Github Actions Support, Detector Filtering, Bug Fixes / Quality of Life

.gitignore

@@ -3,4 +3,5 @@ report.md
 .vscode/tasks.json
 scope.txt
 repos
-reports
+reports
+.DS_Store

.vscode/settings.json

@@ -4,6 +4,6 @@
     "editor.defaultFormatter": "esbenp.prettier-vscode"
   },
   "editor.codeActionsOnSave": {
-    "source.fixAll": true
+    "source.fixAll": "explicit"
   }
 }

README.md

@@ -15,20 +15,61 @@
   - [Installation](#installation)
   - [Contributing](#contributing)
 
-## Usage
+### Installing 4naly3er
 
-```bash
-yarn analyze <BASE_PATH> <SCOPE_FILE> <GITHUB_URL>
+#### Prerequisites:
+
+You must have `node` and `yarn` installed on your system.
+
+#### Installation:
+
+```
+git clone [https://github.com/cb-elileers/analyzer](https://github.cbhq.net/security/solidity-analyzer)
+cd analyzer
+npm i --force --save-dev
+yarn
+```
+
+## Using 4naly3er
 
-# Example
-yarn analyze contracts scope.example.txt
+#### Basic Usage
+
+```
+yarn analyze <BASE_PATH> <OPTIONS>
 ```
 
-- `BASE_PATH` is a relative path to the folder containing the smart contracts.
-- `SCOPE_FILE` is an optional file containing a specific smart contracts scope (see [scope.example.txt](./scope.example.txt))
-- `GITHUB_URL` is an optional url to generate links to github in the report
-- For remappings, add `remappings.txt` to `BASE_PATH`.
-- The output will be saved in a `report.md` file.
+For example: `yarn analyze ~/Documents/op-enclave/`
+
+**Where Options Are:**
+
+- BASE_PATH is a **required** parameter which points to the folder containing the smart contract project.
+- '-s, --scope scopeFile' .txt file containing the contest scope
+- '-g, --github githubURL' github url to generate links to code
+- '-o, --out reportPath' Path for Markdown report
+- '-l, --listfiles' List analyzed files in Markdown Report
+- '--legacyscope scopeFile' Path for legacy scope file
+- '--sarif [outputPath]' Generate SARIF report, optionally include path to report. Default is analyzer.sarif
+- '--skip-info' Skip info issues
+- '--skip-gas' Skip gas issues
+- '--skip-low' Skip low issues
+- '--skip-medium' Skip medium issues
+- '--skip-high' Skip high issues
+- '--skip, --skip-detectors detectorID' Skip specific detectors by id
+
+For any remappings, Forge can generate, or you can add, remappings.txt to the BASE_PATH and 4naly3er will use them accordingly.
+
+Output from the tool is stored in **report.md** within the 4naly3er folder. To keep all documents related to a project together, it is advisable to run `mv report.md <BASE_PATH>` to deposit the report into the smart contract project's folder. (Click here to see an example report)[https://gist.github.com/Picodes/e9f1bb87ae832695694175abd8f9797f]
+
+#### Scope File Generation
+
+Sometimes, we only want to run our tooling on certain contracts within a repository. To do so, we define those contracts we want to be in scope in a **scope.txt** file.
+
+To autogenerate a scope.txt file that excludes dependencies, we can use the below script:
+
+```
+cd <BASE_PATH>
+find . | grep "\.sol" | grep -v "\./lib/" | grep -v typechain | grep -v node_modules | grep -v artifacts | grep -v "\.t\.sol">scope.txt
+```
 
 ## Example Reports
 

src/analyze.ts

@@ -1,4 +1,4 @@
-import { InputType, Instance, Issue, IssueTypes } from './types';
+import { InputType, Instance, Issue, Analysis } from './types';
 import { lineFromIndex } from './utils';
 
 const issueTypesTitles = {
@@ -13,9 +13,9 @@ const issueTypesTitles = {
  * @notice Runs the given issues on files and generate the report markdown string
  * @param githubLink optional url to generate links
  */
-const analyze = (files: InputType, issues: Issue[], githubLink?: string): string => {
+const analyze = (files: InputType, issues: Issue[], githubLink?: string): Analysis[] => {
   let result = '';
-  let analyze: { issue: Issue; instances: Instance[] }[] = [];
