Merge branch 'crytic:master' into dev-generate-interface-code

crytic · Jul 27, 2023 · 879ef17 · 879ef17
2 parents af74985 + e5f2a86
commit 879ef17
Show file tree

Hide file tree

Showing 38 changed files with 1,049 additions and 252 deletions.
diff --git a/.github/workflows/black.yml b/.github/workflows/black.yml
@@ -32,7 +32,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Python 3.8
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v4
         with:
           python-version: 3.8
 

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -26,6 +26,7 @@ jobs:
       fail-fast: false
       matrix:
         os: ["ubuntu-latest", "windows-2022"]
+        python: ${{ (github.event_name == 'pull_request' && fromJSON('["3.8", "3.11"]')) || fromJSON('["3.8", "3.9", "3.10", "3.11"]') }}
         type: ["cli",
                "dapp",
                "data_dependency",
@@ -53,10 +54,10 @@ jobs:
             type: truffle
     steps:
       - uses: actions/checkout@v3
-      - name: Set up Python 3.8
-        uses: actions/setup-python@v3
+      - name: Set up Python ${{ matrix.python }}
+        uses: actions/setup-python@v4
         with:
-          python-version: 3.8
+          python-version: ${{ matrix.python }}
       - name: Install dependencies
         run: |
           pip install ".[test]"
@@ -66,11 +67,11 @@ jobs:
 
       - name: Set up nix
         if: matrix.type == 'dapp'
-        uses: cachix/install-nix-action@v20
+        uses: cachix/install-nix-action@v22
 
       - name: Set up cachix
         if: matrix.type == 'dapp'
-        uses: cachix/cachix-action@v10
+        uses: cachix/cachix-action@v12
         with:
           name: dapp
 

diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -47,7 +47,7 @@ jobs:
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Docker Build and Push
-        uses: docker/build-push-action@v3
+        uses: docker/build-push-action@v4
         with:
           platforms: linux/amd64,linux/arm64/v8,linux/arm/v7
           target: final

diff --git a/.github/workflows/docs.yml b/.github/workflows/docs.yml
@@ -43,4 +43,4 @@ jobs:
           path: './html/'
       - name: Deploy to GitHub Pages
         id: deployment
-        uses: actions/deploy-pages@v1
+        uses: actions/deploy-pages@v2
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
@@ -33,7 +33,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Python 3.8
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v4
         with:
           python-version: 3.8
 

diff --git a/.github/workflows/publish.yml b/.github/workflows/publish.yml
@@ -44,7 +44,7 @@ jobs:
           path: dist/
 
       - name: publish
-        uses: pypa/gh-action-pypi-publish@v1.8.6
+        uses: pypa/gh-action-pypi-publish@v1.8.7
 
       - name: sign
         uses: sigstore/gh-action-sigstore-python@v1.2.3

diff --git a/.github/workflows/pylint.yml b/.github/workflows/pylint.yml
@@ -27,7 +27,7 @@ jobs:
           fetch-depth: 0
 
       - name: Set up Python 3.8
-        uses: actions/setup-python@v3
+        uses: actions/setup-python@v4
         with:
           python-version: 3.8
 

diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -25,12 +25,13 @@ jobs:
       matrix:
         os: ["ubuntu-latest", "windows-2022"]
         type: ["unit", "integration", "tool"]
+        python: ${{ (github.event_name == 'pull_request' && fromJSON('["3.8", "3.11"]')) || fromJSON('["3.8", "3.9", "3.10", "3.11"]') }}
     steps:
       - uses: actions/checkout@v3
-      - name: Set up Python 3.8
+      - name: Set up Python ${{ matrix.python }}
         uses: actions/setup-python@v4
         with:
-          python-version: 3.8
+          python-version: ${{ matrix.python }}
           cache: "pip"
           cache-dependency-path: setup.py
 
