Mismatch of source file paths

Consensys / mythx-cli

A command line interface for the MythX smart contract security analysis API

https://mythx-cli.readthedocs.io/

MIT License

84 stars 29 forks source link

Mismatch of source file paths #133

Closed joaosantos15 closed 4 years ago

joaosantos15 commented 4 years ago

MythX CLI version: latest

Description

Upon inspecting the JSON submitted to the mythx api, we noticed there was a mismatch of source file paths, which prevented issues location decoding from being performed.

Source List included:

"sourceList" : [ 
            "UniswapV2ERC20.sol", 
             ...
]

Matching entry on the sources object:

"sources" : "{"contracts/UniswapV2ERC20.sol":{"ast ... }}

Notice how the UniswapV2ERC20 in sources in prefix by contracts but not in the sourceList.

dmuhs commented 4 years ago

This is most likely an issue in the path trimming, which is meant to improve user privacy: https://github.com/dmuhs/mythx-cli/blob/master/mythx_cli/analyze/util.py#L16

Trimming is done by a common prefix - I'll have to dig a bit deeper as the prefix seems to be the same at all points.

dmuhs commented 4 years ago

This has been fixed in #134. The issue was a relative path that snuck in and resulted in a prefix replacement not taking effect. I have also released the patch under version 0.6.15.