search

crytic / crytic-compile

Abstraction layer for smart contract build systems
GNU Affero General Public License v3.0
155 stars 84 forks source link

File outside of allowed directories. #300

Closed sjkelleyjr closed 1 year ago

sjkelleyjr commented 2 years ago

Any idea what's going on here?

slither-read-storage 0x000b132de68df10dda92294e897bdb43d7f5e439 --variable-name _initialized --rpc-url $ETH_RPC_URL --etherscan-apikey $ETHERSCAN_API_KEY
Traceback (most recent call last):
  File "/Library/Python/3.8/site-packages/slither/slither.py", line 91, in __init__
    crytic_compile = CryticCompile(target, **kwargs)
  File "/Library/Python/3.8/site-packages/crytic_compile/crytic_compile.py", line 117, in __init__
    self._compile(**kwargs)
  File "/Library/Python/3.8/site-packages/crytic_compile/crytic_compile.py", line 548, in _compile
    self._platform.compile(self, **kwargs)
  File "/Library/Python/3.8/site-packages/crytic_compile/platform/etherscan.py", line 358, in compile
    solc_standard_json.standalone_compile(filenames, compilation_unit, working_dir=working_dir)
  File "/Library/Python/3.8/site-packages/crytic_compile/platform/solc_standard_json.py", line 65, in standalone_compile
    targets_json = run_solc_standard_json(
  File "/Library/Python/3.8/site-packages/crytic_compile/platform/solc_standard_json.py", line 179, in run_solc_standard_json
    raise InvalidCompilation(solc_exception_str)
crytic_compile.platform.exceptions.InvalidCompilation: IOError: Cannot import url ("crytic-export/etherscan-contracts/0x000b132de68df10dda92294e897bdb43d7f5e439-Forwarder.sol"): File outside of allowed directories.

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/local/bin/slither-read-storage", line 8, in <module>
    sys.exit(main())
  File "/Library/Python/3.8/site-packages/slither/tools/read_storage/__main__.py", line 122, in main
    slither = Slither(target, **vars(args))
  File "/Library/Python/3.8/site-packages/slither/slither.py", line 95, in __init__
    raise SlitherError(f"Invalid compilation: \n{str(e)}")
slither.exceptions.SlitherError: Invalid compilation:
IOError: Cannot import url ("crytic-export/etherscan-contracts/0x000b132de68df10dda92294e897bdb43d7f5e439-Forwarder.sol"): File outside of allowed directories.

The contract source is in my crytic-export/etherscan-contracts/ directory.

sjkelleyjr commented 2 years ago

Other contracts like 0x009febffa37ee0fd60f2a91743e320294b81840a are working fine.

0xalpharush commented 2 years ago

@elopez Is this related to https://github.com/crytic/crytic-compile/pull/260

elopez commented 2 years ago

@0xalpharush I don't think so. crytic-compile ends up running the following:

echo '{"language": "Solidity", "sources": {"crytic-export/etherscan-contracts/0x000b132de68df10dda92294e897bdb43d7f5e439-Forwarder.sol": {"urls": ["crytic-export/etherscan-contracts/0x000b132de68df10dda92294e897bdb43d7f5e439-Forwarder.sol"]}}, "settings": {"remappings": [], "optimizer": {"enabled": true, "runs": 200}, "outputSelection": {"*": {"*": ["abi", "metadata", "devdoc", "userdoc", "evm.bytecode", "evm.deployedBytecode"], "": ["ast"]}}}}' | solc --standard-json --allow-paths .

It does so with solc 0.4.16 (as indicated by etherscan) which throws

{"contracts":{},"errors":[{"component":"general","formattedMessage":"Cannot import url (\"crytic-export/etherscan-contracts/0x000b132de68df10dda92294e897bdb43d7f5e439-Forwarder.sol\"): File outside of allowed directories.","message":"Cannot import url (\"crytic-export/etherscan-contracts/0x000b132de68df10dda92294e897bdb43d7f5e439-Forwarder.sol\"): File outside of allowed directories.","severity":"error","type":"IOError"}],"sources":{}}

0.4.17 causes the same error. But if you force 0.4.18, it works fine:

venv/bin/crytic-compile 0x000b132de68df10dda92294e897bdb43d7f5e439 --solc venv/.solc-select/artifacts/solc-0.4.18/solc-0.4.18
WARNING:CryticCompile:Warning: crytic-export/etherscan-contracts/0x000b132de68df10dda92294e897bdb43d7f5e439-Forwarder.sol:9:3: Warning: No visibility specified. Defaulting to "public".
  function transfer(address _to, uint256 _value) returns (bool success);
  ^--------------------------------------------------------------------^

Warning: crytic-export/etherscan-contracts/0x000b132de68df10dda92294e897bdb43d7f5e439-Forwarder.sol:11:3: Warning: No visibility specified. Defaulting to "public".
  function balanceOf(address _owner) constant returns (uint256 balance);
  ^--------------------------------------------------------------------^
  (...)

So it looks like the allowed paths handling might have been buggy or behaved differently on earlier solc versions?

I noticed that if you pass a full path (ie an expanded $PWD) instead of .. it also works on the earlier solc versions. Maybe we can do that to work around the buggy solc versions?

cameel commented 2 years ago

Yes, --allow-paths used to be buggy and very inconsistent, especially regarding relative paths. That was fixed only in 0.8.8. See details in https://github.com/ethereum/solidity/pull/11688.

For example with --allow-paths . the main problem is that the compiler did not always expand paths and even then they were not always properly normalized so relative paths weren't always recognized as matching the pattern.