audit

package
v0.3.7 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 31, 2024 License: Apache-2.0 Imports: 13 Imported by: 2

Documentation

Overview

Package audit provides a comprehensive suite of tools for auditing smart contracts. It integrates with the Slither static analysis tool to facilitate in-depth contract analysis and ensures best practices in contract development.

Index

Constants

This section is empty.

Variables

View Source 
var (
	// ErrSlitherNotInstalled is returned when slither is not installed on the machine
	ErrSlitherNotInstalled = errors.New("slither is not installed - please install slither using `pip3 install slither-analyzer`")

	// ErrTempDirNotSet is returned when temp directory is not set
	ErrTempDirNotSet = errors.New("directory where contracts will be temporary stored is not set")

	// ErrSourcesNotSet is returned when sources are not set
	ErrSourcesNotSet = errors.New("sources are not set")
)

Functions

This section is empty.

Types

type AdditionalFields 

type AdditionalFields struct {
	UnderlyingType string `json:"underlying_type"`         // Underlying type of the element.
	VariableName   string `json:"variable_name,omitempty"` // Name of the variable, if applicable.
}

AdditionalFields provides additional information about an element.

func (*AdditionalFields) ToProto 

func (af *AdditionalFields) ToProto() *audit_pb.AdditionalFields

ToProto converts the AdditionalFields struct to its protobuf representation.

type Auditor 

type Auditor struct {
	// contains filtered or unexported fields
}

Auditor represents a structure that manages the auditing process of smart contracts using the Slither tool.

func NewAuditor 

func NewAuditor(ctx context.Context, compiler *solc.Solc, config *Config, sources *solgo.Sources) (*Auditor, error)

NewAuditor initializes a new Auditor instance with the provided context, configuration, and sources. It ensures that the Slither tool is properly initialized and that the sources are prepared for analysis.

func (*Auditor) Analyze 

func (a *Auditor) Analyze() (*Report, error)

Analyze performs an analysis of the smart contracts using the Slither tool. It returns the analysis response or an error if the analysis fails.

func (*Auditor) GetConfig 

func (a *Auditor) GetConfig() *Config

GetConfig returns the configuration used by the Auditor.

func (*Auditor) GetSlither 

func (a *Auditor) GetSlither() *Slither

GetSlither returns the instance of the Slither tool used by the Auditor.

func (*Auditor) GetSources 

func (a *Auditor) GetSources() *solgo.Sources

GetSources returns the smart contract sources managed by the Auditor.

func (*Auditor) IsReady 

func (a *Auditor) IsReady() bool

IsReady checks if the Auditor is ready to perform an analysis. It ensures that the Slither tool is installed and that the sources are prepared.

type Config 

type Config struct {
	Arguments       []string // Arguments to pass to the Slither tool.
	CompilerVersion string   // Compiler version to use.
	// contains filtered or unexported fields
}

Config represents the configuration for the Slither tool.

func NewDefaultConfig 

func NewDefaultConfig(tempDir string) (*Config, error)

NewDefaultConfig creates and returns a default configuration for Slither. It checks if the provided tempDir exists and initializes the default arguments.

func (*Config) AppendArguments 

func (c *Config) AppendArguments(args ...string)

AppendArguments appends new arguments to the existing set of arguments.

func (*Config) GetArguments 

func (c *Config) GetArguments() []string

GetArguments returns the arguments to be passed to the Slither tool.

func (*Config) GetCompilerVersion added in v0.3.1 

func (c *Config) GetCompilerVersion() string

GetCompilerVersion returns the compiler version to use.

func (*Config) GetTempDir 

func (c *Config) GetTempDir() string

GetTempDir returns the directory used to store temporary contract files.

func (*Config) SanitizeArguments 

func (c *Config) SanitizeArguments(args []string) ([]string, error)

SanitizeArguments sanitizes the provided arguments against a list of allowed arguments. Returns an error if any of the provided arguments are not in the allowed list.

func (*Config) SetArguments 

func (c *Config) SetArguments(args []string)

SetArguments sets the arguments to be passed to the Slither tool.

