diff --git a/slither/__main__.py b/slither/__main__.py index caaef5730..6286b3617 100644 --- a/slither/__main__.py +++ b/slither/__main__.py @@ -401,6 +401,13 @@ def parse_args( default=defaults_flag_in_config["exclude_high"], ) + group_detector.add_argument( + "--exclude-location", + help="Exclude location information from detector output", + action="store_true", + default=defaults_flag_in_config["exclude_location"], + ) + fail_on_group = group_detector.add_mutually_exclusive_group() fail_on_group.add_argument( "--fail-pedantic", diff --git a/slither/detectors/abstract_detector.py b/slither/detectors/abstract_detector.py index 8baf9bb3c..78eb063dd 100644 --- a/slither/detectors/abstract_detector.py +++ b/slither/detectors/abstract_detector.py @@ -277,6 +277,7 @@ def generate_result( additional_fields, standard_format=self.STANDARD_JSON, markdown_root=self.slither.markdown_root, + exclude_location=self.slither.exclude_location, ) output.data["check"] = self.ARGUMENT diff --git a/slither/slither.py b/slither/slither.py index 0f2218535..33bbcd4ef 100644 --- a/slither/slither.py +++ b/slither/slither.py @@ -106,6 +106,7 @@ def __init__(self, target: Union[str, CryticCompile], **kwargs) -> None: generate_patches (bool): if true, patches are generated (json output only) change_line_prefix (str): Change the line prefix (default #) for the displayed source codes (i.e. file.sol#1). + exclude_location (bool): if true, exclude locations from detector output (default false) """ super().__init__() @@ -186,6 +187,7 @@ def __init__(self, target: Union[str, CryticCompile], **kwargs) -> None: self.add_path_to_include(p) self._exclude_dependencies = kwargs.get("exclude_dependencies", False) + self.exclude_location = kwargs.get("exclude_location", False) triage_mode = kwargs.get("triage_mode", False) triage_database = kwargs.get("triage_database", "slither.db.json") diff --git a/slither/utils/command_line.py b/slither/utils/command_line.py index f03ced834..8e5ffcfac 100644 --- a/slither/utils/command_line.py +++ b/slither/utils/command_line.py @@ -51,6 +51,7 @@ class FailOnLevel(enum.Enum): "exclude_dependencies": False, "exclude_informational": False, "exclude_optimization": False, + "exclude_location": False, "exclude_low": False, "exclude_medium": False, "exclude_high": False, diff --git a/slither/utils/output.py b/slither/utils/output.py index 176b250e3..0bb1c8c56 100644 --- a/slither/utils/output.py +++ b/slither/utils/output.py @@ -229,7 +229,7 @@ def output_to_zip(filename: str, error: Optional[str], results: Dict, zip_type: ################################################################################### -def _convert_to_description(d: str) -> str: +def _convert_to_description(d: Any, exclude_location: bool = False) -> str: if isinstance(d, str): return d @@ -237,38 +237,41 @@ def _convert_to_description(d: str) -> str: raise SlitherError(f"{d} does not inherit from SourceMapping, conversion impossible") if isinstance(d, Node): - if d.expression: - return f"{d.expression} ({d.source_mapping})" - return f"{str(d)} ({d.source_mapping})" - - if hasattr(d, "canonical_name"): - return f"{d.canonical_name} ({d.source_mapping})" + first_part = f"{d.expression}" if d.expression else f"{str(d)}" + elif hasattr(d, "canonical_name"): + first_part = f"{d.canonical_name}" + elif hasattr(d, "name"): + first_part = f"{d.name}" + else: + raise SlitherError(f"{type(d)} cannot be converted (no name, or canonical_name") - if hasattr(d, "name"): - return f"{d.name} ({d.source_mapping})" + if exclude_location: + return first_part - raise SlitherError(f"{type(d)} cannot be converted (no name, or canonical_name") + return f"{first_part} ({d.source_mapping})" -def _convert_to_markdown(d: str, markdown_root: str) -> str: +def _convert_to_markdown(d: str, markdown_root: str, exclude_location: bool = False) -> str: if isinstance(d, str): return d if not isinstance(d, SourceMapping): raise SlitherError(f"{d} does not inherit from SourceMapping, conversion impossible") + first_part: str if isinstance(d, Node): - if d.expression: - return f"[{d.expression}]({d.source_mapping.to_markdown(markdown_root)})" - return f"[{str(d)}]({d.source_mapping.to_markdown(markdown_root)})" - - if hasattr(d, "canonical_name"): - return f"[{d.canonical_name}]({d.source_mapping.to_markdown(markdown_root)})" + first_part = f"[{d.expression}]" if d.expression else f"[{str(d)}]" + elif hasattr(d, "canonical_name"): + first_part = f"[{d.canonical_name}]" + elif hasattr(d, "name"): + first_part = f"[{d.name}]" + else: + raise SlitherError(f"{type(d)} cannot be converted (no name, or canonical_name") - if hasattr(d, "name"): - return f"[{d.name}]({d.source_mapping.to_markdown(markdown_root)})" + if exclude_location: + return first_part - raise SlitherError(f"{type(d)} cannot be converted (no name, or canonical_name") + return f"{first_part}({d.source_mapping.to_markdown(markdown_root)})" def _convert_to_id(d: str) -> str: @@ -386,12 +389,13 @@ def _create_parent_element( class Output: - def __init__( + def __init__( # pylint: disable=too-many-arguments self, info_: Union[str, List[Union[str, SupportedOutput]]], additional_fields: Optional[Dict] = None, markdown_root: str = "", standard_format: bool = True, + exclude_location: bool = False, ) -> None: if additional_fields is None: additional_fields = {} @@ -405,8 +409,12 @@ def __init__( self._data = OrderedDict() self._data["elements"] = [] - self._data["description"] = "".join(_convert_to_description(d) for d in info) - self._data["markdown"] = "".join(_convert_to_markdown(d, markdown_root) for d in info) + self._data["description"] = "".join( + _convert_to_description(d, exclude_location) for d in info + ) + self._data["markdown"] = "".join( + _convert_to_markdown(d, markdown_root, exclude_location) for d in info + ) self._data["first_markdown_element"] = "" self._markdown_root = markdown_root diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ABIEncoderV2Array_0_5_9_storage_ABIEncoderV2_array_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ABIEncoderV2Array_0_5_9_storage_ABIEncoderV2_array_sol_exclude__0.txt new file mode 100644 index 000000000..8a2183752 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_ABIEncoderV2Array_0_5_9_storage_ABIEncoderV2_array_sol_exclude__0.txt @@ -0,0 +1,18 @@ +Function A.bad5() trigger an abi encoding bug: + - event2_bad(s) + +Function A.bad0() trigger an abi encoding bug: + - this.bad0_external(bad_arr) + +Function A.bad4() trigger an abi encoding bug: + - event1_bad(bad_arr) + +Function A.bad2() trigger an abi encoding bug: + - b = abi.encode(bad_arr) + +Function A.bad1(A.S[3]) trigger an abi encoding bug: + - this.bad1_external(s) + +Function A.bad3() trigger an abi encoding bug: + - b = abi.encode(s) + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ArbitrarySendErc20NoPermit_0_8_0_arbitrary_send_erc20_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ArbitrarySendErc20NoPermit_0_8_0_arbitrary_send_erc20_sol_exclude__0.txt new file mode 100644 index 000000000..377a22e1e --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_ArbitrarySendErc20NoPermit_0_8_0_arbitrary_send_erc20_sol_exclude__0.txt @@ -0,0 +1,6 @@ +C.bad1(address,uint256) uses arbitrary from in transferFrom: erc20.transferFrom(notsend,to,am) + +C.bad3(address,address,uint256) uses arbitrary from in transferFrom: erc20.safeTransferFrom(from,to,amount) + +C.bad4(address,address,uint256) uses arbitrary from in transferFrom: SafeERC20.safeTransferFrom(erc20,from,to,amount) + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ArbitrarySendErc20Permit_0_7_6_arbitrary_send_erc20_permit_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ArbitrarySendErc20Permit_0_7_6_arbitrary_send_erc20_permit_sol_exclude__0.txt