+  let analyze: Analysis[] = [];
   for (const issue of issues) {
     let instances: Instance[] = [];
     // If issue is a regex
@@ -61,68 +61,7 @@ const analyze = (files: InputType, issues: Issue[], githubLink?: string): string
     }
   }
 
-  /** Summary */
-  let c = 0;
-  if (analyze.length > 0) {
-    result += `\n## ${issueTypesTitles[analyze[0].issue.type]}\n\n`;
-    result += '\n| |Issue|Instances|\n|-|:-|:-:|\n';
-    for (const { issue, instances } of analyze) {
-      c++;
-      result += `| [${issue.type}-${c}](#${issue.type}-${c}) | ${issue.title} | ${instances.length} |\n`;
-    }
-  }
-
-  /** Issue breakdown */
-  c = 0;
-  for (const { issue, instances } of analyze) {
-    c++;
-    result += `### <a name="${issue.type}-${c}"></a>[${issue.type}-${c}] ${issue.title}\n`;
-    if (!!issue.description) {
-      result += `${issue.description}\n`;
-    }
-    if (!!issue.impact) {
-      result += '\n#### Impact:\n';
-      result += `${issue.impact}\n`;
-    }
-    result += `\n*Instances (${instances.length})*:\n`;
-    let previousFileName = '';
-    for (const o of instances.sort((a, b) => {
-      if (a.fileName < b.fileName) return -1;
-      if (a.fileName > b.fileName) return 1;
-      return !!a.line && !!b.line && a.line < b.line ? -1 : 1;
-    })) {
-      if (o.fileName !== previousFileName) {
-        if (previousFileName !== '') {
-          result += `\n${'```'}\n`;
-          if (!!githubLink) {
-            result += `[Link to code](${githubLink + previousFileName})\n`;
-          }
-          result += `\n`;
-        }
-        result += `${'```'}solidity\nFile: ${o.fileName}\n`;
-        previousFileName = o.fileName;
-      }
-
-      // Insert code snippet
-      const lineSplit = o.fileContent?.split('\n');
-      const offset = o.line.toString().length;
-      result += `\n${o.line}: ${lineSplit[o.line - 1]}\n`;
-      if (!!o.endLine) {
-        let currentLine = o.line + 1;
-        while (currentLine <= o.endLine) {
-          result += `${' '.repeat(offset)}  ${lineSplit[currentLine - 1]}\n`;
-          currentLine++;
-        }
-      }
-    }
-    result += `\n${'```'}\n`;
-    if (!!githubLink) {
-      result += `[Link to code](${githubLink + previousFileName})\n`;
-    }
-    result += `\n`;
-  }
-
-  return result;
+  return analyze;
 };
 
 export default analyze;

src/index.ts

@@ -9,12 +9,49 @@ import main from './main';
 
 // ================================= PARAMETERS ================================
 
-const basePath =
-  process.argv.length > 2 ? (process.argv[2].endsWith('/') ? process.argv[2] : process.argv[2] + '/') : 'contracts/';
-const scopeFile = process.argv.length > 3 && process.argv[3].endsWith('txt') ? process.argv[3] : null;
-const githubLink = process.argv.length > 4 && process.argv[4] ? process.argv[4] : null;
-const out = 'report.md';
+import { program } from 'commander';
+import { IssueTypes } from './types';
 
-// ============================== GENERATE REPORT ==============================
+program
+  .argument('[basePath]', 'Path were the contracts lies')
+  .option('-s, --scope <scopeFile>', '.txt file containing the contest scope')
+  .option('-g, --github <githubURL>', 'github url to generate links to code')
+  .option('-o, --out <reportPath>', 'Path for Markdown report')
+  .option('-l, --listfiles', 'List analyzed files in Markdown Report')
+  .option('--legacyscope <scopeFile>', 'Path for legacy scope file')
+  .option('--sarif [outputPath]', 'Generate SARIF report, optionally include path to report. Default is analyzer.sarif')
+  .option('--skip-info', 'Skip info issues')
+  .option('--skip-gas', 'Skip gas issues')
+  .option('--skip-low', 'Skip low issues')
+  .option('--skip-medium', 'Skip medium issues')
+  .option('--skip-high', 'Skip high issues')
+  .option('--skip, --skip-detectors <detectorID...>', 'Skip specific detectors by id')
