Merge branch 'fix/references-high-level-call' into feat/virtual-overr…

…ide-with-refs

.github/workflows/linter.yml

@@ -45,7 +45,7 @@ jobs:
           echo "::add-matcher::.github/workflows/matchers/yamllint.json"
 
       - name: Lint everything else
-        uses: super-linter/super-linter/slim@v4.9.2
+        uses: super-linter/super-linter/slim@v6.1.1
         if: always()
         env:
           # run linter on everything to catch preexisting problems
@@ -58,14 +58,16 @@ jobs:
           VALIDATE_PYTHON_BLACK: false
           VALIDATE_PYTHON_ISORT: false
           VALIDATE_JSON: false
+          VALIDATE_JAVASCRIPT_ES: false
           VALIDATE_JAVASCRIPT_STANDARD: false
           VALIDATE_PYTHON_FLAKE8: false
           VALIDATE_DOCKERFILE: false
           VALIDATE_DOCKERFILE_HADOLINT: false
           VALIDATE_EDITORCONFIG: false
           VALIDATE_JSCPD: false
           VALIDATE_PYTHON_MYPY: false
-          # Until we upgrade the super linter for actionlintÒ
-          VALIDATE_GITHUB_ACTIONS: false
+          VALIDATE_CHECKOV: false
+          # TODO: consider enabling
+          VALIDATE_SHELL_SHFMT: false
           SHELLCHECK_OPTS: "-e SC1090"
           FILTER_REGEX_EXCLUDE: .*tests/.*.(json|zip|sol)

.github/workflows/pylint.yml

@@ -43,7 +43,7 @@ jobs:
           echo "::add-matcher::.github/workflows/matchers/pylint.json"
 
       - name: Pylint
-        uses: super-linter/super-linter/slim@v4.9.2
+        uses: super-linter/super-linter/slim@v6.1.1
         if: always()
         env:
           # Run linters only on new files for pylint to speed up the CI

.github/workflows/test.yml

@@ -80,11 +80,11 @@ jobs:
         # Only run coverage on ubuntu-latest.
         run: |
           if [ ${{ matrix.os }} = "ubuntu-latest" ]; then
-            TEST_ARGS="--cov=slither --cov-append"
+            TEST_ARGS=(--cov=slither --cov-append)
           elif [ ${{ matrix.os }} = "windows-2022" ]; then
-            TEST_ARGS=""
+            TEST_ARGS=()
           fi
-          bash "./.github/scripts/${TEST_TYPE}_test_runner.sh" $TEST_ARGS
+          bash "./.github/scripts/${TEST_TYPE}_test_runner.sh" "${TEST_ARGS[@]}"
 
 
       - name: Upload coverage
@@ -119,5 +119,5 @@ jobs:
         run: |
           set +e
           python -m coverage combine
-          echo "## python coverage" >> $GITHUB_STEP_SUMMARY
-          python -m coverage report -m --format=markdown >> $GITHUB_STEP_SUMMARY
+          echo "## python coverage" >> "$GITHUB_STEP_SUMMARY"
+          python -m coverage report -m --format=markdown >> "$GITHUB_STEP_SUMMARY"

CONTRIBUTING.md

@@ -6,15 +6,15 @@ If you're unsure where to start, we recommend our [`good first issue`](https://g
 
 ## Bug reports and feature suggestions
 
-Bug reports and feature suggestions can be submitted to our issue tracker. For bug reports, attaching the contract that caused the bug will help us in debugging and resolving the issue quickly. If you find a security vulnerability, do not open an issue; email [email protected] instead.
+Bug reports and feature suggestions can be submitted to our issue tracker. For bug reports, attaching the contract that caused the bug will help us in debugging and resolving the issue quickly. If you find a security vulnerability, do not open an issue; email <[email protected]> instead.
 
 ## Questions
 
 Questions can be submitted to the "Discussions" page, and you may also join our [chat room](https://empireslacking.herokuapp.com/) (in the #ethereum channel).
 
 ## Code
 
-Slither uses the pull request contribution model. Please make an account on Github, fork this repo, and submit code contributions via pull request. For more documentation, look [here](https://guides.github.com/activities/forking/).
+Slither uses the pull request contribution model. Please make an account on GitHub, fork this repository, and submit code contributions via pull request. For more documentation, look [here](https://guides.github.com/activities/forking/).
 
 Some pull request guidelines:
 
@@ -63,7 +63,7 @@ To automatically reformat the code:
 
 - `make reformat`
 
-We use pylint `2.13.4`, black `22.3.0`.
+We use pylint `3.0.3`, black `22.3.0`.
 
