Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

refactor: add VULNERABLE_SOLC_VERSIONS and logic #1477

Merged
merged 2 commits into from
Nov 30, 2022
Merged

refactor: add VULNERABLE_SOLC_VERSIONS and logic #1477

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
c522ef9
refactor: add VULNERABLE_SOLC_VERSIONS and logic
devtooligan Nov 21, 2022
2412f83
fix: add type
devtooligan Nov 28, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 15 additions & 0 deletions slither/detectors/abstract_detector.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,11 @@ class AbstractDetector(metaclass=abc.ABCMeta):

STANDARD_JSON = True

# list of vulnerable solc versions as strings (e.g. ["0.4.25", "0.5.0"])
# if this list is not empty then the detector will not run unless the solc version is on the list
# an empty list means that the detector will run on any solc version
VULNERABLE_SOLC_VERSIONS = []
devtooligan marked this conversation as resolved.
Show resolved Hide resolved

def __init__(
self, compilation_unit: SlitherCompilationUnit, slither: "Slither", logger: Logger
):
Expand Down Expand Up @@ -139,6 +144,11 @@ def _log(self, info: str) -> None:
if self.logger:
self.logger.info(self.color(info))

def _uses_vulnerable_solc_version(self) -> bool:
if self.VULNERABLE_SOLC_VERSIONS:
return self.compilation_unit.solc_version in self.VULNERABLE_SOLC_VERSIONS
return True

@abc.abstractmethod
def _detect(self) -> List[Output]:
"""TODO Documentation"""
Expand All @@ -147,6 +157,11 @@ def _detect(self) -> List[Output]:
# pylint: disable=too-many-branches
def detect(self) -> List[Dict]:
results: List[Dict] = []

# check solc version
if not self._uses_vulnerable_solc_version():
return results

# only keep valid result, and remove duplicate
# Keep only dictionaries
for r in [output.data for output in self._detect()]:
Expand Down
23 changes: 5 additions & 18 deletions slither/detectors/compiler_bugs/enum_conversion.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,18 +7,6 @@
from slither.core.declarations.enum import Enum


def _uses_vulnerable_solc_version(version):
"""Detect if used compiler version is 0.4.[0|1|2|3|4]
Args:
version (solc version used)
Returns:
Bool
"""
if version in ["0.4.0", "0.4.1", "0.4.2", "0.4.3", "0.4.4"]:
return True
return False


def _detect_dangerous_enum_conversions(contract):
"""Detect dangerous conversion to enum by checking IR
Args:
Expand Down Expand Up @@ -54,11 +42,11 @@ class EnumConversion(AbstractDetector):
```solidity
pragma solidity 0.4.2;
contract Test{

enum E{a}

function bug(uint a) public returns(E){
return E(a);
return E(a);
}
}
```
Expand All @@ -67,12 +55,11 @@ class EnumConversion(AbstractDetector):

WIKI_RECOMMENDATION = "Use a recent compiler version. If `solc` <`0.4.5` is required, check the `enum` conversion range."

VULNERABLE_SOLC_VERSIONS = ["0.4.0", "0.4.1", "0.4.2", "0.4.3", "0.4.4"]

def _detect(self):
"""Detect dangerous conversion to enum"""
results = []
# If solc version >= 0.4.5 then return
if not _uses_vulnerable_solc_version(self.compilation_unit.solc_version):
return results

for c in self.compilation_unit.contracts:
ret = _detect_dangerous_enum_conversions(c)
Expand Down