new file mode 100644 index 000000000..cadf80dcb --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_ArbitrarySendErc20Permit_0_7_6_arbitrary_send_erc20_permit_sol_exclude__0.txt @@ -0,0 +1,8 @@ +C.int_transferFrom(address,uint256,uint256,uint8,bytes32,bytes32,address) uses arbitrary from in transferFrom in combination with permit: erc20.transferFrom(from,to,value) + +C.bad1(address,uint256,uint256,uint8,bytes32,bytes32,address) uses arbitrary from in transferFrom in combination with permit: erc20.transferFrom(from,to,value) + +C.bad4(address,uint256,uint256,uint8,bytes32,bytes32,address) uses arbitrary from in transferFrom in combination with permit: SafeERC20.safeTransferFrom(erc20,from,to,value) + +C.bad3(address,uint256,uint256,uint8,bytes32,bytes32,address) uses arbitrary from in transferFrom in combination with permit: erc20.safeTransferFrom(from,to,value) + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ArbitrarySendEth_0_5_16_arbitrary_send_eth_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ArbitrarySendEth_0_5_16_arbitrary_send_eth_sol_exclude__0.txt new file mode 100644 index 000000000..6734b75c2 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_ArbitrarySendEth_0_5_16_arbitrary_send_eth_sol_exclude__0.txt @@ -0,0 +1,8 @@ +Test.direct() sends eth to arbitrary user + Dangerous calls: + - msg.sender.send(address(this).balance) + +Test.indirect() sends eth to arbitrary user + Dangerous calls: + - destination.send(address(this).balance) + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ArrayLengthAssignment_0_5_16_array_length_assignment_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ArrayLengthAssignment_0_5_16_array_length_assignment_sol_exclude__0.txt new file mode 100644 index 000000000..aa8e559d4 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_ArrayLengthAssignment_0_5_16_array_length_assignment_sol_exclude__0.txt @@ -0,0 +1,9 @@ +ArrayLengthAssignment contract sets array length with a user-controlled value: + - b.subStruct.x.length = param + 1 + +ArrayLengthAssignment contract sets array length with a user-controlled value: + - a.x.length = param + +ArrayLengthAssignment contract sets array length with a user-controlled value: + - arr.length = param + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_Assembly_0_5_16_inline_assembly_contract_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_Assembly_0_5_16_inline_assembly_contract_sol_exclude__0.txt new file mode 100644 index 000000000..24f3e8331 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_Assembly_0_5_16_inline_assembly_contract_sol_exclude__0.txt @@ -0,0 +1,3 @@ +GetCode.at(address) uses assembly + - INLINE ASM + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_Assembly_0_7_6_inline_assembly_library_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_Assembly_0_7_6_inline_assembly_library_sol_exclude__0.txt new file mode 100644 index 000000000..912ee2e42 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_Assembly_0_7_6_inline_assembly_library_sol_exclude__0.txt @@ -0,0 +1,6 @@ +VectorSum.sumAsm(uint256[]) uses assembly + - INLINE ASM + +VectorSum.sumPureAsm(uint256[]) uses assembly + - INLINE ASM + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_AssertStateChange_0_4_25_assert_state_change_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_AssertStateChange_0_4_25_assert_state_change_sol_exclude__0.txt new file mode 100644 index 000000000..1637b3506 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_AssertStateChange_0_4_25_assert_state_change_sol_exclude__0.txt @@ -0,0 +1,12 @@ +A.bad2() has an assert() call which possibly changes state. + -assert(bool)(bad2_callee()) +Consider using require() or change the invariant to not modify the state. + +A.bad0() has an assert() call which possibly changes state. + -assert(bool)((s_a += 1) > 10) +Consider using require() or change the invariant to not modify the state. + +A.bad1(uint256) has an assert() call which possibly changes state. + -assert(bool)((s_a += a) > 10) +Consider using require() or change the invariant to not modify the state. + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_Backdoor_0_5_16_backdoor_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_Backdoor_0_5_16_backdoor_sol_exclude__0.txt new file mode 100644 index 000000000..1264e994d --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_Backdoor_0_5_16_backdoor_sol_exclude__0.txt @@ -0,0 +1,2 @@ +Backdoor function found in C.i_am_a_backdoor() + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_BadPRNG_0_5_16_bad_prng_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_BadPRNG_0_5_16_bad_prng_sol_exclude__0.txt new file mode 100644 index 000000000..971205080 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_BadPRNG_0_5_16_bad_prng_sol_exclude__0.txt @@ -0,0 +1,8 @@ +BadPRNG.bad1() uses a weak PRNG: "i = now % 10" + +BadPRNG.bad0() uses a weak PRNG: "i = block.timestamp % 10" + +BadPRNG.bad2() uses a weak PRNG: "i = uint256(blockhash(uint256)(10000)) % 10" + +BadPRNG.bad3() uses a weak PRNG: "i = foo() % 10" + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_BooleanConstantMisuse_0_4_25_boolean_constant_misuse_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_BooleanConstantMisuse_0_4_25_boolean_constant_misuse_sol_exclude__0.txt new file mode 100644 index 000000000..39ce86d4b --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_BooleanConstantMisuse_0_4_25_boolean_constant_misuse_sol_exclude__0.txt @@ -0,0 +1,3 @@ +MyConc.bad1(bool) uses a Boolean constant improperly: + -(b || true) + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_BuiltinSymbolShadowing_0_5_16_shadowing_builtin_symbols_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_BuiltinSymbolShadowing_0_5_16_shadowing_builtin_symbols_sol_exclude__0.txt new file mode 100644 index 000000000..81e0dd500 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_BuiltinSymbolShadowing_0_5_16_shadowing_builtin_symbols_sol_exclude__0.txt @@ -0,0 +1,24 @@ +ExtendedContract.ecrecover (state variable) shadows built-in symbol" + +FurtherExtendedContract.require().keccak256 (local variable) shadows built-in symbol" + +FurtherExtendedContract.abi (state variable) shadows built-in symbol" + +BaseContract.blockhash (state variable) shadows built-in symbol" + +FurtherExtendedContract.this (state variable) shadows built-in symbol" + +BaseContract.now (state variable) shadows built-in symbol" + +ExtendedContract.assert(bool).msg (local variable) shadows built-in symbol" + +ExtendedContract.assert(bool) (function) shadows built-in symbol" + +BaseContract.revert(bool) (event) shadows built-in symbol" + +FurtherExtendedContract.require().sha3 (local variable) shadows built-in symbol" + +FurtherExtendedContract.blockhash (state variable) shadows built-in symbol" + +FurtherExtendedContract.require() (modifier) shadows built-in symbol" + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ConstantFunctionsAsm_0_5_16_constant_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ConstantFunctionsAsm_0_5_16_constant_sol_exclude__0.txt new file mode 100644 index 000000000..e69de29bb diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ConstantFunctionsState_0_7_6_constant_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ConstantFunctionsState_0_7_6_constant_sol_exclude__0.txt new file mode 100644 index 000000000..e69de29bb diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ConstantPragma_0_7_6_pragma_0_7_6_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ConstantPragma_0_7_6_pragma_0_7_6_sol_exclude__0.txt