func (*Config) SetCompilerVersion added in v0.3.1 

func (c *Config) SetCompilerVersion(version string)

SetCompilerVersion sets the compiler version to use.

func (*Config) Validate 

func (c *Config) Validate() error

Validate checks if the current configuration's arguments are valid. It ensures that all required arguments are present.

type Detector 

type Detector struct {
	Elements             []Element `json:"elements"`               // Elements associated with the detected issue.
	Description          string    `json:"description"`            // Description of the detected issue.
	Markdown             string    `json:"markdown"`               // Markdown formatted description of the detected issue.
	FirstMarkdownElement string    `json:"first_markdown_element"` // The first markdown element related to the issue.
	ID                   string    `json:"id"`                     // Unique identifier for the detected issue.
	Check                string    `json:"check"`                  // The type or category of the detected issue.
	Impact               string    `json:"impact"`                 // The impact level of the detected issue.
	Confidence           string    `json:"confidence"`             // The confidence level of the detected issue.
}

Detector represents a single detected vulnerability or issue.

func (*Detector) ToProto 

func (d *Detector) ToProto() *audit_pb.Detector

ToProto converts the Detector struct to its protobuf representation.

type Element 

type Element struct {
	Type               string             `json:"type"`                        // Type of the element (e.g., "function", "contract").
	Name               string             `json:"name"`                        // Name of the element.
	SourceMapping      SourceMapping      `json:"source_mapping"`              // Source mapping details for the element.
	TypeSpecificFields TypeSpecificFields `json:"type_specific_fields"`        // Specific fields related to the element type.
	Signature          string             `json:"signature,omitempty"`         // Signature of the element, if applicable.
	AdditionalFields   *AdditionalFields  `json:"additional_fields,omitempty"` // Additional fields associated with the element.
}

Element represents a specific element (e.g., function, contract) associated with a detected issue.

func (*Element) ToProto 

func (e *Element) ToProto() *audit_pb.Element

ToProto converts the Element struct to its protobuf representation.

type ImpactLevel 

type ImpactLevel string

ImpactLevel represents the severity of a detected issue in the audit results. 

const (
	ImpactHigh   ImpactLevel = "High"          // Represents high severity issues.
	ImpactMedium ImpactLevel = "Medium"        // Represents medium severity issues.
	ImpactLow    ImpactLevel = "Low"           // Represents low severity issues.
	ImpactInfo   ImpactLevel = "Informational" // Represents informational findings.
)

Predefined impact levels representing the severity of detected issues.

func (ImpactLevel) String 

func (i ImpactLevel) String() string

String returns the string representation of the ImpactLevel.

type Report 

type Report struct {
	Success bool     `json:"success"` // Indicates the success status of the audit.
	Error   string   `json:"error"`   // Contains any error messages, if present.
	Results *Results `json:"results"` // Contains the results of the audit.
}

Report represents the top-level structure of the Slither JSON output.

func NewResponse 

func NewResponse(data []byte) (*Report, error)

NewResponse parses the provided JSON data (typically from Slither) and returns a structured Response object. If the data is not valid JSON or does not match the expected structure, an error is returned.

func (*Report) CountByImpactLevel 

func (r *Report) CountByImpactLevel() map[ImpactLevel]int

CountByImpactLevel counts the number of detectors for each impact level and returns a map of impact levels to their respective counts.

func (*Report) DetectorsByCheck 

func (r *Report) DetectorsByCheck(checkType string) []Detector

DetectorsByCheck filters the audit results based on a specified check type and returns a list of detectors that match the given check.

func (*Report) ElementsByType 

func (r *Report) ElementsByType(elementType string) []Element

ElementsByType retrieves all elements of a specified type from the audit results.

func (*Report) FilterDetectorsByImpact 

func (r *Report) FilterDetectorsByImpact(impact ImpactLevel) []Detector

FilterDetectorsByImpact filters the audit results based on the specified impact level and returns a list of detectors that match the given level.

func (*Report) GetError 

func (r *Report) GetError() string

GetError returns the error message associated with the vulnerability report.

