Npm libraries contracts not found

[Ferparishuertas]

Source "openzeppelin-solidity/contracts/math/SafeMath.sol" not found: File outside of allowed directories. import "openzeppelin-solidity/contracts/math/SafeMath.sol";

Errror when running verify

Using npm install -g git+https://git@github.com/ConsenSys/truffle-security.git doesn solve the problem

[Ferparishuertas]

Truffle compile works perfect

[tagomaru]

@Ferparishuertas Could I get your whole project ? And we need to know the detail such as the whole of log.

[Ferparishuertas]

em-token git:(master) ✗ ./node_modules/.bin/truffle run verify Compiling ./contracts/BalanceConverter.sol... Compiling ./contracts/ComplianceRegulator/ComplianceRegulatorService.sol... Compiling ./contracts/ComplianceRegulator/IComplianceRegulatorService.sol... Compiling ./contracts/ComplianceRegulator/PeriodCalculator.sol... Compiling ./contracts/EmoneyToken.sol... Compiling ./contracts/EmoneyTokenMigrator.sol... Compiling ./contracts/HoldableToken.sol... Compiling ./contracts/IRBACMigrator.sol... Compiling ./contracts/MigratableEmoneyToken.sol... Compiling ./contracts/MigratableRegulatorService.sol... Compiling ./contracts/MigratorRole.sol... Compiling ./contracts/PayoutableToken.sol... Compiling ./contracts/RedeemableToken.sol... Compiling ./contracts/RegulatedToken.sol... Compiling ./contracts/RegulatorService.sol... Compiling ./contracts/ServiceRegistry.sol... Compiling ./contracts/TokenRegulatorService.sol... Compiling ./contracts/TwoStepTransferableToken.sol... Compiling ./contracts/libraries/DateTime/DateTimeContract.sol... Compiling ./contracts/libraries/DateTime/DateTimeLibrary.sol... Compiling ./contracts/libraries/StringConverter.sol... Compiling ./contracts/mocks/ComplianceRegulatorServiceMock.sol... Compiling ./contracts/mocks/ComplianceRegulatorServiceUnitTestMock.sol... Compiling ./contracts/mocks/RegulatedTokenMock.sol... Compiling ./contracts/mocks/RegulatorServiceMock.sol... { Error: /Users/fer/Documents/PERSONAL/IOBUILDERS/em-token/contracts/BalanceConverter.sol:3:1: ParserError: Source "openzeppelin-solidity/contracts/math/SafeMath.sol" not found: File outside of allowed directories. import "openzeppelin-solidity/contracts/math/SafeMath.sol"; ^---------------------------------------------------------^ at CompileError.ExtendableError (/Users/fer/Documents/PERSONAL/IOBUILDERS/em-token/node_modules/truffle-error/index.js:10:17) at new CompileError (/Users/fer/Documents/PERSONAL/IOBUILDERS/em-token/node_modules/truffle-security/compat/truffle-compile/compileerror.js:12:23) at supplier.load.then.solc (/Users/fer/Documents/PERSONAL/IOBUILDERS/em-token/node_modules/truffle-security/compat/truffle-compile/index.js:280:11) message: '/Users/fer/Documents/PERSONAL/IOBUILDERS/em-token/contracts/BalanceConverter.sol:3:1: ParserError: Source "openzeppelin-solidity/contracts/math/SafeMath.sol" not found: File outside of allowed directories.\nimport "openzeppelin-solidity/contracts/math/SafeMath.sol";\n^---------------------------------------------------------^\n\u001b[31mCompilation failed. See above.\u001b[39m', stack: 'Error: /Users/fer/Documents/PERSONAL/IOBUILDERS/em-token/contracts/BalanceConverter.sol:3:1: ParserError: Source "openzeppelin-solidity/contracts/math/SafeMath.sol" not found: File outside of allowed directories.\nimport "openzeppelin-solidity/contracts/math/SafeMath.sol";\n^---------------------------------------------------------^\n at CompileError.ExtendableError (/Users/fer/Documents/PERSONAL/IOBUILDERS/em-token/node_modules/truffle-error/index.js:10:17)\n at new CompileError (/Users/fer/Documents/PERSONAL/IOBUILDERS/em-token/node_modules/truffle-security/compat/truffle-compile/compileerror.js:12:23)\n at supplier.load.then.solc (/Users/fer/Documents/PERSONAL/IOBUILDERS/em-token/node_modules/truffle-security/compat/truffle-compile/index.js:280:11)', name: 'CompileError' }