new file mode 100644 index 000000000..4c1a821a3 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_ConstantPragma_0_7_6_pragma_0_7_6_sol_exclude__0.txt @@ -0,0 +1,6 @@ +2 different versions of Solidity are used: + - Version constraint ^0.7.6 is used by: + - tests/e2e/detectors/test_data/pragma/0.7.6/pragma.0.7.6.sol#1 + - Version constraint ^0.7.5 is used by: + - tests/e2e/detectors/test_data/pragma/0.7.6/pragma.0.7.5.sol#1 + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ControlledDelegateCall_0_4_25_controlled_delegatecall_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ControlledDelegateCall_0_4_25_controlled_delegatecall_sol_exclude__0.txt new file mode 100644 index 000000000..8e8cb0145 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_ControlledDelegateCall_0_4_25_controlled_delegatecall_sol_exclude__0.txt @@ -0,0 +1,6 @@ +C.bad_delegate_call2(bytes) uses delegatecall to a input-controlled function id + - addr_bad.delegatecall(abi.encode(func_id,data)) + +C.bad_delegate_call(bytes) uses delegatecall to a input-controlled function id + - addr_bad.delegatecall(data) + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_CouldBeConstant_0_4_25_const_state_variables_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_CouldBeConstant_0_4_25_const_state_variables_sol_exclude__0.txt new file mode 100644 index 000000000..febc2abeb --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_CouldBeConstant_0_4_25_const_state_variables_sol_exclude__0.txt @@ -0,0 +1,12 @@ +A.text2 should be constant + +B.mySistersAddress should be constant + +A.myFriendsAddress should be constant + +MyConc.should_be_constant should be constant + +MyConc.should_be_constant_2 should be constant + +A.test should be constant + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_CouldBeImmutable_0_4_25_immut_state_variables_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_CouldBeImmutable_0_4_25_immut_state_variables_sol_exclude__0.txt new file mode 100644 index 000000000..e69de29bb diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_DelegatecallInLoop_0_4_25_delegatecall_loop_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_DelegatecallInLoop_0_4_25_delegatecall_loop_sol_exclude__0.txt new file mode 100644 index 000000000..4ed317ffe --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_DelegatecallInLoop_0_4_25_delegatecall_loop_sol_exclude__0.txt @@ -0,0 +1,6 @@ +C.bad(address[]) has delegatecall inside a loop in a payable function: address(this).delegatecall(abi.encodeWithSignature(addBalance(address),receivers[i])) + +C.bad3(address[]) has delegatecall inside a loop in a payable function: address(this).delegatecall(abi.encodeWithSignature(addBalance(address),receivers[i])) + +C.bad2_internal(address[]) has delegatecall inside a loop in a payable function: address(this).delegatecall(abi.encodeWithSignature(addBalance(address),receivers[i])) + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_DivideBeforeMultiply_0_6_11_divide_before_multiply_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_DivideBeforeMultiply_0_6_11_divide_before_multiply_sol_exclude__0.txt new file mode 100644 index 000000000..f63c77f26 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_DivideBeforeMultiply_0_6_11_divide_before_multiply_sol_exclude__0.txt @@ -0,0 +1,3 @@ +A.f(uint256,uint256,uint256) performs a multiplication on the result of a division: + - (a / b) * c + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_DomainSeparatorCollision_0_7_6_permit_domain_collision_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_DomainSeparatorCollision_0_7_6_permit_domain_collision_sol_exclude__0.txt new file mode 100644 index 000000000..03a63e26e --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_DomainSeparatorCollision_0_7_6_permit_domain_collision_sol_exclude__0.txt @@ -0,0 +1,2 @@ +The function signature of ERC20.fopwCDKKK() collides with DOMAIN_SEPARATOR and should be renamed or removed. + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_DomainSeparatorCollision_0_7_6_permit_domain_state_var_collision_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_DomainSeparatorCollision_0_7_6_permit_domain_state_var_collision_sol_exclude__0.txt new file mode 100644 index 000000000..e68dc2134 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_DomainSeparatorCollision_0_7_6_permit_domain_state_var_collision_sol_exclude__0.txt @@ -0,0 +1,2 @@ +The function signature of ERC20.fopwCDKKK collides with DOMAIN_SEPARATOR and should be renamed or removed. + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_DomainSeparatorCollision_0_7_6_permit_domain_wrong_return_type_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_DomainSeparatorCollision_0_7_6_permit_domain_wrong_return_type_sol_exclude__0.txt new file mode 100644 index 000000000..ba552eeaa --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_DomainSeparatorCollision_0_7_6_permit_domain_wrong_return_type_sol_exclude__0.txt @@ -0,0 +1,2 @@ +The function signature of ERC20.DOMAIN_SEPARATOR() collides with DOMAIN_SEPARATOR and should be renamed or removed. + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ExternalFunction_0_4_25_external_function_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ExternalFunction_0_4_25_external_function_sol_exclude__0.txt new file mode 100644 index 000000000..e69de29bb diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ExternalFunction_0_5_16_external_function_3_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ExternalFunction_0_5_16_external_function_3_sol_exclude__0.txt new file mode 100644 index 000000000..1c322becd --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_ExternalFunction_0_5_16_external_function_3_sol_exclude__0.txt @@ -0,0 +1,20 @@ +bad4(string) should be declared external: + - Test.bad4(string) +Moreover, the following function parameters should change its data location: +x location should be calldata + +bad3(Test.testStruct) should be declared external: + - Test.bad3(Test.testStruct) +Moreover, the following function parameters should change its data location: +x location should be calldata + +bad2(uint256[]) should be declared external: + - Test.bad2(uint256[]) +Moreover, the following function parameters should change its data location: +x location should be calldata + +bad(bytes) should be declared external: + - Test.bad(bytes) +Moreover, the following function parameters should change its data location: +x location should be calldata + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ExternalFunction_0_7_6_external_function_2_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ExternalFunction_0_7_6_external_function_2_sol_exclude__0.txt new file mode 100644 index 000000000..e69de29bb diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_FunctionInitializedState_0_4_25_function_init_state_variables_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_FunctionInitializedState_0_4_25_function_init_state_variables_sol_exclude__0.txt new file mode 100644 index 000000000..fe9469258 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_FunctionInitializedState_0_4_25_function_init_state_variables_sol_exclude__0.txt @@ -0,0 +1,15 @@ +StateVarInitFromFunction.v is set pre-construction with a non-constant function or state variable: + - set() + +StateVarInitFromFunction.z4 is set pre-construction with a non-constant function or state variable: + - z3 + 5 + +StateVarInitFromFunction.x is set pre-construction with a non-constant function or state variable: + - set() + +StateVarInitFromFunction.y1 is set pre-construction with a non-constant function