solsa
所属分类:区块链开发
开发工具:Rust
文件大小:24KB
下载次数:0
上传日期:2018-09-18 14:22:05
上 传 者:
sh-1993
说明: 智能合约工具聚合器
(Smart contracts tooling aggregator)
文件列表:
.soliumignore (12, 2018-09-18)
.soliumrc.json (307, 2018-09-18)
.travis.yml (1401, 2018-09-18)
Cargo.lock (23643, 2018-09-18)
Cargo.toml (483, 2018-09-18)
LICENSE.md (735, 2018-09-18)
dockerfiles (0, 2018-09-18)
dockerfiles\Dockerfile.echidna (970, 2018-09-18)
dockerfiles\Dockerfile.mythril (956, 2018-09-18)
dockerfiles\Dockerfile.oyente (889, 2018-09-18)
dockerfiles\Dockerfile.solc (131, 2018-09-18)
dockerfiles\Dockerfile.solidity-flattener (441, 2018-09-18)
dockerfiles\Dockerfile.solium (264, 2018-09-18)
dockerfiles\oyente.sh (109, 2018-09-18)
example_contracts (0, 2018-09-18)
example_contracts\A.sol (113, 2018-09-18)
example_contracts\A_test.sol (166, 2018-09-18)
example_contracts\GnosisWallet.sol (11609, 2018-09-18)
example_contracts\compilation_fail.sol (134, 2018-09-18)
example_contracts\useless.sol (231, 2018-09-18)
src (0, 2018-09-18)
src\docker.rs (362, 2018-09-18)
src\main.rs (12022, 2018-09-18)
src\tool_output.rs (1669, 2018-09-18)
src\tools.rs (6092, 2018-09-18)
templates (0, 2018-09-18)
templates\index.html (10207, 2018-09-18)
# Smart contracts tooling aggregator
[![Build Status](https://api.travis-ci.org/enhancedsociety/solsa.svg?branch=master)](https://travis-ci.org/enhancedsociety/solsa)
[![Crate version](https://img.shields.io/crates/v/solsa.svg)](https://crates.io/crates/solsa)
[![Crate version](https://img.shields.io/crates/d/solsa.svg)](https://crates.io/crates/solsa)
[![Solc container Size](https://img.shields.io/microbadger/image-size/enhancedsociety/solc.svg?label=solc+docker+image+size)](https://hub.docker.com/r/enhancedsociety/solc/)
[![Solium container Size](https://img.shields.io/microbadger/image-size/enhancedsociety/solium.svg?label=solium+docker+image+size)](https://hub.docker.com/r/enhancedsociety/solium/)
[![Mythril container Size](https://img.shields.io/microbadger/image-size/enhancedsociety/mythril.svg?label=mythril+docker+image+size)](https://hub.docker.com/r/enhancedsociety/mythril/)
[![Oyente container Size](https://img.shields.io/microbadger/image-size/enhancedsociety/oyente.svg?label=oyente+docker+image+size)](https://hub.docker.com/r/enhancedsociety/oyente/)
[![Solidity-flattener container Size](https://img.shields.io/microbadger/image-size/enhancedsociety/solidity-flattener.svg?label=solidity-flattener+docker+image+size)](https://hub.docker.com/r/enhancedsociety/solidity-flattener/)
[![Echidna container Size](https://img.shields.io/microbadger/image-size/enhancedsociety/echidna.svg?label=echidna+docker+image+size)](https://hub.docker.com/r/enhancedsociety/echidna/)
The goal of this repo is to find a good way of integrating static analysis tools for smart contracts into CI pipelines.
Ideally, this should be be easy to pick up and use by any project using smart contracts (dapps, wallets, etc).
The main challenges to overcome appear to be:
- seamless installation and configuration of all tools
- invocation of each tool taking into account its specifics (sometimes on things as simple as where contracts need to be located)
### Strategy
Create a static binary that invokes minimal self contained docker containers for each tool. Aggregate all invocation results and present them nicely (in a webpage like [solhydra](https://github.com/BlockChainCompany/solhydra) or in a cli as to include in CI pipelines)
This way, at little to no effort to the developer a full, detailed analysis of a smart contract can be obtained.
## Key tools for linting and static analysis
- solc - compile (portable)
- Solium - lint (depends on npm)
- solgraph - function control flow visualiation (depends on npm)
- Oyente - static analysis (depends on pip)
- MAIAN - static analysis (python, but no distributable release, must get from source) (removed due to lack of maintenance)
- mythril - static analysis (depends on pip)
- echidna - fuzz tester (haskell compiled binary)
## Install
`solsa` is a rust standalone binary available on [crates.io](https://crates.io/crates/solsa), but it does depend on a few docker images it **expects** to find already installed.
To install the `solsa` command, do
```sh
cargo install solsa
```
To install the docker images it depends on do
```sh
docker pull enhancedsociety/solc
docker pull enhancedsociety/solium
docker pull enhancedsociety/solidity-flattener
docker pull enhancedsociety/oyente
docker pull enhancedsociety/mythril
docker pull enhancedsociety/echidna
```
or append the `--preload` flag to the solsa command, which will pull the docker images prior to running the analysis.
These images have been optimized for size and ease of use, so they are prepared to be run independently, and are much **much** **MUCH** smaller than their official or naively built counterparts.
## Usage
```
$ solsa -h
solsa 0.1.7
Enhanced Society
Aggregates static analysis tooling for ethereum smart contracts.
USAGE:
solsa [FLAGS] [OPTIONS] --contract-file
FLAGS:
--error-exit Exit with error code if issues are found
-h, --help Prints help information
--html Output the report as an html file
-i, --include-source Include contract sources in report
--json Output the report as JSON
-p, --preload Preload docker containers necessary for execution
--silent Do not output the report, but only basic pass/fail info
-V, --version Prints version information
OPTIONS:
-f, --contract-file Path to Solidity smart contract
-d, --depth Depth of analysis, the deeper the more thorough, but also the slower
[default: shallow] [possible values: shallow, deep, deeper, deepest]
-o
近期下载者:
相关文件:
收藏者: