search

eth-sri / securify

[DEPRECATED] Security Scanner for Ethereum Smart Contracts
Apache License 2.0
216 stars 50 forks source link

Docker image - couldn't give input path to run for. #79

Closed ahmetgul93 closed 5 years ago

ahmetgul93 commented 5 years ago

Hello,

I get Securify from dockerhub.

When I type docker run chainsecurity/securify, it works for project/example.sol.

However, when I run for these commands, $ docker run -v $(pwd)/C:\Users\asus\Desktop\SomeSolFiles:/project securify $ docker run -v $(pwd)/C:\Users\asus\Desktop\SomeSolFiles chainsecurity/securify $ docker run -v $(pwd)/C://Users//asus//Desktop//SomeSolFiles chainsecurity/securify $ docker run -v $(pwd)/c:\users\asus\desktop\somesolfiles chainsecurity/securify

I got repository must be lowercase error.

when I run for these commands, $ docker run -v "$PWD"/c:\users\asus\desktop\somesolfiles chainsecurity/securify invalid mount config for type "bind": invalid mount path: 'usersasusdesktopsomesolfiles' mount path must be absolute.

$ docker run -v "$PWD"/c:\users\asus\desktop\somesolfiles:/CallDepth chainsecurity/securify C:\Program Files\Docker Toolbox\docker.exe: Error response from daemon: invalid mode: /CallDepth.

$ docker run -v "$PWD":/c:/users/asus/desktop/somesolfiles chainsecurity/securify C:\Program Files\Docker Toolbox\docker.exe: Error response from daemon: invalid mode: /users/asus/desktop/somesolfiles.

To sum up, I could not run securify to scan my solidity file or folder.

Could you please help me what I kind of command I should type to run it ?

Thanks in advance.

hiqua commented 5 years ago

You seem to be using Windows, correct? $PWD or $(pwd) are supposed to return the current working directory, but if you already type it fully (C:\ ...) you should not need it. The issue seems to be how to mount a directory with docker with Windows, have you already done that successfully in the past?

I just managed to run the image from dockerhub successfully using -v, so this shouldn't be the issue.

hiqua commented 5 years ago

Closing because of inactivity, please reopen with more details if the issue is still there!

Ghagini commented 5 years ago

I have the same issue. I use the Ubuntu 18.10, Docker version is 18.09.2, When I type "docker run securify" I can get the report of the /project/example.sol. But when I try the command "docker run -v $(pwd)/:/mysol.sol securify" it still reports the result of /project/example.sol. Could you tell me the command I could type to scan my solidity file?

hiqua commented 5 years ago

You need to put your file in a folder and mount this folder, rather than the file itself. Let me know if that works!

Ghagini commented 5 years ago

I tried to put mysol in a folder but the command doesn't work either.But I can scan mysol by change the command in Dockerfile. I have a new question is that can the securify find out the timestamp-dependency in solidity files? Because I scan the test file "random_number_generator.sol" in securify-master\src\test\resources\solidity\end_to_end_testing_big\swc\weak_randomness\, the securify reports neither Violation nor Warning.