or state variable: + - 5 + get() + +StateVarInitFromFunction.y2 is set pre-construction with a non-constant function or state variable: + - (10 + (5 + get())) + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_IncorrectERC20InterfaceDetection_0_7_6_incorrect_erc20_interface_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_IncorrectERC20InterfaceDetection_0_7_6_incorrect_erc20_interface_sol_exclude__0.txt new file mode 100644 index 000000000..9e58f85af --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_IncorrectERC20InterfaceDetection_0_7_6_incorrect_erc20_interface_sol_exclude__0.txt @@ -0,0 +1,12 @@ +Token has incorrect ERC20 function interface:Token.approve(address,uint256) + +Token has incorrect ERC20 function interface:Token.allowance(address,address) + +Token has incorrect ERC20 function interface:Token.balanceOf(address) + +Token has incorrect ERC20 function interface:Token.transferFrom(address,address,uint256) + +Token has incorrect ERC20 function interface:Token.totalSupply() + +Token has incorrect ERC20 function interface:Token.transfer(address,uint256) + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_IncorrectSolc_0_5_16_dynamic_2_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_IncorrectSolc_0_5_16_dynamic_2_sol_exclude__0.txt new file mode 100644 index 000000000..9cde284b5 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_IncorrectSolc_0_5_16_dynamic_2_sol_exclude__0.txt @@ -0,0 +1,21 @@ +Version constraint >=0.5.0<0.6.0 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html) + - DirtyBytesArrayToStorage + - ABIDecodeTwoDimensionalArrayMemory + - KeccakCaching + - EmptyByteArrayCopy + - DynamicArrayCleanup + - ImplicitConstructorCallvalueCheck + - TupleAssignmentMultiStackSlotComponents + - MemoryArrayCreationOverflow + - privateCanBeOverridden + - SignedArrayStorageCopy + - ABIEncoderV2StorageArrayWithMultiSlotElement + - DynamicConstructorArgumentsClippedABIV2 + - UninitializedFunctionPointerInConstructor + - IncorrectEventSignatureInLibraries + - ABIEncoderV2PackedStorage. + It is used by: + - tests/e2e/detectors/test_data/solc-version/0.5.16/dynamic_2.sol#1 + +solc-0.5.16 is an outdated solc version. Use a more recent version (at least 0.8.0), if possible. + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_IncorrectSolc_0_7_4_static_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_IncorrectSolc_0_7_4_static_sol_exclude__0.txt new file mode 100644 index 000000000..052d8cb27 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_IncorrectSolc_0_7_4_static_sol_exclude__0.txt @@ -0,0 +1,15 @@ +Version constraint 0.7.4 contains known severe issues (https://solidity.readthedocs.io/en/latest/bugs.html) + - FullInlinerNonExpressionSplitArgumentEvaluationOrder + - MissingSideEffectsOnSelectorAccess + - AbiReencodingHeadOverflowWithStaticArrayCleanup + - DirtyBytesArrayToStorage + - DataLocationChangeInInternalOverride + - NestedCalldataArrayAbiReencodingSizeValidation + - SignedImmutables + - ABIDecodeTwoDimensionalArrayMemory + - KeccakCaching. + It is used by: + - tests/e2e/detectors/test_data/solc-version/0.7.4/static.sol#1 + +solc-0.7.4 is an outdated solc version. Use a more recent version (at least 0.8.0), if possible. + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_IncorrectStrictEquality_0_4_25_incorrect_equality_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_IncorrectStrictEquality_0_4_25_incorrect_equality_sol_exclude__0.txt new file mode 100644 index 000000000..961c809fa --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_IncorrectStrictEquality_0_4_25_incorrect_equality_sol_exclude__0.txt @@ -0,0 +1,36 @@ +TestContractBalance.bad3() uses a dangerous strict equality: + - require(bool)(10000000000000000000 == address(this).balance) + +TestContractBalance.bad1() uses a dangerous strict equality: + - require(bool)(10000000000000000000 == address(address(this)).balance) + +ERC20TestBalance.bad1(ERC20Variable) uses a dangerous strict equality: + - require(bool)(erc.balanceOf(msg.sender) == 10) + +TestSolidityKeyword.bad0() uses a dangerous strict equality: + - require(bool)(now == 0) + +TestContractBalance.bad4() uses a dangerous strict equality: + - balance == 10000000000000000000 + +ERC20TestBalance.bad0(ERC20Function) uses a dangerous strict equality: + - require(bool)(erc.balanceOf(address(this)) == 10) + +TestSolidityKeyword.bad1() uses a dangerous strict equality: + - require(bool)(block.number == 0) + +TestContractBalance.bad0() uses a dangerous strict equality: + - require(bool)(address(address(this)).balance == 10000000000000000000) + +TestContractBalance.bad5() uses a dangerous strict equality: + - 10000000000000000000 == balance + +TestContractBalance.bad6() uses a dangerous strict equality: + - balance == 10000000000000000000 + +TestSolidityKeyword.bad2() uses a dangerous strict equality: + - require(bool)(block.number == 0) + +TestContractBalance.bad2() uses a dangerous strict equality: + - require(bool)(address(this).balance == 10000000000000000000) + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_IncorrectUnaryExpressionDetection_0_4_25_invalid_unary_expression_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_IncorrectUnaryExpressionDetection_0_4_25_invalid_unary_expression_sol_exclude__0.txt new file mode 100644 index 000000000..4e3076b76 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_IncorrectUnaryExpressionDetection_0_4_25_invalid_unary_expression_sol_exclude__0.txt @@ -0,0 +1,8 @@ +C.slitherConstructorVariables() uses an dangerous unary operator: c = (b = + 1) + +C.f() uses an dangerous unary operator: x = + 144444 + +C.c uses an dangerous unary operator: (b = + 1) + +C.f() uses an dangerous unary operator: x = (x = + 1) + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_IncorrectUsingFor_0_8_17_IncorrectUsingForTopLevel_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_IncorrectUsingFor_0_8_17_IncorrectUsingForTopLevel_sol_exclude__0.txt new file mode 100644 index 000000000..4a85bca5f --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_IncorrectUsingFor_0_8_17_IncorrectUsingForTopLevel_sol_exclude__0.txt @@ -0,0 +1,24 @@ +using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#84 is incorrect - no matching function for bytes17[] found in L. + +using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#85 is incorrect - no matching function for uint256 found in L. + +using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#90 is incorrect - no matching function for mapping(int256 => uint128) found in L. + +using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#86 is incorrect - no matching function for int256 found in L. + +using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#89 is incorrect - no matching function for E2 found in L. + +using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#93 is incorrect - no matching function for bytes[][] found in L. + +using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#92 is incorrect - no matching function for string[][] found in L. + +using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#91 is incorrect - no matching function for mapping(int128 => uint256) found in L. + +using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#87 is incorrect - no matching function for bytes18 found in L. + +using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#88 is incorrect - no matching function for S2 found in L. + +using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#83 is incorrect - no matching function for C3 found in L. + +using-for statement at tests/e2e/detectors/test_data/incorrect-using-for/0.8.17/IncorrectUsingForTopLevel.sol#94 