文件列表:

Gopkg.lock (2590, 2018-10-14)
Gopkg.toml (756, 2018-10-14)
LICENSE (1069, 2018-10-14)
Makefile (153, 2018-10-14)
Solidity.g4 (11327, 2018-10-14)
analyzers (0, 2018-10-14)
analyzers\analyzers.go (625, 2018-10-14)
analyzers\call_graph_analyzer.go (6800, 2018-10-14)
analyzers\compiler_version_analyzer.go (6959, 2018-10-14)
analyzers\function_visibility_analyzer.go (1565, 2018-10-14)
analyzers\issue.go (1195, 2018-10-14)
emulator (0, 2018-10-14)
emulator\binary_operation.go (1106, 2018-10-14)
emulator\contract_definition.go (657, 2018-10-14)
emulator\emulator.go (3340, 2018-10-14)
emulator\emulator_events.go (823, 2018-10-14)
emulator\expression.go (680, 2018-10-14)
emulator\function_call.go (1787, 2018-10-14)
emulator\function_definition.go (909, 2018-10-14)
emulator\math.go (2032, 2018-10-14)
emulator\primary_expression.go (641, 2018-10-14)
emulator\simple_statement.go (416, 2018-10-14)
emulator\stack.go (910, 2018-10-14)
emulator\state_variable_declaration.go (484, 2018-10-14)
emulator\value.go (2420, 2018-10-14)
emulator\variable.go (1971, 2018-10-14)
emulator\variable_declaration.go (2888, 2018-10-14)
examples (0, 2018-10-14)
examples\test.sol (214, 2018-10-14)
examples\test2.sol (42, 2018-10-14)
main.go (2035, 2018-10-14)
parser (0, 2018-10-14)
parser\Solidity.tokens (2238, 2018-10-14)
parser\SolidityLexer.tokens (2238, 2018-10-14)
parser\solidity_lexer.go (68554, 2018-10-14)
parser\solidity_parser.go (344401, 2018-10-14)
reports (0, 2018-10-14)
... ...

# SolAnalyzer SolAnalyzer is a static analyzer for the Solidity programming language, with a focus on finding security bugs. **Warning**: This software is in beta and false negatives may be likely. Please keep that in mind when using this tool. ## Compile Compiling SolAnalyzer requires Go and GoDep. Once those dependencies are satisfied, `make` can be run to compile the source. ## Run Running the tool looks like this: ``` $ solanalyzer --help SolAnalyzer is a static analyzer for the Solidity programming language, with a focus on finding security bugs. Usage: solanalyzer path [flags] Flags: -h, --help help for solanalyzer -v, --verbose verbose output $ solanalyzer examples/ SolAnalyzer v0.1-beta Copyright 2018 Eric Rafaloff This is beta software. Please report issues at https://github.com/EricR/solanalyzer/issues/. [2018-09-01T09:28:10-04:00] INFO Starting new session [2018-09-01T09:28:10-04:00] INFO Parsing sources [2018-09-01T09:28:10-04:00] INFO Scanning sources [2018-09-01T09:28:10-04:00] INFO Analyzing sources [2018-09-01T09:28:10-04:00] INFO Generating report === Start SolAnalyzer Report === Report Date: Sat Sep 1 9:28 AM 2018 Analyzers Run: compiler-version, function-visibility High Severity Issues -------------------- No issues Medium Severity Issues ---------------------- No issues Low Severity Issues ------------------- Title: Compiler Bug - EventStructWrongData Description: The version pragma, >0.4.22, can be satisfied by a version of the Solidity compiler that contains a known bug. If a struct is used in an event, the address of the struct is logged instead of the actual data. This bug is reported to be fixed in version 0.5.0. Source: examples/reentrancy.sol:1:23 Analyzer ID: compiler-version Instance ID: c4afc52c128cbd79b10ffeee91b937beeac479ecb8***752a8dd0dcf787bdebb8 Informational Severity Issues ----------------------------- Title: Default Function Visibility Description: No visibility is specified for function transfer(address to, uint amount) in contract Vulnerable. The default is public. It should be confirmed that this is desired, and the visibility of the function should be explicitly set. Source: examples/reentrancy.sol:6:1 Analyzer ID: function-visibility Instance ID: 747dbaef6def6d744a18***c482f1325ec704d56ceb1f1fa1b099d7a03008f8e1 Title: Default Function Visibility Description: No visibility is specified for function withdraw() in contract Vulnerable. The default is public. It should be confirmed that this is desired, and the visibility of the function should be explicitly set. Source: examples/reentrancy.sol:13:1 Analyzer ID: function-visibility Instance ID: 6d6158a6074c6d05639d365b861615cb5***8736afd27ae0a78b6633844c2f317 === End SolAnalyzer Report === ``` ## Supported Checks See [here](https://github.com/EricR/solanalyzer/wiki/Supported-Checks) for a list of issues SolAnalyzer is capable of checking for.

近期下载者：

相关文件：

评论：[我要评论] [举报此文件]

收藏者：