+  .action((basePath:string, options) => {
+    basePath = basePath ||'contracts/';
+    basePath = basePath.endsWith('/') ? basePath : `${basePath}/`;
 
-main(basePath, scopeFile, githubLink, out);
+    const sarif = options.sarif === true ? 'analyzer.sarif' : options.sarif;
+
+    const severityToRun: IssueTypes[] = [];
+    if(!options.skipInfo) severityToRun.push(IssueTypes.NC);
+    if(!options.skipGas) severityToRun.push(IssueTypes.GAS);
+    if(!options.skipLow) severityToRun.push(IssueTypes.L);
+    if(!options.skipMedium) severityToRun.push(IssueTypes.M);
+    if(!options.skipHigh) severityToRun.push(IssueTypes.H);
+
+    const skipDetectors = options.skipDetectors || [];
+    const skipDetectorsLower = skipDetectors.map(detector => detector.toLowerCase()); // Convert to lowercase to avoid case-sensitive issues
+
+    console.log(`basePath: ${basePath}`);
+    console.log(`scope: ${options.scope||'----'}`);
+    console.log(`github: ${options.github||'----'}`);
+    console.log(`out: ${options.out||'report.md'}`);
+    console.log(`legacyScope: ${options.legacyscope||'----'}`);
+    console.log(`sarif: ${options.sarif||'----'}`);
+    console.log('Severity to run: ', severityToRun);
+    console.log('Skipping detectors: ', skipDetectorsLower);
+
+    console.log('*****************************')
+    // ============================== RUN ANALYZER ==============================
+    main(basePath, options.scope, options.github, options.out || 'report.md', severityToRun, skipDetectorsLower, options.legacyscope, options.sarif, options.listfiles);
+  }).parse();

src/issues/GAS/ERC721A.ts

@@ -1,6 +1,7 @@
 import { IssueTypes, RegexIssue } from '../../types';
 
 const issue: RegexIssue = {
+  id: 'erc721A',
   regexOrAST: 'Regex',
   type: IssueTypes.GAS,
   title: 'Use ERC721A instead ERC721',

src/issues/GAS/_msgSender.ts

@@ -1,6 +1,7 @@
 import { IssueTypes, RegexIssue } from '../../types';
 
 const issue: RegexIssue = {
+  id: '_msgSender',
   regexOrAST: 'Regex',
   type: IssueTypes.GAS,
   title: "Don't use `_msgSender()` if not supporting EIP-2771",

src/issues/GAS/addPlusEqual.ts

@@ -1,6 +1,7 @@
 import { IssueTypes, RegexIssue } from '../../types';
 
 const issue: RegexIssue = {
+  id: 'addPlusEqual',
   regexOrAST: 'Regex',
   type: IssueTypes.GAS,
   title: '`a = a + b` is more gas effective than `a += b` for state variables (excluding arrays and mappings)',

src/issues/GAS/addressZero.ts

@@ -4,6 +4,7 @@ import { instanceFromSRC } from '../../utils';
 import { Expression, SourceUnit } from 'solidity-ast';
 
 const issue: ASTIssue = {
+  id: 'addressZero',
   regexOrAST: 'AST',
   type: IssueTypes.GAS,
   title: 'Use assembly to check for `address(0)`',

src/issues/GAS/assignUpdateArray.ts

@@ -3,6 +3,7 @@ import { findAll } from 'solidity-ast/utils';
 import { instanceFromSRC } from '../../utils';
 
 const issue: ASTIssue = {
+  id: 'assignUpdateArray',
   regexOrAST: 'AST',
   type: IssueTypes.GAS,
   title: '`array[index] += amount` is cheaper than `array[index] = array[index] + amount` (or related variants)',

src/issues/GAS/boolCompare.ts

@@ -1,6 +1,7 @@
 import { IssueTypes, RegexIssue } from '../../types';
 
 const issue: RegexIssue = {
+  id: 'boolCompare',
   regexOrAST: 'Regex',
   type: IssueTypes.GAS,
   title: 'Comparing to a Boolean constant',

src/issues/GAS/boolIncursOverhead.ts

@@ -1,6 +1,7 @@
 import { IssueTypes, RegexIssue } from '../../types';
 
 const issue: RegexIssue = {
+  id: 'boolIncursOverhead',
   regexOrAST: 'Regex',
   type: IssueTypes.GAS,
   title: 'Using bools for storage incurs overhead',

src/issues/GAS/bytesConstantsVsString.ts

@@ -0,0 +1,11 @@
+import { IssueTypes, RegexIssue } from '../../types';
+
+const issue: RegexIssue = {
+  id: 'bytesConstantsVsString',
+  regexOrAST: 'Regex',
+  type: IssueTypes.GAS,
+  title: 'Bytes constants are more efficient than string constants',
+  regex: /string.+constant/g,
+};
+
+export default issue;

src/issues/GAS/cacheArrayLength.ts

@@ -1,6 +1,7 @@
 import { IssueTypes, RegexIssue } from '../../types';
 
 const issue: RegexIssue = {
+  id: 'cacheArrayLength',
   regexOrAST: 'Regex',
   type: IssueTypes.GAS,
   title: 'Cache array length outside of loop',

src/issues/GAS/cacheVariable.ts

@@ -4,6 +4,7 @@ import { getStorageVariable, instanceFromSRC } from '../../utils';
 import { Identifier } from 'solidity-ast';
 
 const issue: ASTIssue = {
+  id: 'cacheVariable',
   regexOrAST: 'AST',
   type: IssueTypes.GAS,
   title: 'State variables should be cached in stack variables rather than re-reading them from storage',

src/issues/GAS/calldataViewFunctions.ts

@@ -3,6 +3,7 @@ import { ASTIssue, InputType, Instance, IssueTypes, RegexIssue } from '../../typ
 import { instanceFromSRC } from '../../utils';
 
 const issue: ASTIssue = {
+  id: 'calldataViewFunctions',
   regexOrAST: 'AST',
   type: IssueTypes.GAS,
   title: 'Use calldata instead of memory for function arguments that do not get mutated',

src/issues/GAS/canUseUnchecked.ts

@@ -1,6 +1,7 @@
 import { IssueTypes, RegexIssue } from '../../types';
 
 const issue: RegexIssue = {
+  id: 'canUseUnchecked',
   regexOrAST: 'Regex',
   type: IssueTypes.GAS,
   title: 'For Operations that will not overflow, you could use unchecked',

src/issues/GAS/customErrors.ts

@@ -1,6 +1,7 @@
 import { IssueTypes, RegexIssue } from '../../types';
 
 const issue: RegexIssue = {
+  id: 'customErrors',
   regexOrAST: 'Regex',
   type: IssueTypes.GAS,
   title: 'Use Custom Errors instead of Revert Strings to save Gas',

src/issues/GAS/delegatecallAddressCheck.ts

@@ -1,6 +1,7 @@
 import { IssueTypes, RegexIssue } from '../../types';
 
 const issue: RegexIssue = {
+  id: 'delegatecallAddressCheck',
   regexOrAST: 'Regex',
   type: IssueTypes.GAS,
   title: 'Avoid contract existence checks by using low level calls',

src/issues/GAS/dontCacheIfUsedOnce.ts

@@ -4,6 +4,7 @@ import { instanceFromSRC } from '../../utils';
 import util from 'util';
 
 const issue: ASTIssue = {
+  id: 'dontCacheIfUsedOnce',
   regexOrAST: 'AST',
   type: IssueTypes.GAS,
   title: 'Stack variable used as a cheaper cache for a state variable is only used once',

src/issues/GAS/immutableConstructor.ts

@@ -4,6 +4,7 @@ import { ASTIssue, InputType, Instance, IssueTypes, RegexIssue } from '../../typ
 import { instanceFromSRC, topLevelFiles, getStorageVariable } from '../../utils';
 
 const issue: ASTIssue = {
+  id: 'immutableConstructor',
   regexOrAST: 'AST',
   type: IssueTypes.GAS,
   title: 'State variables only set in the constructor should be declared `immutable`',

src/issues/GAS/initializeDefaultValue.ts

@@ -1,6 +1,7 @@
 import { IssueTypes, RegexIssue } from '../../types';
 
 const issue: RegexIssue = {
+  id: 'initializeDefaultValue',
   regexOrAST: 'Regex',
   type: IssueTypes.GAS,
   title: "Don't initialize variables with default value",

src/issues/GAS/longRevertString.ts

@@ -1,6 +1,7 @@
 import { IssueTypes, RegexIssue } from '../../types';
 
 const issue: RegexIssue = {
+  id: 'longRevertString',
   regexOrAST: 'Regex',
   type: IssueTypes.GAS,
   title: 'Reduce the size of error messages (Long revert Strings)',

src/issues/GAS/payableFunctions.ts

@@ -1,6 +1,7 @@
 import { IssueTypes, RegexIssue } from '../../types';
 
 const issue: RegexIssue = {
+  id: 'payableFunctions',
   regexOrAST: 'Regex',
   type: IssueTypes.GAS,
   title: 'Functions guaranteed to revert when called by normal users can be marked `payable`',

src/issues/GAS/postIncrement.ts

@@ -1,6 +1,7 @@
 import { IssueTypes, RegexIssue } from '../../types';
 
 const issue: RegexIssue = {
+  id: 'postIncrement',
   regexOrAST: 'Regex',
   type: IssueTypes.GAS,
   title: '`++i` costs less gas compared to `i++` or `i += 1` (same for `--i` vs `i--` or `i -= 1`)',