func (*Report) GetResults 

func (r *Report) GetResults() *Results

GetResults returns the Results struct associated with the vulnerability report.

func (*Report) HasError 

func (r *Report) HasError() bool

HasError determines if the audit response contains any error messages.

func (*Report) HasIssues 

func (r *Report) HasIssues() bool

HasIssues determines if the audit response contains any detected issues or vulnerabilities.

func (*Report) HighConfidenceDetectors 

func (r *Report) HighConfidenceDetectors() []Detector

HighConfidenceDetectors filters the audit results to return only those detectors that have a high confidence level.

func (*Report) IsSuccess 

func (r *Report) IsSuccess() bool

IsSuccess returns true if the vulnerability report was generated successfully.

func (*Report) ToProto 

func (r *Report) ToProto() *audit_pb.Report

ToProto converts the Report struct to its protobuf representation.

func (*Report) UniqueImpactLevels 

func (r *Report) UniqueImpactLevels() []string

UniqueImpactLevels identifies and returns a list of unique impact levels present in the audit results.

type Results 

type Results struct {
	Detectors []Detector `json:"detectors"` // List of detected vulnerabilities or issues.
}

Results encapsulates the list of detected vulnerabilities or issues.

func (*Results) GetDetectors 

func (r *Results) GetDetectors() []Detector

GetDetectors returns the list of detected vulnerabilities or issues.

func (*Results) ToProto 

func (r *Results) ToProto() *audit_pb.Results

ToProto converts the Results struct to its protobuf representation.

type Slither 

type Slither struct {
	// contains filtered or unexported fields
}

Slither represents a wrapper around the Slither static analysis tool.

func NewSlither 

func NewSlither(ctx context.Context, compiler *solc.Solc, config *Config) (*Slither, error)

NewSlither initializes a new Slither instance with the given context and configuration. It checks for the presence of Slither on the machine and returns an error if not found.

func (*Slither) Analyze 

func (s *Slither) Analyze(sources *solgo.Sources) (*Report, []byte, error)

Analyze performs a static analysis on the given sources using Slither. It writes the sources to a temporary directory, runs Slither, and then cleans up. Returns the analysis response, raw output, and any errors encountered.

func (*Slither) IsInstalled 

func (s *Slither) IsInstalled() bool

IsInstalled checks if Slither is installed on the machine by querying its version. Returns true if installed, false otherwise.

func (*Slither) Version 

func (s *Slither) Version() (string, error)

Version retrieves the installed version of Slither. Returns the version string or an error if unable to determine the version.

type SourceMapping 

type SourceMapping struct {
	Start            int     `json:"start"`             // Start position in the source code.
	Length           int     `json:"length"`            // Length of the code segment.
	FilenameRelative string  `json:"filename_relative"` // Relative path to the source file.
	FilenameAbsolute string  `json:"filename_absolute"` // Absolute path to the source file.
	FilenameShort    string  `json:"filename_short"`    // Short name of the source file.
	IsDependency     bool    `json:"is_dependency"`     // Indicates if the element is a dependency.
	Lines            []int32 `json:"lines"`             // Line numbers associated with the code segment.
	StartingColumn   int     `json:"starting_column"`   // Starting column of the code segment.
	EndingColumn     int     `json:"ending_column"`     // Ending column of the code segment.
}

SourceMapping provides details about the source code location of an element.

func (*SourceMapping) ToProto 

func (sm *SourceMapping) ToProto() *audit_pb.SourceMapping

ToProto converts the SourceMapping struct to its protobuf representation.

type TypeSpecificFields 

type TypeSpecificFields struct {
	Parent    *Element `json:"parent"`              // Parent element, if applicable.
	Directive []string `json:"directive,omitempty"` // Directive associated with the element, if applicable.
}

TypeSpecificFields contains fields that are specific to the type of an element.

func (*TypeSpecificFields) ToProto 

func (tsf *TypeSpecificFields) ToProto() *audit_pb.TypeSpecificFields

ToProto converts the TypeSpecificFields struct to its protobuf representation.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.