search

eth-sri / securify

[DEPRECATED] Security Scanner for Ethereum Smart Contracts
Apache License 2.0
216 stars 50 forks source link

Build improvements #84

Closed hiqua closed 5 years ago

hiqua commented 5 years ago

Closes #83. Closes #62.

ghost commented 5 years ago

DeepCode analyzed this pull request. There are 2 new info reports.

Click to see more details.

ghost commented 5 years ago

DeepCode analyzed this pull request. There is 1 new info report.

Click to see more details.

hiqua commented 5 years ago

LGTM.

Is the version supposed to appear somewhere in the output?

Yes, with --json.

ritzdorf commented 5 years ago

LGTM. Is the version supposed to appear somewhere in the output?

Yes, with --json.

Thanks. That is what I expected, but it somehow didn't happen. Let me rebuild again.

ritzdorf commented 5 years ago

The reason was that I was still running the old commands. Should we update the README to say securify.jar instead of securify-0.1.jar?

hiqua commented 5 years ago

The reason was that I was still running the old commands. Should we update the README to say securify.jar instead of securify-0.1.jar?

Ah yes it's not so nice that we can now end up with two .jar. I think having securify.jar as a default filename is better, and we then don't have to update the documentation, and it gets overwritten properly when we rebuild.

ghost commented 5 years ago

DeepCode analyzed this pull request. There is 1 new info report.1 info report was fixed.

Click to see more details.

ritzdorf commented 5 years ago

Not sure if it is as a result of this PR, but 

java -jar build/libs/securify.jar -fh src/test/resources/solidity/transaction-reordering.bin.hex --json -o /tmp/test.json

seems to produce no output for me. Is this expected?

hiqua commented 5 years ago

Not sure if it is as a result of this PR, but

java -jar build/libs/securify.jar -fh src/test/resources/solidity/transaction-reordering.bin.hex --json -o /tmp/test.json

seems to produce no output for me. Is this expected?

--json was never made compatible with -fh, I can add checks in the argument parser to prevent this from failing silently.

ritzdorf commented 5 years ago

Not sure if it is as a result of this PR, but

java -jar build/libs/securify.jar -fh src/test/resources/solidity/transaction-reordering.bin.hex --json -o /tmp/test.json

seems to produce no output for me. Is this expected?

--json was never made compatible with -fh, I can add checks in the argument parser to prevent this from failing silently.

Just asking because:

java -jar build/libs/securify.jar -fh src/test/resources/solidity/transaction-reordering.bin.hex

(as it is in the README) seems to generate no output or result.

hiqua commented 5 years ago

Yes it's only stored in some temporary file in this case. I'll just output its content instead.

ritzdorf commented 5 years ago

Yes it's only stored in some temporary file in this case. I'll just output its content instead.

I was just wondering what the expected output of that README command is, because at the moment it doesn't produce any visible output.

ghost commented 5 years ago

DeepCode analyzed this pull request. There are no new issues.1 info report was fixed.

Click to see more details.