 ### Testing
 
@@ -82,7 +82,7 @@ For each new detector, at least one regression tests must be present.
 1. Create a folder in `tests/e2e/detectors/test_data` with the detector's argument name.
 2. Create a test contract in `tests/e2e/detectors/test_data/<detector_name>/`.
 3. Update `ALL_TESTS` in `tests/e2e/detectors/test_detectors.py`.
-4. Run `python tests/e2e/detectors/test_detectors.py --compile` to create a zip file of the compilation artifacts.
+4. Run `python tests/e2e/detectors/test_detectors.py --compile` to create a ZIP file of the compilation artifacts.
 5. `pytest tests/e2e/detectors/test_detectors.py --insta update-new`. This will generate a snapshot of the detector output in `tests/e2e/detectors/snapshots/`. If updating an existing detector, run `pytest tests/e2e/detectors/test_detectors.py --insta review` and accept or reject the updates.
 6. Run `pytest tests/e2e/detectors/test_detectors.py` to ensure everything worked. Then, add and commit the files to git.
 

README.md

@@ -288,16 +288,16 @@ Slither is licensed and distributed under the AGPLv3 license. [Contact us](mailt
 
 Title | Usage | Authors | Venue | Code
 --- | --- | --- | --- | ---
-[ReJection: A AST-Based Reentrancy Vulnerability Detection Method](https://www.researchgate.net/publication/339354823_ReJection_A_AST-Based_Reentrancy_Vulnerability_Detection_Method) | AST-based analysis built on top of Slither | Rui Ma, Zefeng Jian, Guangyuan Chen, Ke Ma, Yujia Chen | CTCIS 19
+[ReJection: A AST-Based Reentrancy Vulnerability Detection Method](https://www.researchgate.net/publication/339354823_ReJection_A_AST-Based_Reentrancy_Vulnerability_Detection_Method) | AST-based analysis built on top of Slither | Rui Ma, Zefeng Jian, Guangyuan Chen, Ke Ma, Yujia Chen | CTCIS 19 | -
 [MPro: Combining Static and Symbolic Analysis forScalable Testing of Smart Contract](https://arxiv.org/pdf/1911.00570.pdf) | Leverage data dependency through Slither | William Zhang, Sebastian Banescu, Leodardo Pasos, Steven Stewart, Vijay Ganesh | ISSRE 2019 | [MPro](https://github.com/QuanZhang-William/M-Pro)
-[ETHPLOIT: From Fuzzing to Efficient Exploit Generation against Smart Contracts](https://wcventure.github.io/FuzzingPaper/Paper/SANER20_ETHPLOIT.pdf) | Leverage data dependency through Slither | Qingzhao Zhang, Yizhuo Wang, Juanru Li, Siqi Ma | SANER 20
-[Verification of Ethereum Smart Contracts: A Model Checking Approach](http://www.ijmlc.org/vol10/977-AM0059.pdf) | Symbolic execution built on top of Slither’s CFG | Tam Bang, Hoang H Nguyen, Dung Nguyen, Toan Trieu, Tho Quan | IJMLC 20
+[ETHPLOIT: From Fuzzing to Efficient Exploit Generation against Smart Contracts](https://wcventure.github.io/FuzzingPaper/Paper/SANER20_ETHPLOIT.pdf) | Leverage data dependency through Slither | Qingzhao Zhang, Yizhuo Wang, Juanru Li, Siqi Ma | SANER 20 | -
+[Verification of Ethereum Smart Contracts: A Model Checking Approach](http://www.ijmlc.org/vol10/977-AM0059.pdf) | Symbolic execution built on top of Slither’s CFG | Tam Bang, Hoang H Nguyen, Dung Nguyen, Toan Trieu, Tho Quan | IJMLC 20 | -
 [Smart Contract Repair](https://arxiv.org/pdf/1912.05823.pdf) | Rely on Slither’s vulnerabilities detectors | Xiao Liang Yu, Omar Al-Bataineh, David Lo, Abhik Roychoudhury | TOSEM 20 | [SCRepair](https://github.com/xiaoly8/SCRepair/)
-[Demystifying Loops in Smart Contracts](https://www.microsoft.com/en-us/research/uploads/prod/2020/08/loops_solidity__camera_ready-5f3fec3f15c69.pdf) | Leverage data dependency through Slither | Ben Mariano, Yanju Chen, Yu Feng, Shuvendu Lahiri, Isil Dillig | ASE 20
-[Trace-Based Dynamic Gas Estimation of Loops in Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9268144) | Use Slither’s CFG to detect loops | Chunmiao Li, Shijie Nie, Yang Cao, Yijun Yu, Zhenjiang Hu | IEEE Open J. Comput. Soc. 1 (2020)
+[Demystifying Loops in Smart Contracts](https://www.microsoft.com/en-us/research/uploads/prod/2020/08/loops_solidity__camera_ready-5f3fec3f15c69.pdf) | Leverage data dependency through Slither | Ben Mariano, Yanju Chen, Yu Feng, Shuvendu Lahiri, Isil Dillig | ASE 20 | -
+[Trace-Based Dynamic Gas Estimation of Loops in Smart Contracts](https://ieeexplore.ieee.org/stamp/stamp.jsp?arnumber=9268144) | Use Slither’s CFG to detect loops | Chunmiao Li, Shijie Nie, Yang Cao, Yijun Yu, Zhenjiang Hu | IEEE Open J. Comput. Soc. 1 (2020) | -
 [SAILFISH: Vetting Smart Contract State-Inconsistency Bugs in Seconds](https://arxiv.org/pdf/2104.08638.pdf) | Rely on SlithIR to build a *storage dependency graph* | Priyanka Bose, Dipanjan Das, Yanju Chen, Yu Feng, Christopher Kruegel, and Giovanni Vigna | S&P 22 | [Sailfish](https://github.com/ucsb-seclab/sailfish)
-[SolType: Refinement Types for Arithmetic Overflow in Solidity](https://arxiv.org/abs/2110.00677) | Use Slither as frontend to build refinement type system | Bryan Tan, Benjamin Mariano, Shuvendu K. Lahiri, Isil Dillig, Yu Feng | POPL 22
-[Do Not Rug on Me: Leveraging Machine Learning Techniques for Automated Scam Detection](https://www.mdpi.com/2227-7390/10/6/949) | Use Slither to extract tokens' features (mintable, pausable, ..) | Mazorra, Bruno, Victor Adan, and Vanesa Daza | Mathematics 10.6 (2022)
+[SolType: Refinement Types for Arithmetic Overflow in Solidity](https://arxiv.org/abs/2110.00677) | Use Slither as frontend to build refinement type system | Bryan Tan, Benjamin Mariano, Shuvendu K. Lahiri, Isil Dillig, Yu Feng | POPL 22 | -
+[Do Not Rug on Me: Leveraging Machine Learning Techniques for Automated Scam Detection](https://www.mdpi.com/2227-7390/10/6/949) | Use Slither to extract tokens' features (mintable, pausable, ..) | Mazorra, Bruno, Victor Adan, and Vanesa Daza | Mathematics 10.6 (2022) | -
 [MANDO: Multi-Level Heterogeneous Graph Embeddings for Fine-Grained Detection of Smart Contract Vulnerabilities](https://arxiv.org/abs/2208.13252) | Use Slither to extract the CFG and call graph | Hoang Nguyen, Nhat-Minh Nguyen, Chunyao Xie, Zahra Ahmadi, Daniel Kudendo, Thanh-Nam Doan and Lingxiao Jiang| IEEE 9th International Conference on Data Science and Advanced Analytics (DSAA, 2022) | [ge-sc](https://github.com/MANDO-Project/ge-sc)
 [Automated Auditing of Price Gouging TOD Vulnerabilities in Smart Contracts](https://www.cs.toronto.edu/~fanl/papers/price-icbc22.pdf) | Use Slither to extract the CFG and data dependencies| Sidi Mohamed Beillahi, Eric Keilty, Keerthi Nelaturu, Andreas Veneris, and Fan Long | 2022 IEEE International Conference on Blockchain and Cryptocurrency (ICBC) | [Smart-Contract-Repair](https://github.com/Veneris-Group/TOD-Location-Rectification)
 