@@ -74,7 +75,7 @@ jobs:
         uses: ./.github/actions/upload-coverage
         # only aggregate test coverage over linux-based tests to avoid any OS-specific filesystem information stored in
         # coverage metadata.
-        if: ${{ matrix.os == 'ubuntu-latest' }}
+        if: ${{ matrix.os == 'ubuntu-latest' && matrix.python == '3.8' }}
 
   coverage:
     needs:

diff --git a/CITATION.cff b/CITATION.cff
@@ -0,0 +1,64 @@
+cff-version: 1.2.0
+title: Slither Analyzer
+message: >-
+  If you use this software, please cite it using the
+  metadata from this file.
+type: software
+authors:
+  - given-names: Josselin
+    family-names: Feist
+  - given-names: Gustavo
+    family-names: Grieco
+  - given-names: Alex
+    family-names: Groce
+identifiers:
+  - type: doi
+    value: 10.48550/arXiv.1908.09878
+    description: arXiv.1908.09878
+  - type: url
+    value: 'https://arxiv.org/abs/1908.09878'
+    description: arxiv
+  - type: doi
+    value: 10.1109/wetseb.2019.00008
+repository-code: 'https://github.com/crytic/slither'
+url: 'https://www.trailofbits.com/'
+repository-artifact: 'https://github.com/crytic/slither/releases'
+abstract: >-
+  Slither is a static analysis framework designed to provide
+  rich information about Ethereum smart contracts.
+
+  It works by converting Solidity smart contracts into an
+  intermediate representation called SlithIR.
+
+  SlithIR uses Static Single Assignment (SSA) form and a
+  reduced instruction set to ease implementation of analyses
+  while preserving semantic information that would be lost
+  in transforming Solidity to bytecode. 
+
+  Slither allows for the application of commonly used
+  program analysis techniques like dataflow and taint
+  tracking.
+
+
+  Our framework has four main use cases: 
+
+  (1) automated detection of vulnerabilities,
+
+  (2) automated detection of code optimization
+  opportunities,
+
+  (3) improvement of the user's understanding of the
+  contracts, and
+
+  (4) assistance with code review.  
+keywords:
+  - Ethereum
+  - Static Analysis
+  - Smart contracts
+  - EVM
+  - bug detection
+  - Software Engineering
+license: AGPL-3.0-only
+commit: 3d4f934d3228f072b7df2c5e7252c64df4601bc8
+version: 0.9.5
+date-released: '2023-06-28'
diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
@@ -81,7 +81,7 @@ For each new detector, at least one regression tests must be present.
 
 1. Create a folder in `tests/e2e/detectors/test_data` with the detector's argument name.
 2. Create a test contract in `tests/e2e/detectors/test_data/<detector_name>/`.
-3. Update `ALL_TEST` in `tests/e2e/detectors/test_detectors.py`
+3. Update `ALL_TESTS` in `tests/e2e/detectors/test_detectors.py`.
 4. Run `python tests/e2e/detectors/test_detectors.py --compile` to create a zip file of the compilation artifacts.
 5. `pytest tests/e2e/detectors/test_detectors.py --insta update-new`. This will generate a snapshot of the detector output in `tests/e2e/detectors/snapshots/`. If updating an existing detector, run `pytest tests/e2e/detectors/test_detectors.py --insta review` and accept or reject the updates.
 6. Run `pytest tests/e2e/detectors/test_detectors.py` to ensure everything worked. Then, add and commit the files to git.
@@ -97,8 +97,9 @@ For each new detector, at least one regression tests must be present.
 
 1. Create a test in `tests/e2e/solc_parsing/`
 2. Run `python tests/e2e/solc_parsing/test_ast_parsing.py --compile`. This will compile the artifact in `tests/e2e/solc_parsing/compile`. Add the compiled artifact to git.
-3. Run `python tests/e2e/solc_parsing/test_ast_parsing.py --generate`. This will generate the json artifacts in `tests/e2e/solc_parsing/expected_json`. Add the generated files to git.
-4. Run `pytest tests/e2e/solc_parsing/test_ast_parsing.py` and check that everything worked.
+3. Update `ALL_TESTS` in `tests/e2e/solc_parsing/test_ast_parsing.py`.
+4. Run `python tests/e2e/solc_parsing/test_ast_parsing.py --generate`. This will generate the json artifacts in `tests/e2e/solc_parsing/expected_json`. Add the generated files to git.
+5. Run `pytest tests/e2e/solc_parsing/test_ast_parsing.py` and check that everything worked.
 
 > ##### Helpful commands for parsing tests
 >