Skip to content

Adding a new detector

Jump to bottom
Dan Guido edited this page Jan 26, 2020 · 30 revisions

Slither's plugin architecture lets you integrate new detectors that run from the command line.

Detector Skeleton

The skeleton for a detector is:

from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification


class Skeleton(AbstractDetector):
    """
    Documentation
    """

    ARGUMENT = 'mydetector' # slither will launch the detector with slither.py --detect mydetector
    HELP = 'Help printed by slither'
    IMPACT = DetectorClassification.HIGH
    CONFIDENCE = DetectorClassification.HIGH

    WIKI = ''

    WIKI_TITLE = ''
    WIKI_DESCRIPTION = ''
    WIKI_EXPLOIT_SCENARIO = ''
    WIKI_RECOMMENDATION = ''

    def _detect(self):
        info = 'This is an example!'

        finding = self.generate_json_result(info)
        return [finding]
  • ARGUMENT lets you run the detector from the command line
  • HELP is the information printed from the command line
  • IMPACT indicates the impact of the issue. Allowed values are:
    • DetectorClassification.INFORMATIONAL: printed in green
    • DetectorClassification.LOW: printed in green
    • DetectorClassification.MEDIUM: printed in yellow
    • DetectorClassification.HIGH: printed in red
  • CONFIDENCE indicates your confidence in the analysis. Allowed values are:
    • DetectorClassification.LOW
    • DetectorClassification.MEDIUM
    • DetectorClassification.HIGH
  • WIKI constants are used to generate automatically the documentation.

_detect() needs to return a list of findings. A finding is a dictionary that can be generated with self.generate_json_result(info), where info is the text that is going to be printed.

The following helper allows to add information to the finding, that can be used by a continuous integration system or an IDE to locate the bug:

  • self.add_variable_to_json(variable)
  • self.add_variables_to_json(variables)
  • self.add_contract_to_json(contract)
  • self.add_function_to_json(function)
  • self.add_functions_to_json(functions)
  • self.add_nodes_to_json(nodes)

An AbstractDetector object has the slither attribute, which returns the current Slither object.

Integration

You can integrate your detector into Slither by:

Test the detector

If you want to add your detector to trailofbits/slither, create a unit-test in tests and update scripts/travis_test_4.sh to run the unit-test automatically.

deepdiff is needed to run travis_test.sh:

pip install deepdiff

Example

backdoor.py will detect any function with backdoor in its name.

Clone this wiki locally