Whole log

[Ferparishuertas]

If you give me a gitlab user i grant u access

[tagomaru]

Here you are https://gitlab.com/tagomaru

[Ferparishuertas]

Invited ! :)

El El mié, 27 mar 2019 a las 0:32, Teruhiro Tagomori < notifications@github.com> escribió:

Here you are https://gitlab.com/tagomaru

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ConsenSys/truffle-security/issues/145#issuecomment-476894703, or mute the thread https://github.com/notifications/unsubscribe-auth/ABVyju1o_NKnuXA0pB6e8mqvQKF5KDkEks5vaq32gaJpZM4cMlXi .

-- [image: logo] https://io.builders/ io.builders http://io.builders/ Blockchain venture builder Fernando París Product Engineer (formerly CTO) • ioBUILDERS Mobile: +34 679 467 927 Parque Científico y Tecnológico UPM Campus de Montegancedo, s/n. 28223 Pozuelo de Alarcón, MADRID

[tagomaru]

@Ferparishuertas Thx! This worked by setting comilers.docker of truffle.js with false.

I guess this problem is related to access control around docker. If i found the root cause, let you know.

[tagomaru]

As memorandum for me and @rocky

Now truffle-security cannot support projects with docker and npm package like zeppelin.

Here, truffle-security sets one contract. If docker is used for compiling, it calls this command with --standard-json.

The command is never called with --allow-paths, mapping, and option -v of docker. That is why, this error might happen.

I could compile with the below command.

docker run -v $PWD:/tmp -i ethereum/solc:0.5.5 /tmp/contracts/TokenRegulatorService.sol --allow-paths openzeppelin-solidity openzeppelin-solidity=/tmp/node_modules/openzeppelin-solidity

On the other hand, truffle seems to pass all of source code with --json-starndard to docker here. So truffle compile succeeds since docker do not have to access npm package directory maybe.

This problem may be abled to be resolved by merging several contracts into one file as we discussed.

[rocky]

Can we detect when we have such a situation? If so, we should warn about being in such a situation.

Or perhaps, as we have done in the past, perhaps can replace and extend the particular truffle library function so that it does the kind of thing we need?

[tagomaru]

@rocky See the above explanation. If users choose docker as compiler and the contracts imports contracts of npm or EthPM package library, this can happen.

As I wrote, now truffle-security does not pass all of the source code for import to compiler unlike truffle compile. (you know just passing one source code for each contract)

[Ferparishuertas]

It works as you said with docker false

compilers: { solc: { version: '0.5.5', docker: false, settings: { optimizer: { enabled: true, runs: 200 }, emVersion: "byzantium" } }

[rocky]

Ok. Then a suggestion to improve truffle-security is that it can look for a docker: true setting in the truffle configuration. If compilation inside verify fails, it can then suggest to set docker:false

[Ferparishuertas]

Please let us know when it works with docker due it is quite faster compiling etc

thanks

[rocky]

@Ferparishuertas That may take a while because I believe this needs to be addressed in conjuction with changes on the MythX side and may even require an API change.

