no-fail CI option seems to conflict with config file exclude_informational
#38
Comments
|
HI @0xCLARITY, thanks for the report! With the current implementation in Slither, fail-pedantic is mutually exclusive with exclude-informational and exclude-optimization, on the rationale that asking slither to fail on anything >= informational and then excluding informational findings does not make much sense (although it's unfortunate that optimizations and informationals are combined on that level). If you have any feedback or ideas to share on how to improve the situation, crytic/slither#1408 would be the best place for it. As for a way forward for your use case at this time, have you considered using {
/* this is the default level, so disable it */
"fail_pedantic": false,
/* and enable other higher level, eg. low */
"fail_low": true,
/* and exclude informational */
"exclude_informational": true,
/* other options */
/* ... */
} |
|
That worked! Thank you for the guidance for how to work with the current implementation of I'll close this issue out. |
This change implements the information provided in these slither issues: crytic/slither#1408 crytic/slither-action#38 Apparently 'fail_pedantic' defaults to true, which overrides the 'exclude_*' settings and causes failures on optimization and informational severity findings. As is this config should: 1. Fail only on High severity findings 2. Print Medium severity findings but not fail on them. This commit also deletes the findings in the slither db which were less than high severity. They are now simply ignored via this corrected config.
This change implements the information provided in these slither issues: crytic/slither#1408 crytic/slither-action#38 Apparently 'fail_pedantic' defaults to true, which overrides the 'exclude_*' settings and causes failures on optimization and informational severity findings. As is this config should: 1. Fail only on High severity findings 2. Print Medium severity findings but not fail on them. This commit also deletes the findings in the slither db which were less than high severity. They are now simply ignored via this corrected config.
I have a slither config file that looks like this:
{ "detectors_to_exclude": "timestamp,uninitialized-local,variable-scope", "exclude_dependencies": true, "exclude_informational": true, "solc": "0.8.17", "filter_paths": "lib", "solc_remaps": ["ds-test/=lib/ds-test/src/", "forge-std/=lib/forge-std/src/"] }With Slither 0.9.0, even running slither locally, I seem to need to pass the
--no-fail-pedanticflag to get it to properly parse theexclude_informationalflag in the config file as described here: crytic/slither#1408In a fork of
slither-action, I tried echoing the--no-fail-pedanticflag if thefail-onwas set toconfig:This does get it to parse the
exclude_informationalflag in the config file but it incorrectly marks CI as successful even when I have a high severity failure (in my test case, I have some assembly that triggers https://github.com/crytic/slither/wiki/Detector-Documentation#incorrect-shift-in-assembly).Any ideas on what the fix is here? Or do I need to rearrange my config file / CI setup to adhere to the newest version of Slither?
The text was updated successfully, but these errors were encountered: