variable shadows another state variable.", "tail": "The state variable \"currentFrontrunner\" in contract \"DosAuction\" shadows another state variable with the same name \"currentFrontrunner\" in contract \"SecureAuction\"." }, "severity": "", "locations": [ { "sourceMap": "86:26:0" } ], "extra": {} }, { "swcID": "SWC-119", "swcTitle": "Shadowing State Variables", "description": { "head": "State variable shadows another state variable.", "tail": "The state variable \"currentBid\" in contract \"DosAuction\" shadows another state variable with the same name \"currentBid\" in contract \"SecureAuction\"." }, "severity": "", "locations": [ { "sourceMap": "116:15:0" } ], "extra": {} } ], "sourceType": "solidity-file", "sourceFormat": "text", "sourceList": [ "/tmp/954638752/03-auction.sol", "/tmp/954638752/03-auction.sol" ], "meta": { "error": [], "selected_compiler": "0.4.15", "warning": [ "Solc:/tmp/954638752/03-auction.sol:51:5: Warning: Failure condition of 'send' ignored. Consider using 'transfer' instead.\n msg.sender.send(refund);\n ^---------------------^\n" ] } }; const issues2eslint = require('../../lib/issues2eslint'); const mythlib = require('../../lib/mythx'); const fs = require('fs'); function getFormatter(style) { const formatterName = style || 'stylish'; try { return require(`eslint/lib/formatters/${formatterName}`); } catch (ex) { ex.message = `\nThere was a problem loading formatter option: ${style} \nError: ${ ex.message }`; throw ex; } } const buildObj = JSON.parse(fs.readFileSync('./SecureAuction.json', 'utf-8')); const mythOb = mythlib.truffle2MythXJSON(buildObj); const remappedIssues = mythlib.remapMythXOutput(report); const info = new issues2eslint.Info(mythOb); const esss = remappedIssues.map(issue => info.convertMythXReport2EsIssues(issue, true)) const fmt = getFormatter('stylish'); const resESmess = fmt(esss); console.log(resESmess);