pyproject.toml

@@ -7,7 +7,6 @@ missing-module-docstring,
 missing-class-docstring,
 missing-function-docstring,
 unnecessary-lambda,
-bad-continuation,
 cyclic-import,
 line-too-long,
 invalid-name,
@@ -18,5 +17,6 @@ logging-fstring-interpolation,
 logging-not-lazy,
 duplicate-code,
 import-error,
-unsubscriptable-object
+unsubscriptable-object,
+unnecessary-lambda-assignment
 """

setup.py

@@ -15,8 +15,8 @@
         "packaging",
         "prettytable>=3.3.0",
         "pycryptodome>=3.4.6",
-        "crytic-compile>=0.3.5,<0.4.0",
-        # "crytic-compile@git+https://github.com/crytic/crytic-compile.git@master#egg=crytic-compile",
+        # "crytic-compile>=0.3.5,<0.4.0",
+        "crytic-compile@git+https://github.com/crytic/crytic-compile.git@master#egg=crytic-compile",
         "web3>=6.0.0",
         "eth-abi>=4.0.0",
         "eth-typing>=3.0.0",
@@ -25,7 +25,7 @@
     extras_require={
         "lint": [
             "black==22.3.0",
-            "pylint==2.13.4",
+            "pylint==3.0.3",
         ],
         "test": [
             "pytest",

slither/__main__.py

@@ -268,9 +268,10 @@ def choose_printers(
 ###################################################################################
 
