-
Notifications
You must be signed in to change notification settings - Fork 979
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
sync master <> dev #2506
sync master <> dev #2506
Conversation
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.8.14 to 1.9.0. - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](pypa/gh-action-pypi-publish@v1.8.14...v1.9.0) --- updated-dependencies: - dependency-name: pypa/gh-action-pypi-publish dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]>
Bumps [docker/build-push-action](https://github.com/docker/build-push-action) from 5 to 6. - [Release notes](https://github.com/docker/build-push-action/releases) - [Commits](docker/build-push-action@v5...v6) --- updated-dependencies: - dependency-name: docker/build-push-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
fix(arbitrary-send-eth): don't report if destination is immutable state var
sync dev <> master
Update WIKI_DESCRIPTION for "dead_code.py"
Building `ckzg` requires `make` to be present.
Dockerfile: fix `ckzg` build
Added length check on `bugs_by_version` for specific `version_number`
…cker/build-push-action-6 Bump docker/build-push-action from 5 to 6
…pa/gh-action-pypi-publish-1.9.0 Bump pypa/gh-action-pypi-publish from 1.8.14 to 1.9.0
Improve slither-mutate testing
WalkthroughWalkthroughThe changes encompass updates to various scripts, configuration files, and source code within the project. Key modifications include updates to test execution directories, Dockerfile dependencies, action versions in workflow files, and enhancements in the Changes
Sequence DiagramsDiagram generation not applicable due to the nature of the changes. Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configuration File (
|
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Files ignored due to path filters (2)
tests/e2e/detectors/test_data/arbitrary-send-eth/0.6.11/arbitrary_send_eth.sol-0.6.11.zip
is excluded by!**/*.zip
tests/e2e/detectors/test_data/arbitrary-send-eth/0.7.6/arbitrary_send_eth.sol-0.7.6.zip
is excluded by!**/*.zip
Files selected for processing (22)
- .github/scripts/tool_test_runner.sh (1 hunks)
- .github/workflows/docker.yml (1 hunks)
- .github/workflows/publish.yml (1 hunks)
- Dockerfile (1 hunks)
- slither/detectors/attributes/incorrect_solc.py (1 hunks)
- slither/detectors/functions/arbitrary_send_eth.py (2 hunks)
- slither/detectors/functions/dead_code.py (1 hunks)
- slither/tools/mutator/main.py (2 hunks)
- slither/tools/mutator/mutators/LIR.py (2 hunks)
- slither/tools/mutator/mutators/abstract_mutator.py (4 hunks)
- slither/tools/mutator/utils/file_handling.py (1 hunks)
- slither/tools/mutator/utils/testing_generated_mutant.py (1 hunks)
- tests/e2e/detectors/snapshots/detectors__detector_ArbitrarySendEth_0_6_11_arbitrary_send_eth_sol__0.txt (1 hunks)
- tests/e2e/detectors/snapshots/detectors__detector_ArbitrarySendEth_0_7_6_arbitrary_send_eth_sol__0.txt (1 hunks)
- tests/e2e/detectors/test_data/arbitrary-send-eth/0.6.11/arbitrary_send_eth.sol (1 hunks)
- tests/e2e/detectors/test_data/arbitrary-send-eth/0.7.6/arbitrary_send_eth.sol (1 hunks)
- tests/tools/mutator/test_data/test_source_unit/README.md (1 hunks)
- tests/tools/mutator/test_data/test_source_unit/foundry.toml (1 hunks)
- tests/tools/mutator/test_data/test_source_unit/script/Counter.s.sol (1 hunks)
- tests/tools/mutator/test_data/test_source_unit/src/Counter.sol (1 hunks)
- tests/tools/mutator/test_data/test_source_unit/test/Counter.t.sol (1 hunks)
- tests/tools/mutator/test_mutator.py (1 hunks)
Files skipped from review due to trivial changes (10)
- .github/workflows/docker.yml
- .github/workflows/publish.yml
- Dockerfile
- slither/detectors/functions/dead_code.py
- slither/tools/mutator/utils/file_handling.py
- slither/tools/mutator/utils/testing_generated_mutant.py
- tests/e2e/detectors/snapshots/detectors__detector_ArbitrarySendEth_0_7_6_arbitrary_send_eth_sol__0.txt
- tests/tools/mutator/test_data/test_source_unit/README.md
- tests/tools/mutator/test_data/test_source_unit/foundry.toml
- tests/tools/mutator/test_data/test_source_unit/src/Counter.sol
Additional comments not posted (21)
.github/scripts/tool_test_runner.sh (2)
5-5
: LGTM!The pytest command has been correctly updated to run tests from the
tests/tools
directory.
