search

crytic / slither

Static Analyzer for Solidity and Vyper
https://blog.trailofbits.com/2018/10/19/slither-a-solidity-static-analysis-framework/
GNU Affero General Public License v3.0
5.15k stars 946 forks source link

[Bug-Candidate]: `--solc-ast` flag does nothing and all #2501

Open DanielForTests opened 2 weeks ago

DanielForTests commented 2 weeks ago

Describe the issue:

The --help command claims you can use the flag --solc-ast to provide a contract as a json AST, however it does not do anything at all.

Code example to reproduce the issue:

https://github.com/DanielForTests/foundry_without_packages

Version:

0.10.3

Relevant log output:

(slither_venv) root@16f58c7174fd:/script/workspace/app# slither --solc-ast father-ast.json                                                                                                                                                   'forge config --json' running                                                                                                                                                                                                                Traceback (most recent call last):                                                                                                                                                                                                             File "/slither_venv/lib/python3.10/site-packages/slither/slither.py", line 135, in __init__                                                                                                                                                    crytic_compile = CryticCompile(target, **kwargs)                                                                                                                                                                                           File "/slither_venv/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 211, in __init__                                                                                                                                      self._compile(**kwargs)                                                                                                                                                                                                                    File "/slither_venv/lib/python3.10/site-packages/crytic_compile/crytic_compile.py", line 633, in _compile                                                                                                                                      self._platform.compile(self, **kwargs)                                                                                                                                                                                                     File "/slither_venv/lib/python3.10/site-packages/crytic_compile/platform/solc.py", line 151, in compile                                                                                                                                        targets_json = _get_targets_json(compilation_unit, self._target, **kwargs)                                                                                                                                                                 File "/slither_venv/lib/python3.10/site-packages/crytic_compile/platform/solc.py", line 280, in _get_targets_json                                                                                                                              return _run_solc(                                                                                                                                                                                                                          File "/slither_venv/lib/python3.10/site-packages/crytic_compile/platform/solc.py", line 494, in _run_solc                                                                                                                                      raise InvalidCompilation(f"{filename} is not the expected format '.sol'")                                                                                                                                                                crytic_compile.platform.exceptions.InvalidCompilation: father-ast.json is not the expected format '.sol'                                                                                                                                                                                                                                                                                                                                                                                  During handling of the above exception, another exception occurred:                                                                                                                                                                                                                                                                                                                                                                                                                       Traceback (most recent call last):                                                                                                                                                                                                             File "/slither_venv/lib/python3.10/site-packages/slither/__main__.py", line 875, in main_impl                                                                                                                                                  ) = process_single(filename, args, detector_classes, printer_classes)                                                                                                                                                                      File "/slither_venv/lib/python3.10/site-packages/slither/__main__.py", line 80, in process_single                                                                                                                                              slither = Slither(target, ast_format=ast, **vars(args))                                                                                                                                                                                    File "/slither_venv/lib/python3.10/site-packages/slither/slither.py", line 139, in __init__                                                                                                                                                    raise SlitherError(f"Invalid compilation: \n{str(e)}")                                                                                                                                                                                   slither.exceptions.SlitherError: Invalid compilation:                                                                                                                                                                                        father-ast.json is not the expected format '.sol'                                                                                                                                                                                            ERROR:root:Error:                                                                                                                                                                                                                            ERROR:root:Invalid compilation:                                                                                                                                                                                                              father-ast.json is not the expected format '.sol'                                                                                                                                                                                            ERROR:root:Please report an issue to https://github.com/crytic/slither/issues                                                                                                                                                                (slither_venv) root@16f58c7174fd:/script/workspace/app# slither src/Father.sol --solc-ast father-ast.json                                                                                                                                    usage: slither target [flag]                                                                                                                                                                                                                                                                                                                                                                                                                                                              target can be:                                                                                                                                                                                                                                       - file.sol // a Solidity file                                                                                                                                                                                                                - project_directory // a project directory. See https://github.com/crytic/crytic-compile/#crytic-compile for the supported platforms                                                                                                         - 0x.. // a contract on mainnet                                                                                                                                                                                                              - NETWORK:0x.. // a contract on a different network. Supported networks: mainet,optim,goerli,sepolia,tobalaba,bsc,testnet.bsc,arbi,testnet.arbi,poly,mumbai,avax,testnet.avax,ftm,goerli.base,base,gno,polyzk,blast                  slither: error: unrecognized arguments: father-ast.json
0xalpharush commented 2 weeks ago

The flag should probably be removed unless we re-add support (see https://github.com/crytic/crytic-compile/issues/187). Slither needs to perform a full semantic analysis of contracts referenced in an AST and requiring a user to determine the necessary JSON artifacts sounds like it would be difficult to use. What is your use case? Perhaps we can offer an alternative

RaresGeo commented 1 week ago

My mistake, I opened the issue from the wrong account. That's me.

I see, so it was removed and is no longer available. I wanted to use it for analyzing individual contracts. Currently, you can only reduce the scope to files, but a file File.sol might contain two contracts contract ContractA and contract ContractB that are completely separate "root contracts" (i.e. they are not inherited by anything else and are the final contracts meant for deployment)

I want to be able to analyze just ContractA if I want to. I know this is a pretty rare use case, but our platform demands it. I think what I will have to do is parse the AST of the entire project, determine a sort of dependency/inheritance graph and using those filter out the issues from the json output of slither which are not related to the contract I want reviewed.

RaresGeo commented 1 week ago

Just as things are currently, analyzing a single file is quite buggy regardless. If the project uses foundry for example, slither . works just fine but specifying a contract makes slither get the wrong evm version (always chooses paris) if foundry.toml doesn't specify an exact solc_version,. Thankfully I can work around this