 
-def parse_filter_paths(args: argparse.Namespace) -> List[str]:
-    if args.filter_paths:
-        return args.filter_paths.split(",")
+def parse_filter_paths(args: argparse.Namespace, filter_path: bool) -> List[str]:
+    paths = args.filter_paths if filter_path else args.include_paths
+    if paths:
+        return paths.split(",")
     return []
 
 
@@ -307,6 +308,7 @@ def parse_args(
         "Checklist (consider using https://github.com/crytic/slither-action)"
     )
     group_misc = parser.add_argument_group("Additional options")
+    group_filters = parser.add_mutually_exclusive_group()
 
     group_detector.add_argument(
         "--detect",
@@ -518,14 +520,6 @@ def parse_args(
         default=defaults_flag_in_config["disable_color"],
     )
 
-    group_misc.add_argument(
-        "--filter-paths",
-        help="Regex filter to exclude detector results matching file path e.g. (mocks/|test/)",
-        action="store",
-        dest="filter_paths",
-        default=defaults_flag_in_config["filter_paths"],
-    )
-
     group_misc.add_argument(
         "--triage-mode",
         help="Run triage mode (save results in triage database)",
@@ -579,6 +573,22 @@ def parse_args(
         default=defaults_flag_in_config["no_fail"],
     )
 
+    group_filters.add_argument(
+        "--filter-paths",
+        help="Regex filter to exclude detector results matching file path e.g. (mocks/|test/)",
+        action="store",
+        dest="filter_paths",
+        default=defaults_flag_in_config["filter_paths"],
+    )
+
+    group_filters.add_argument(
+        "--include-paths",
+        help="Regex filter to include detector results matching file path e.g. (src/|contracts/). Opposite of --filter-paths",
+        action="store",
+        dest="include_paths",
+        default=defaults_flag_in_config["include_paths"],
+    )
+
     codex.init_parser(parser)
 
     # debugger command
@@ -631,7 +641,8 @@ def parse_args(
     args = parser.parse_args()
     read_config_file(args)
 
-    args.filter_paths = parse_filter_paths(args)
+    args.filter_paths = parse_filter_paths(args, True)
+    args.include_paths = parse_filter_paths(args, False)
 
     # Verify our json-type output is valid
     args.json_types = set(args.json_types.split(","))  # type:ignore

slither/core/cfg/node.py

@@ -11,6 +11,7 @@
     SolidityFunction,
 )
 from slither.core.expressions.expression import Expression
+from slither.core.expressions import CallExpression, Identifier, AssignmentOperation
 from slither.core.solidity_types import ElementaryType
 from slither.core.source_mapping.source_mapping import SourceMapping
 from slither.core.variables.local_variable import LocalVariable
@@ -898,6 +899,21 @@ def _find_read_write_call(self) -> None:  # pylint: disable=too-many-statements
                 # TODO: consider removing dependancy of solidity_call to internal_call
                 self._solidity_calls.append(ir.function)
                 self._internal_calls.append(ir.function)
+            if (
+                isinstance(ir, SolidityCall)
+                and ir.function == SolidityFunction("sstore(uint256,uint256)")
+                and isinstance(ir.node.expression, CallExpression)
+                and isinstance(ir.node.expression.arguments[0], Identifier)
+            ):
+                self._vars_written.append(ir.arguments[0])
+            if (
+                isinstance(ir, SolidityCall)
+                and ir.function == SolidityFunction("sload(uint256)")
+                and isinstance(ir.node.expression, AssignmentOperation)
+                and isinstance(ir.node.expression.expression_right, CallExpression)
+                and isinstance(ir.node.expression.expression_right.arguments[0], Identifier)
+            ):
+                self._vars_read.append(ir.arguments[0])
             if isinstance(ir, LowLevelCall):
                 assert isinstance(ir.destination, (Variable, SolidityVariable))
                 self._low_level_calls.append((ir.destination, str(ir.function_name.value)))

slither/core/declarations/solidity_variables.py

@@ -139,7 +139,7 @@ def __init__(self, name: str) -> None:
         self._name = name
 
     # dev function, will be removed once the code is stable
-    def _check_name(self, name: str) -> None:  # pylint: disable=no-self-use
+    def _check_name(self, name: str) -> None:
         assert name in SOLIDITY_VARIABLES or name.endswith(("_slot", "_offset"))
 
     @property