9-9
: LGTM!The pytest command has been correctly updated to run tests from the
tests/tools
directory when no arguments are provided.tests/tools/mutator/test_data/test_source_unit/script/Counter.s.sol (1)
1-12
: LGTM!The Solidity script correctly defines the
CounterScript
contract withsetUp
andrun
functions, and uses theforge-std/Script.sol
library appropriately.tests/e2e/detectors/snapshots/detectors__detector_ArbitrarySendEth_0_6_11_arbitrary_send_eth_sol__0.txt (2)
1-3
: LGTM!The snapshot correctly identifies dangerous calls in the
direct
test case.
5-7
: LGTM!The snapshot correctly identifies dangerous calls in the
indirect
test case.tests/tools/mutator/test_data/test_source_unit/test/Counter.t.sol (1)
1-24
: LGTM!The Solidity test correctly defines the
CounterTest
contract withsetUp
,test_Increment
, andtestFuzz_SetNumber
functions, and uses theforge-std/Test.sol
library appropriately.tests/e2e/detectors/test_data/arbitrary-send-eth/0.6.11/arbitrary_send_eth.sol (3)
4-4
: Ensure Consistency with Solidity Versions.The
immutable
keyword is supported from Solidity version 0.6.5 onwards. Ensure the Solidity compiler version specified in the project is compatible with this feature.
8-8
: Correctly Initialize Immutable Variables.The
destination_imm
is initialized tomsg.sender
in the constructor. Ensure this behavior aligns with the intended design, especially in scenarios where the contract is deployed by a different address than the one interacting with it.
12-14
: Security Review: Ensure Safe Ether Transfer.The
send_immutable
function transfers the entire contract balance todestination_imm
. Ensure this transfer aligns with the intended security model and does not expose the contract to reentrancy attacks or other vulnerabilities.tests/e2e/detectors/test_data/arbitrary-send-eth/0.7.6/arbitrary_send_eth.sol (3)
4-4
: Ensure Consistency with Solidity Versions.The
immutable
keyword is supported from Solidity version 0.6.5 onwards. Ensure the Solidity compiler version specified in the project is compatible with this feature.
8-8
: Correctly Initialize Immutable Variables.The
destination_imm
is initialized tomsg.sender
in the constructor. Ensure this behavior aligns with the intended design, especially in scenarios where the contract is deployed by a different address than the one interacting with it.
12-14
: Security Review: Ensure Safe Ether Transfer.The
send_immutable
function transfers the entire contract balance todestination_imm
. Ensure this transfer aligns with the intended security model and does not expose the contract to reentrancy attacks or other vulnerabilities.slither/tools/mutator/mutators/LIR.py (2)
34-34
: Ensure Correct Handling of Integer Types.The check for
int
types has been added. Ensure that all relevant integer types are correctly handled and tested.
66-66
: Ensure Correct Handling of Integer Types.The check for
int
types has been added. Ensure that all relevant integer types are correctly handled and tested.tests/tools/mutator/test_mutator.py (1)
1-133
: Comprehensive Test Coverage.The test cases added provide good coverage for the mutator tool functions. Ensure that the tests cover edge cases and potential failure scenarios.
slither/detectors/functions/arbitrary_send_eth.py (2)
33-33
: Import added for StateVariable.The import statement for
StateVariable
is correctly added to support the new functionality in the code.
71-72
: Check for immutable state variable added.The check correctly skips over destinations that are immutable state variables, enhancing the security of the contract analysis.
slither/detectors/attributes/incorrect_solc.py (1)
74-74
: Check for non-empty bug list added.The additional check ensures that the bug list for a given version is not empty before appending bug details. This is a good practice to avoid unnecessary processing.
slither/tools/mutator/mutators/abstract_mutator.py (2)
4-4
: Type annotation updated to use Union.The type annotations are updated to use
Union
, which is more explicit and improves readability.
30-30
: Type annotation for solc_remappings updated to use Union.This change aligns with the updated type annotations and improves code clarity.
slither/tools/mutator/__main__.py (1)
119-119
: Type annotation for mutators_list updated to use Union.The type annotation is updated to use
Union
, which is more explicit and improves readability.