is incorrect - no matching function for custom_int found in L. + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_LockedEther_0_4_25_locked_ether_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_LockedEther_0_4_25_locked_ether_sol_exclude__0.txt new file mode 100644 index 000000000..bc4d3cf00 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_LockedEther_0_4_25_locked_ether_sol_exclude__0.txt @@ -0,0 +1,10 @@ +Contract locking ether found: + Contract OnlyLocked has payable functions: + - Locked.receive() + But does not have a function to withdraw the ether + +Contract locking ether found: + Contract UnlockedAssembly has payable functions: + - Locked.receive() + But does not have a function to withdraw the ether + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_MappingDeletionDetection_0_5_16_MappingDeletion_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_MappingDeletionDetection_0_5_16_MappingDeletion_sol_exclude__0.txt new file mode 100644 index 000000000..8170e0af1 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_MappingDeletionDetection_0_5_16_MappingDeletion_sol_exclude__0.txt @@ -0,0 +1,9 @@ +Lib.deleteSt(Lib.MyStruct[1]) deletes Lib.MyStruct which contains a mapping: + -delete st[0] + +Balances.deleteBalance(uint256) deletes Balances.BalancesStruct which contains a mapping: + -delete stackBalance[idx] + +Balances.deleteNestedBalance() deletes Balances.BalancesStruct which contains a mapping: + -delete nestedStackBalance + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_MissingEventsAccessControl_0_6_11_missing_events_access_control_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_MissingEventsAccessControl_0_6_11_missing_events_access_control_sol_exclude__0.txt new file mode 100644 index 000000000..ee05c7ca1 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_MissingEventsAccessControl_0_6_11_missing_events_access_control_sol_exclude__0.txt @@ -0,0 +1,9 @@ +Bug.bad2(address) should emit an event for: + - owner = newOwner + +Bug.bad1(address) should emit an event for: + - owner = newOwner + +Bug.bad0() should emit an event for: + - owner = msg.sender + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_MissingEventsArithmetic_0_7_6_missing_events_arithmetic_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_MissingEventsArithmetic_0_7_6_missing_events_arithmetic_sol_exclude__0.txt new file mode 100644 index 000000000..ab1fbc92f --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_MissingEventsArithmetic_0_7_6_missing_events_arithmetic_sol_exclude__0.txt @@ -0,0 +1,6 @@ +Bug.bad1(int16) should emit an event for: + - iprice16 = _price + +Bug.bad0(uint8) should emit an event for: + - uprice8 = _price + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_MissingInheritance_0_7_6_unimplemented_interface_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_MissingInheritance_0_7_6_unimplemented_interface_sol_exclude__0.txt new file mode 100644 index 000000000..254adc0b3 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_MissingInheritance_0_7_6_unimplemented_interface_sol_exclude__0.txt @@ -0,0 +1,2 @@ +Something should inherit from ISomething + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_MsgValueInLoop_0_4_25_msg_value_loop_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_MsgValueInLoop_0_4_25_msg_value_loop_sol_exclude__0.txt new file mode 100644 index 000000000..baa8f4016 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_MsgValueInLoop_0_4_25_msg_value_loop_sol_exclude__0.txt @@ -0,0 +1,6 @@ +C.bad(address[]) use msg.value in a loop: balances[receivers[i]] += msg.value + +C.bad3(address[]) use msg.value in a loop: balances[receivers[j]] += msg.value + +C.bad2_internal(address) use msg.value in a loop: balances[a] += msg.value + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_MultipleCallsInLoop_0_4_25_multiple_calls_in_loop_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_MultipleCallsInLoop_0_4_25_multiple_calls_in_loop_sol_exclude__0.txt new file mode 100644 index 000000000..6afe63714 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_MultipleCallsInLoop_0_4_25_multiple_calls_in_loop_sol_exclude__0.txt @@ -0,0 +1,8 @@ +CallInLoop.bad() has external calls inside a loop: destinations[i].transfer(i) + +CallInLoop.bad2() has external calls inside a loop: destinations[i].transfer(i) + +CallInLoop.bad3_internal(address,uint256) has external calls inside a loop: a.transfer(i) + +CallInLoopBase.bad_base() has external calls inside a loop: destinations_base[i].transfer(i) + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_NamingConvention_0_7_6_naming_convention_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_NamingConvention_0_7_6_naming_convention_sol_exclude__0.txt new file mode 100644 index 000000000..10b925007 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_NamingConvention_0_7_6_naming_convention_sol_exclude__0.txt @@ -0,0 +1,36 @@ +Variable T.s_myStateVar is not in mixedCase + +Struct naming.test is not in CapWords + +Variable T.I is not in mixedCase + +Variable T.I is single letter l, O, or I, which should not be used + +Variable T.O is not in mixedCase + +Variable naming.Var_One is not in mixedCase + +Constant naming.MY_other_CONSTANT is not in UPPER_CASE_WITH_UNDERSCORES + +Contract naming is not in CapWords + +Enum naming.numbers is not in CapWords + +Parameter T.test(uint256,uint256)._used is not in mixedCase + +Variable T._myPublicVar is not in mixedCase + +Variable T.O is single letter l, O, or I, which should not be used + +Event naming.event_(uint256) is not in CapWords + +Modifier naming.CantDo() is not in mixedCase + +Function naming.GetOne() is not in mixedCase + +Variable T.l is single letter l, O, or I, which should not be used + +Variable naming.i_myImutableVar is not in mixedCase + +Parameter naming.setInt(uint256,uint256).Number2 is not in mixedCase + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_PredeclarationUsageLocal_0_4_25_predeclaration_usage_local_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_PredeclarationUsageLocal_0_4_25_predeclaration_usage_local_sol_exclude__0.txt new file mode 100644 index 000000000..5eb76fedd --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_PredeclarationUsageLocal_0_4_25_predeclaration_usage_local_sol_exclude__0.txt @@ -0,0 +1,10 @@ +Variable 'C.f(uint256).i' in C.f(uint256) potentially used before declaration: i -- + +Variable 'C.f(uint256).i' in C.f(uint256) potentially used before declaration: x += i + +Variable 'C.f(uint256).i' in C.f(uint256) potentially used before declaration: i > 0 + +Variable 'C.f(uint256).i' in C.f(uint256) potentially used before declaration: i = 10 + +Variable 'C.f(uint256).x' in C.f(uint256) potentially used before declaration: y = x + 9 + z + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ProtectedVariables_0_8_2_comment_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ProtectedVariables_0_8_2_comment_sol_exclude__0.txt new file mode 100644 index 000000000..1726a31a6 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_ProtectedVariables_0_8_2_comment_sol_exclude__0.txt @@ -0,0 +1,4 @@ +Internal.buggy() should have Internal.onlyOwner() to protect Internal.owner + +ReentrancyAndWrite.set_not_protected() should have ReentrancyAndWrite.onlyOwner() to protect ReentrancyAndWrite.external_contract + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_RedundantStatements_0_5_16_redundant_statements_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_RedundantStatements_0_5_16_redundant_statements_sol_exclude__0.txt new file mode 100644 index 000000000..1fcce60bd --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_RedundantStatements_0_5_16_redundant_statements_sol_exclude__0.txt @@ -0,0 +1,12 @@ +Redundant expression "assert(bool)" inRedundantStatementsContract + +Redundant expression "bool" inRedundantStatementsContract + +Redundant expression "uint256" inRedundantStatementsContract + +Redundant expression "uint256" inRedundantStatementsContract + +Redundant expression "RedundantStatementsContract" inRedundantStatementsContract + +Redundant expression "test" inRedundantStatementsContract + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ReentrancyBenign_0_6_11_reentrancy_benign_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ReentrancyBenign_0_6_11_reentrancy_benign_sol_exclude__0.txt new file mode 100644 index 000000000..3ac58b7e5 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_ReentrancyBenign_0_6_11_reentrancy_benign_sol_exclude__0.txt @@ -0,0 +1,50 @@ +Reentrancy in ReentrancyBenign.bad2(address): + External calls: + - (success,None) = target.call() + - address(target).call.value(1000)() + External calls sending eth: + - address(target).call.value(1000)() + State variables written after the call(s): + - counter += 1 + +Reentrancy in ReentrancyBenign.bad4(address): + External calls: + - externalCaller(target) + - address(target).call() + - ethSender(address(0)) + - address(target).call.value(1)() + External calls sending eth: + - ethSender(address(0)) + - address(target).call.value(1)() + State variables written after the call(s): + - varChanger() + - anotherVariableToChange ++ + +Reentrancy in ReentrancyBenign.bad3(address): + External calls: + - externalCaller(target) + - address(target).call() + State variables written after the call(s): + - varChanger() + - anotherVariableToChange ++ + +Reentrancy in ReentrancyBenign.bad5(address): + External calls: + - ethSender(address(0)) + - address(target).call.value(1)() + State variables written after the call(s): + - varChanger() + - anotherVariableToChange ++ + +Reentrancy in ReentrancyBenign.bad0(): + External calls: + - (success,None) = msg.sender.call() + State variables written after the call(s): + - counter += 1 + +Reentrancy in ReentrancyBenign.bad1(address): + External calls: + - (success,None) = target.call() + State variables written after the call(s): + - counter += 1 + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ReentrancyEth_0_4_25_reentrancy_indirect_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ReentrancyEth_0_4_25_reentrancy_indirect_sol_exclude__0.txt new file mode 100644 index 000000000..29fd8ae26 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_ReentrancyEth_0_4_25_reentrancy_indirect_sol_exclude__0.txt @@ -0,0 +1,15 @@ +Reentrancy in Reentrancy.withdraw(address): + External calls: + - require(bool)(Token(token).transfer(msg.sender,token_deposed[token][msg.sender])) + External calls sending eth: + - msg.sender.transfer(eth_deposed[token][msg.sender]) + State variables written after the call(s): + - eth_deposed[token][msg.sender] = 0 + Reentrancy.eth_deposed can be used in cross function reentrancies: + - Reentrancy.deposit_eth(address) + - Reentrancy.withdraw(address) + - token_deposed[token][msg.sender] = 0 + Reentrancy.token_deposed can be used in cross function reentrancies: + - Reentrancy.deposit_token(address,uint256) + - Reentrancy.withdraw(address) + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ReentrancyEth_0_7_6_reentrancy_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ReentrancyEth_0_7_6_reentrancy_sol_exclude__0.txt new file mode 100644 index 000000000..f591426ac --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_ReentrancyEth_0_7_6_reentrancy_sol_exclude__0.txt @@ -0,0 +1,28 @@ +Reentrancy in Reentrancy.withdrawBalance_fixed_3(): + External calls: + - (ret,mem) = msg.sender.call{value: amount}() + State variables written after the call(s): + - userBalance[msg.sender] = amount + Reentrancy.userBalance can be used in cross function reentrancies: + - Reentrancy.addToBalance() + - Reentrancy.constructor() + - Reentrancy.getBalance(address) + - Reentrancy.withdrawBalance() + - Reentrancy.withdrawBalance_fixed() + - Reentrancy.withdrawBalance_fixed_2() + - Reentrancy.withdrawBalance_fixed_3() + +Reentrancy in Reentrancy.withdrawBalance(): + External calls: + - (ret,mem) = msg.sender.call{value: userBalance[msg.sender]}() + State variables written after the call(s): + - userBalance[msg.sender] = 0 + Reentrancy.userBalance can be used in cross function reentrancies: + - Reentrancy.addToBalance() + - Reentrancy.constructor() + - Reentrancy.getBalance(address) + - Reentrancy.withdrawBalance() + - Reentrancy.withdrawBalance_fixed() + - Reentrancy.withdrawBalance_fixed_2() + - Reentrancy.withdrawBalance_fixed_3() + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ReentrancyReadBeforeWritten_0_7_6_no_reentrancy_staticcall_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ReentrancyReadBeforeWritten_0_7_6_no_reentrancy_staticcall_sol_exclude__0.txt new file mode 100644 index 000000000..e69de29bb diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ReentrancyReadBeforeWritten_0_7_6_reentrancy_write_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ReentrancyReadBeforeWritten_0_7_6_reentrancy_write_sol_exclude__0.txt new file mode 100644 index 000000000..0ef9e6cd3 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_ReentrancyReadBeforeWritten_0_7_6_reentrancy_write_sol_exclude__0.txt @@ -0,0 +1,25 @@ +Reentrancy in ReentrancyWrite.bad0(): + External calls: + - (success,None) = msg.sender.call() + State variables written after the call(s): + - notCalled = false + ReentrancyWrite.notCalled can be used in cross function reentrancies: + - ReentrancyWrite.bad0() + - ReentrancyWrite.bad1(address) + - ReentrancyWrite.constructor(address) + - ReentrancyWrite.good() + +Reentrancy in ReentrancyWrite.bad1(address): + External calls: + - (success,None) = msg.sender.call() + - bad0() + - (success,None) = msg.sender.call() + State variables written after the call(s): + - bad0() + - notCalled = false + ReentrancyWrite.notCalled can be used in cross function reentrancies: + - ReentrancyWrite.bad0() + - ReentrancyWrite.bad1(address) + - ReentrancyWrite.constructor(address) + - ReentrancyWrite.good() + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_RightToLeftOverride_0_4_25_right_to_left_override_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_RightToLeftOverride_0_4_25_right_to_left_override_sol_exclude__0.txt new file mode 100644 index 000000000..ac0099d48 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_RightToLeftOverride_0_4_25_right_to_left_override_sol_exclude__0.txt @@ -0,0 +1,3 @@ +tests/e2e/detectors/test_data/rtlo/0.4.25/right_to_left_override.sol contains a unicode right-to-left-override character at byte offset 96: + - b' test1(/*A\xe2\x80\xae/*B*/2 , 1/*\xe2\x80\xad' + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_ShiftParameterMixup_0_6_11_shift_parameter_mixup_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_ShiftParameterMixup_0_6_11_shift_parameter_mixup_sol_exclude__0.txt new file mode 100644 index 000000000..922db089e --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_ShiftParameterMixup_0_6_11_shift_parameter_mixup_sol_exclude__0.txt @@ -0,0 +1,2 @@ +C.f() contains an incorrect shift operation: a = 8 >> a + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_StateShadowing_0_4_25_shadowing_state_variable_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_StateShadowing_0_4_25_shadowing_state_variable_sol_exclude__0.txt new file mode 100644 index 000000000..f7eb3ef79 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_StateShadowing_0_4_25_shadowing_state_variable_sol_exclude__0.txt @@ -0,0 +1,3 @@ +DerivedContract.owner shadows: + - BaseContract.owner + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_StateShadowing_0_7_6_shadowing_state_variable_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_StateShadowing_0_7_6_shadowing_state_variable_sol_exclude__0.txt new file mode 100644 index 000000000..e69de29bb diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_StorageSignedIntegerArray_0_5_10_storage_signed_integer_array_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_StorageSignedIntegerArray_0_5_10_storage_signed_integer_array_sol_exclude__0.txt new file mode 100644 index 000000000..e69de29bb diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_Suicidal_0_6_11_suicidal_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_Suicidal_0_6_11_suicidal_sol_exclude__0.txt new file mode 100644 index 000000000..d0e5d9897 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_Suicidal_0_6_11_suicidal_sol_exclude__0.txt @@ -0,0 +1,2 @@ +C.i_am_a_backdoor() allows anyone to destruct the contract + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_TautologicalCompare_0_8_20_compare_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_TautologicalCompare_0_8_20_compare_sol_exclude__0.txt new file mode 100644 index 000000000..9317341df --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_TautologicalCompare_0_8_20_compare_sol_exclude__0.txt @@ -0,0 +1,3 @@ +A.check(uint256) compares a variable to itself: + (a >= a) + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_TooManyDigits_0_5_16_too_many_digits_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_TooManyDigits_0_5_16_too_many_digits_sol_exclude__0.txt new file mode 100644 index 000000000..37cf851c4 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_TooManyDigits_0_5_16_too_many_digits_sol_exclude__0.txt @@ -0,0 +1,15 @@ +C.f() uses literals with too many digits: + - x2 = 0x0000000000001 + +C.h() uses literals with too many digits: + - x2 = 100000 + +C.f() uses literals with too many digits: + - x3 = 1000000000000000000 + +C.f() uses literals with too many digits: + - x1 = 0x000001 + +C.f() uses literals with too many digits: + - x4 = 100000 + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_TxOrigin_0_7_6_tx_origin_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_TxOrigin_0_7_6_tx_origin_sol_exclude__0.txt new file mode 100644 index 000000000..298d0f73e --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_TxOrigin_0_7_6_tx_origin_sol_exclude__0.txt @@ -0,0 +1,4 @@ +TxOrigin.bug2() uses tx.origin for authorization: tx.origin != owner + +TxOrigin.bug0() uses tx.origin for authorization: require(bool)(tx.origin == owner) + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_TypeBasedTautology_0_7_6_type_based_tautology_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_TypeBasedTautology_0_7_6_type_based_tautology_sol_exclude__0.txt new file mode 100644 index 000000000..5d27e1333 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_TypeBasedTautology_0_7_6_type_based_tautology_sol_exclude__0.txt @@ -0,0 +1,6 @@ +A.g(uint8) contains a tautology or contradiction: + - (y < 512) + +A.f(uint256) contains a tautology or contradiction: + - x >= 0 + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UncheckedLowLevel_0_5_16_unchecked_lowlevel_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UncheckedLowLevel_0_5_16_unchecked_lowlevel_sol_exclude__0.txt new file mode 100644 index 000000000..dae680b17 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_UncheckedLowLevel_0_5_16_unchecked_lowlevel_sol_exclude__0.txt @@ -0,0 +1,2 @@ +MyConc.bad(address) ignores return value by dst.call.value(msg.value)() + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UncheckedSend_0_6_11_unchecked_send_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UncheckedSend_0_6_11_unchecked_send_sol_exclude__0.txt new file mode 100644 index 000000000..9c295db0b --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_UncheckedSend_0_6_11_unchecked_send_sol_exclude__0.txt @@ -0,0 +1,2 @@ +MyConc.bad(address) ignores return value by dst.send(msg.value) + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UncheckedTransfer_0_7_6_unused_return_transfers_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UncheckedTransfer_0_7_6_unused_return_transfers_sol_exclude__0.txt new file mode 100644 index 000000000..f500365b2 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_UncheckedTransfer_0_7_6_unused_return_transfers_sol_exclude__0.txt @@ -0,0 +1,4 @@ +C.bad0() ignores return value by t.transfer(address(0),1000000000000000000) + +C.bad1() ignores return value by t.transferFrom(address(this),address(0),1000000000000000000) + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UnimplementedFunctionDetection_0_7_6_unimplemented_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UnimplementedFunctionDetection_0_7_6_unimplemented_sol_exclude__0.txt new file mode 100644 index 000000000..909405735 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_UnimplementedFunctionDetection_0_7_6_unimplemented_sol_exclude__0.txt @@ -0,0 +1,10 @@ +DerivedContract_bad2 does not implement functions: + - BaseInterface3.get(uint256) + +DerivedContract_bad0 does not implement functions: + - BaseInterface.f2() + - BaseInterface2.f3() + +AbstractContract_bad1 does not implement functions: + - AbstractContract_bad1.f1() + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UnindexedERC20EventParameters_0_6_11_erc20_indexed_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UnindexedERC20EventParameters_0_6_11_erc20_indexed_sol_exclude__0.txt new file mode 100644 index 000000000..cbaf36a64 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_UnindexedERC20EventParameters_0_6_11_erc20_indexed_sol_exclude__0.txt @@ -0,0 +1,8 @@ +ERC20 event IERC20Bad.Approval(address,address,uint256)does not index parameter owner + +ERC20 event IERC20Bad.Transfer(address,address,uint256)does not index parameter from + +ERC20 event IERC20Bad.Approval(address,address,uint256)does not index parameter spender + +ERC20 event IERC20Bad.Transfer(address,address,uint256)does not index parameter to + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UninitializedFunctionPtrsConstructor_0_4_25_uninitialized_function_ptr_constructor_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UninitializedFunctionPtrsConstructor_0_4_25_uninitialized_function_ptr_constructor_sol_exclude__0.txt new file mode 100644 index 000000000..aa36fbedb --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_UninitializedFunctionPtrsConstructor_0_4_25_uninitialized_function_ptr_constructor_sol_exclude__0.txt @@ -0,0 +1,12 @@ +Contract bad2 + s.a(10) is an unintialized function pointer call in a constructor + +Contract bad0 + a(10) is an unintialized function pointer call in a constructor + +Contract bad3 + a(10) is an unintialized function pointer call in a constructor + +Contract bad1 + b(10) is an unintialized function pointer call in a constructor + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UninitializedLocalVars_0_5_16_uninitialized_local_variable_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UninitializedLocalVars_0_5_16_uninitialized_local_variable_sol_exclude__0.txt new file mode 100644 index 000000000..d70021d97 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_UninitializedLocalVars_0_5_16_uninitialized_local_variable_sol_exclude__0.txt @@ -0,0 +1,2 @@ +Uninitialized.func().uint_not_init is a local variable never initialized + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UninitializedStateVarsDetection_0_4_25_uninitialized_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UninitializedStateVarsDetection_0_4_25_uninitialized_sol_exclude__0.txt new file mode 100644 index 000000000..e55e651f9 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_UninitializedStateVarsDetection_0_4_25_uninitialized_sol_exclude__0.txt @@ -0,0 +1,12 @@ +Test2.st is never initialized. It is used in: + - Test2.use() + +Test.balances is never initialized. It is used in: + - Test.use() + +Test2.v is never initialized. It is used in: + - Test2.init() + +Uninitialized.destination is never initialized. It is used in: + - Uninitialized.transfer() + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UninitializedStorageVars_0_4_25_uninitialized_storage_pointer_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UninitializedStorageVars_0_4_25_uninitialized_storage_pointer_sol_exclude__0.txt new file mode 100644 index 000000000..92c0b3fe5 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_UninitializedStorageVars_0_4_25_uninitialized_storage_pointer_sol_exclude__0.txt @@ -0,0 +1,2 @@ +Uninitialized.func().st_bug is a storage variable never initialized + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UnprotectedUpgradeable_0_4_25_whitelisted_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UnprotectedUpgradeable_0_4_25_whitelisted_sol_exclude__0.txt new file mode 100644 index 000000000..e69de29bb diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UnprotectedUpgradeable_0_6_11_Fixed_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UnprotectedUpgradeable_0_6_11_Fixed_sol_exclude__0.txt new file mode 100644 index 000000000..e69de29bb diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UnprotectedUpgradeable_0_8_15_Buggy_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UnprotectedUpgradeable_0_8_15_Buggy_sol_exclude__0.txt new file mode 100644 index 000000000..f00fbefdf --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_UnprotectedUpgradeable_0_8_15_Buggy_sol_exclude__0.txt @@ -0,0 +1 @@ +Buggy is an upgradeable contract that does not protect its initialize functions: Buggy.initialize(). Anyone can delete the contract with: Buggy.kill() diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UnusedImport_0_8_16_ConstantTopLevelUsedInContractTest_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UnusedImport_0_8_16_ConstantTopLevelUsedInContractTest_sol_exclude__0.txt new file mode 100644 index 000000000..e69de29bb diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UnusedImport_0_8_16_CustomErrorTopLevelUsedInContractTest_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UnusedImport_0_8_16_CustomErrorTopLevelUsedInContractTest_sol_exclude__0.txt new file mode 100644 index 000000000..e69de29bb diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UnusedImport_0_8_16_CustomTypeContractLevelUsedInContractTest3_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UnusedImport_0_8_16_CustomTypeContractLevelUsedInContractTest3_sol_exclude__0.txt new file mode 100644 index 000000000..e69de29bb diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UnusedImport_0_8_16_CustomTypeTopLevelUsedInContractTest2_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UnusedImport_0_8_16_CustomTypeTopLevelUsedInContractTest2_sol_exclude__0.txt new file mode 100644 index 000000000..e69de29bb diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UnusedImport_0_8_16_EnumContractLevelUsedInContractTest_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UnusedImport_0_8_16_EnumContractLevelUsedInContractTest_sol_exclude__0.txt new file mode 100644 index 000000000..e69de29bb diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UnusedImport_0_8_16_FunctionContractLevelUsedTopLevelTest_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UnusedImport_0_8_16_FunctionContractLevelUsedTopLevelTest_sol_exclude__0.txt new file mode 100644 index 000000000..e69de29bb diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_UnusedImport_0_8_16_StructContractLevelUsedInContractTest_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_UnusedImport_0_8_16_StructContractLevelUsedInContractTest_sol_exclude__0.txt new file mode 100644 index 000000000..e69de29bb diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_VarReadUsingThis_0_7_6_var_read_using_this_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_VarReadUsingThis_0_7_6_var_read_using_this_sol_exclude__0.txt new file mode 100644 index 000000000..f4396ae7a --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_VarReadUsingThis_0_7_6_var_read_using_this_sol_exclude__0.txt @@ -0,0 +1,8 @@ +The function VarReadUsingThis.bad2() reads this.erc20() with `this` which adds an extra STATICCALL. + +The function VarReadUsingThis.bad4() reads local = this.erc20() with `this` which adds an extra STATICCALL. + +The function VarReadUsingThis.bad1(uint256) reads this.myMap(x) with `this` which adds an extra STATICCALL. + +The function VarReadUsingThis.bad3() reads this.erc20() == address(0) with `this` which adds an extra STATICCALL. + diff --git a/tests/e2e/detectors/snapshots/detectors__exclude_location_VoidConstructor_0_5_16_void_cst_sol_exclude__0.txt b/tests/e2e/detectors/snapshots/detectors__exclude_location_VoidConstructor_0_5_16_void_cst_sol_exclude__0.txt new file mode 100644 index 000000000..75822fc63 --- /dev/null +++ b/tests/e2e/detectors/snapshots/detectors__exclude_location_VoidConstructor_0_5_16_void_cst_sol_exclude__0.txt @@ -0,0 +1,3 @@ +Void constructor called in D.constructor(): + - C() + diff --git a/tests/e2e/detectors/test_detectors.py b/tests/e2e/detectors/test_detectors.py index 5604b57dd..d383329d5 100644 --- a/tests/e2e/detectors/test_detectors.py +++ b/tests/e2e/detectors/test_detectors.py @@ -1875,9 +1875,8 @@ def id_test(test_item: Test): TEST_DATA_DIR = Path(__file__).resolve().parent / "test_data" -# pylint: disable=too-many-locals -@pytest.mark.parametrize("test_item", ALL_TESTS, ids=id_test) -def test_detector(test_item: Test, snapshot): + +def load_from_crytic(test_item: Test): test_dir_path = Path( TEST_DATA_DIR, test_item.detector.ARGUMENT, @@ -1886,7 +1885,13 @@ def test_detector(test_item: Test, snapshot): test_file_path = Path(test_dir_path, test_item.test_file).as_posix() zip_artifact_path = Path(f"{test_file_path}-{test_item.solc_ver}.zip").as_posix() - crytic_compile = load_from_zip(zip_artifact_path)[0] + return load_from_zip(zip_artifact_path).pop() + + +# pylint: disable=too-many-locals +@pytest.mark.parametrize("test_item", ALL_TESTS, ids=id_test) +def test_detector(test_item: Test, snapshot): + crytic_compile = load_from_crytic(test_item) sl = Slither(crytic_compile) sl.register_detector(test_item.detector) @@ -1900,6 +1905,27 @@ def test_detector(test_item: Test, snapshot): assert snapshot() == actual_output +def id_test_exclude_location(test_item: Test): + return f"{test_item.detector.__name__}-{test_item.solc_ver}-{test_item.test_file}-exclude" + + +# Let no rerun every test, but only a subset of them +@pytest.mark.parametrize("test_item", ALL_TESTS[::5], ids=id_test_exclude_location) +def test_exclude_location(test_item, snapshot): + crytic_compile = load_from_crytic(test_item) + + sl = Slither(crytic_compile, exclude_location=True) + sl.register_detector(test_item.detector) + results = sl.run_detectors() + + actual_output = "" + for detector_result in results: + for result in detector_result: + actual_output += result["description"] + actual_output += "\n" + assert snapshot() == actual_output + + def _generate_compile(test_item: Test, skip_existing=False): test_dir_path = Path( TEST_DATA_DIR,