search

Consensys / mythx-cli

A command line interface for the MythX smart contract security analysis API
https://mythx-cli.readthedocs.io/
MIT License
84 stars 29 forks source link

Support hardhat projects with mythx analyze #265

Open xanderdunn opened 2 years ago

xanderdunn commented 2 years ago

Many developers are moving from truffle to hardhat for solidity development. The mythx-cli supports interpreting truffle projects for the analyze function, but I haven't been able to get this to work in a hardhat project.

From the root directory of my hardhat project:

$ mythx analyze
Error: No argument given and unable to detect Truffle project or Solidity files
$ mythx analyze contracts/
mythx analyze contracts/
Usage: mythx analyze [OPTIONS] [TARGET]...

Error: Error compiling source with solc v0.7.6: contracts/XanderNFTs.sol:6:1: ParserError: Source "@openzeppelin/contracts/token/ERC721/ERC721.sol" not found: File outside of allowed directories.
import "@openzeppelin/contracts/token/ERC721/ERC721.sol";
^-------------------------------------------------------^

contracts/XanderNFTs.sol:7:1: ParserError: Source "@openzeppelin/contracts/utils/Counters.sol" not found: File outside of allowed directories.
import "@openzeppelin/contracts/utils/Counters.sol";
^--------------------------------------------------^

> command: `/Users/xander/.solcx/solc-v0.7.6 --standard-json --allow-paths /Users/xander/dev/malden_feuerstein`
> return code: `0`
> stdout:
{"errors":[{"component":"general","errorCode":"6275","formattedMessage":"contracts/XanderNFTs.sol:6:1: ParserError: Source \"@openzeppelin/contracts/token/ERC721/ERC721.sol\" not found: File outside of allowed directories.\nimport \"@openzeppelin/contracts/token/ERC721/ERC721.sol\";\n^-------------------------------------------------------^\n","message":"Source \"@openzeppelin/contracts/token/ERC721/ERC721.sol\" not found: File outside of allowed directories.","severity":"error","sourceLocation":{"end":139,"file":"contracts/XanderNFTs.sol","start":82},"type":"ParserError"},{"component":"general","errorCode":"6275","formattedMessage":"contracts/XanderNFTs.sol:7:1: ParserError: Source \"@openzeppelin/contracts/utils/Counters.sol\" not found: File outside of allowed directories.\nimport \"@openzeppelin/contracts/utils/Counters.sol\";\n^--------------------------------------------------^\n","message":"Source \"@openzeppelin/contracts/utils/Counters.sol\" not found: File outside of allowed directories.","severity":"error","sourceLocation":{"end":192,"file":"contracts/XanderNFTs.sol","start":140},"type":"ParserError"}],"sources":{}}

> stderr:

This is the standard issue where solc (0.7.6 in this case) is not finding the dependencies. I'm not sure how to pass the necessary flags to mythx's solc invocation to get compilation to work here. If mythx could pull this from a hardhat project that would be extremely convenient.

CjS77 commented 2 years ago

This works with mythx-cli on my hardhat project:

mythx analyze --remap-import "@openzeppelin/=$(pwd)/node_modules/@openzeppelin/" contracts/ContractA.sol contracts/ContractB.sol ...