Bumps [sigstore/gh-action-sigstore-python](https://github.com/sigstore/gh-action-sigstore-python) from 2.1.1 to 3.0.0. - [Release notes](https://github.com/sigstore/gh-action-sigstore-python/releases) - [Changelog](https://github.com/sigstore/gh-action-sigstore-python/blob/main/CHANGELOG.md) - [Commits](sigstore/gh-action-sigstore-python@v2.1.1...v3.0.0) --- updated-dependencies: - dependency-name: sigstore/gh-action-sigstore-python dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <[email protected]>
This PR adds a `max_width` parameter to MyPrettyTable to restrict the maximum width of its underlying table. The value can be an integer, "max" (detect automatically the correct width) or None (no width limit) * Add a new parameter `max_width` to MyPrettyTable to enhance its display for CLI usage * Fix the description of the Loc printer, and adjust the maximal width. * bump prettytable * default all prettytable's to fit within max terminal width --------- Co-authored-by: alpharush <[email protected]>
slither-mutate: (AOR) Fix for dynamic array operations
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Actionable comments posted: 0
Review details
Configuration used: .coderabbit.yaml
Review profile: CHILL
Files selected for processing (5)
- setup.py (1 hunks)
- slither/printers/summary/loc.py (1 hunks)
- slither/tools/mutator/mutators/AOR.py (2 hunks)
- slither/utils/command_line.py (1 hunks)
- slither/utils/myprettytable.py (5 hunks)
Files skipped from review due to trivial changes (1)
- slither/printers/summary/loc.py
Additional comments not posted (10)
setup.py (1)
16-16
: Verify compatibility with other dependencies.Ensure that the updated version of
prettytable
(>=3.10.2) is compatible with other dependencies and does not introduce any breaking changes.slither/utils/myprettytable.py (5)
1-1
: LGTM! Import statement is appropriate.The import of
get_terminal_size
fromshutil
is necessary for determining terminal size.
11-16
: LGTM! New parametermax_width
is well-integrated.The addition of the
max_width
parameter with a default value of"max"
is a useful enhancement.
28-37
: LGTM! Logic for settingself.max_width
is correct.The logic for setting
self.max_width
based on the terminal size or the provided value is correctly implemented.
48-49
: LGTM! Table width setting is correct.The logic to set
max_table_width
of the table ifself.max_width
is notNone
is correctly implemented.
86-86
: LGTM! Simplification oftable.add_row
is correct.The simplification of the
table.add_row
call in themake_pretty_table
function is correct and improves readability.slither/tools/mutator/mutators/AOR.py (3)
7-10
: LGTM! Import statements are appropriate.The imports of
CallExpression
,MemberAccess
,Identifier
, andArrayType
are necessary for handling special cases in the mutation logic.
36-50
: LGTM! Special cases for.push
and.pop
are well-handled.The logic for handling special cases for
.push
and.pop
on dynamic arrays is correctly implemented.
51-65
: LGTM! Logic for skipping specific IR operations is correct.The logic to skip specific IR operations based on the type of expression being mutated is correctly implemented.
slither/utils/command_line.py (1)
363-364
: LGTM! Help information cleanup is well-implemented.The logic to clean up multi-line help information by joining and stripping each line is correctly implemented and improves readability.
…gstore/gh-action-sigstore-python-3.0.0 Bump sigstore/gh-action-sigstore-python from 2.1.1 to 3.0.0
ci: require web3 with <5 eth_typing deps
add upper bound
…-errors Revert "Reduce verbosity for InvalidCompilation errors"
* disable unused import * fmt
* tool: support reinitializer in slither-check-upgradeability * MissingCalls: don't account reinitializers * tool: add detector for multiple new reinitializers * fix: comments and pylint
Bumps [pypa/gh-action-pip-audit](https://github.com/pypa/gh-action-pip-audit) from 1.0.8 to 1.1.0. - [Release notes](https://github.com/pypa/gh-action-pip-audit/releases) - [Commits](pypa/gh-action-pip-audit@v1.0.8...v1.1.0) --- updated-dependencies: - dependency-name: pypa/gh-action-pip-audit dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <[email protected]> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Summary by CodeRabbit
New Features
send_immutable()
in Solidity smart contracts for secure fund transfers.Bug Fixes
msg.sender
for safer ETH transfers.Chores
docker/build-push-action
tov6
andpypa/gh-action-pypi-publish
tov1.9.0
).make
package installation to Dockerfile.Refactor
Documentation
README.md
with initialization instructions.foundry.toml
for Foundry tool configuration.