[Ferparishuertas]

Ok Thanks. Is it normal that it takes more than 10 minutes to execute? I just launched it 10 minutes ago and its stucked at

                  BalanceConverter |****************************************************************************************************| 100% || Elapsed: 57.5s ✓ completed
                          SafeMath |****************************************************************************************************| 100% || Elapsed: 53.1s ✓ completed
        ComplianceRegulatorService |****************************************************************************************************| 100% || Elapsed: 304.5s in progress...
                  PeriodCalculator |****************************************************************************************************| 100% || Elapsed: 55.4s ✓ completed
                  DateTimeContract |****************************************************************************************************| 100% || Elapsed: 53.0s ✓ completed
                   DateTimeLibrary |****************************************************************************************************| 100% || Elapsed: 63.0s ✓ completed
                   StringConverter |****************************************************************************************************| 100% || Elapsed: 65.3s ✓ completed
                           Ownable |****************************************************************************************************| 100% || Elapsed: 50.3s ✓ completed
       IComplianceRegulatorService |****************************************************************************************************| 100% || Elapsed: 51.7s ✓ completed
    ComplianceRegulatorServiceMock |****************************************************************************************************| 100% || Elapsed: 133.0s ✓ completed

ComplianceRegulatorServiceUnitTestMock |****| 100% || Elapsed: 55.9s ✓ completed EmoneyToken |****| 100% || Elapsed: 54.7s ✓ completed HoldableToken |****| 100% || Elapsed: 305.9s in progress... IRBACMigrator |**** | 16% || Elapsed: 47.9s in progress... MigratableEmoneyToken |****| 100% || Elapsed: 49.2s ✓ completed MigratableRegulatorService |****| 100% || Elapsed: 49.8s ✓ completed MigratorRole |****| 100% || Elapsed: 62.9s ✓ completed PayoutableToken |****| 100% || Elapsed: 50.4s ✓ completed RedeemableToken |****| 100% || Elapsed: 49.7s ✓ completed RegulatedToken |****| 100% || Elapsed: 59.0s ✓ completed RegulatorService |****| 100% || Elapsed: 49.3s ✓ completed ServiceRegistry |****| 100% || Elapsed: 49.6s ✓ completed TwoStepTransferableToken |****| 100% || Elapsed: 50.4s ✓ completed Roles |****| 100% || Elapsed: 55.5s ✓ completed MinterRole |****| 100% || Elapsed: 49.5s ✓ completed ERC20 |****| 100% || Elapsed: 51.2s ✓ completed ERC20Burnable |****| 100% || Elapsed: 53.7s ✓ completed ERC20Detailed |****| 100% || Elapsed: 50.1s ✓ completed IERC20 |****| 100% || Elapsed: 49.3s ✓ completed EmoneyTokenMigrator |****| 100% || Elapsed: 53.7s ✓ completed RegulatedTokenMock |****| 100% || Elapsed: 62.5s ✓ completed RegulatorServiceMock |****| 100% || Elapsed: 49.2s ✓ completed

[rocky]

This seems like a separate issue, so please open another issue so this can be tracked independently. Also narrowing the issue say to HoldableToken outside fo docker (and any other things that simplify) would speed things along too. Thanks.

[Ferparishuertas]

Done https://github.com/ConsenSys/truffle-security/issues/146

[rocky]

@Ferparishuertas please let us know if this fixes things using master. If not, then please reopen

[Ferparishuertas]

Yes . It works

El El jue, 28 mar 2019 a las 15:41, R. Bernstein notifications@github.com escribió:

@Ferparishuertas https://github.com/Ferparishuertas please let us know if this fixes things using master. If not, then please reopen

— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/ConsenSys/truffle-security/issues/145#issuecomment-477624262, or mute the thread https://github.com/notifications/unsubscribe-auth/ABVyji4NQtkMQxvAjb5j75cRl-uB9T7Qks5vbNSBgaJpZM4cMlXi .

-- [image: logo] https://io.builders/ io.builders http://io.builders/ Blockchain venture builder Fernando París Product Engineer (formerly CTO) • ioBUILDERS Mobile: +34 679 467 927 Parque Científico y Tecnológico UPM Campus de Montegancedo, s/n. 28223 Pozuelo de Alarcón, MADRID