sway-analyzer
所属分类:Rust编程
开发工具:Rust
文件大小:0KB
下载次数:0
上传日期:2023-09-27 16:41:43
上 传 者:
sh-1993
说明: Sway的以安全为中心的静态分析器,用Rust.编写。,
(A security-focused static analyzer for Sway written in Rust.,)
文件列表:
.vscode/ (0, 2023-12-07)
.vscode/settings.json (36, 2023-12-07)
Cargo.toml (467, 2023-12-07)
LICENSE (34523, 2023-12-07)
assets/ (0, 2023-12-07)
assets/banner.png (111755, 2023-12-07)
assets/logo.png (45993, 2023-12-07)
src/ (0, 2023-12-07)
src/detectors/ (0, 2023-12-07)
src/detectors/arbitrary_asset_transfer.rs (7446, 2023-12-07)
src/detectors/arbitrary_code_execution.rs (12660, 2023-12-07)
src/detectors/boolean_comparison.rs (1954, 2023-12-07)
src/detectors/discarded_assignment.rs (12970, 2023-12-07)
src/detectors/division_before_multiplication.rs (5379, 2023-12-07)
src/detectors/explicit_return_statement.rs (2931, 2023-12-07)
src/detectors/external_call_in_loop.rs (6780, 2023-12-07)
src/detectors/inline_assembly_usage.rs (921, 2023-12-07)
src/detectors/large_literal.rs (1563, 2023-12-07)
src/detectors/locked_native_asset.rs (4038, 2023-12-07)
src/detectors/magic_number.rs (2688, 2023-12-07)
src/detectors/manipulatable_balance_usage.rs (6107, 2023-12-07)
src/detectors/missing_logs.rs (7253, 2023-12-07)
src/detectors/mod.rs (4061, 2023-12-07)
src/detectors/msg_amount_in_loop.rs (7355, 2023-12-07)
src/detectors/non_zero_identity_validation.rs (35443, 2023-12-07)
src/detectors/potential_infinite_loop.rs (15081, 2023-12-07)
src/detectors/redundant_comparison.rs (8529, 2023-12-07)
src/detectors/redundant_storage_access.rs (6984, 2023-12-07)
src/detectors/storage_field_mutability.rs (6925, 2023-12-07)
src/detectors/storage_not_updated.rs (10152, 2023-12-07)
src/detectors/storage_read_in_loop_condition.rs (3145, 2023-12-07)
src/detectors/strict_equality.rs (3531, 2023-12-07)
src/detectors/unchecked_call_payload.rs (14311, 2023-12-07)
src/detectors/unprotected_initialization.rs (3476, 2023-12-07)
src/detectors/unprotected_storage_variable.rs (18068, 2023-12-07)
src/detectors/unsafe_timestamp_usage.rs (3265, 2023-12-07)
src/detectors/unused_import.rs (12105, 2023-12-07)
src/detectors/weak_prng.rs (8610, 2023-12-07)
... ...
# ![](https://github.com/camden-smallwood/sway-analyzer/blob/master/assets/banner.png)
A security-focused static analyzer for Sway written in Rust. The tool makes use of the existing [`sway-ast`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/FuelLabs/sway/tree/master/sway-ast) and [`sway-parse`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/FuelLabs/sway/tree/master/sway-parse) crates in order to parse Sway source code into its abstract syntax tree (AST). A recursive AST visitor is implemented on top of this, which will walk the AST structures top-down in a context-sensitive manner. Detectors leverage the AST visitor in order to implement their logic by inspecting the values contained in certain parts of the AST structures.
## Requirements
The `sway-analyzer` binary requires the Rust compiler and its package manager, cargo.
See the [Rust Install](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://www.rust-lang.org/tools/install) page for installation options.
## Installation
The `sway-analyzer` binary can be installed using the following commands:
```bash
cargo install sway-analyzer
```
The `sway-analyzer` binary can be uninstalled using the following command:
```bash
cargo uninstall sway-analyzer
```
## Usage
`sway-analyzer [OPTIONS]`
| Flags | |
|-|-|
| `-h`, `--help` | Prints help information |
| `-V`, `--version` | Prints version information |
| Options | |
|-|-|
| `--detectors ...` | The specific detectors to utilize. (Optional; Leave unused for all) |
| `--directory ` | The path to the Forc project directory. (Optional) |
| `--display-format ` | The display format of the report. Can be "Text" or "Json". (Default = Text) |
| `--files ...` | The paths to the Sway source files. (Optional) |
| `--sorting ` | The order to sort report entries by. Can be "Line" or "Severity". (Default = Line) |
## Detectors
| Color | Severity |
|-|-|
| | High |
| | Medium |
| | Low |
| | Name | Description |
|-|-|-|
| | [`arbitrary_asset_transfer`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#arbitrary-asset-transfer) | Checks for functions that transfer native assets to an arbitrary address without access restriction. |
| | [`arbitrary_code_execution`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#arbitrary-code-execution) | Checks for functions that make use of the `LDC` assembly instruction without access restriction. |
| | [`boolean_comparison`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#boolean-comparison) | Checks if an expression contains a comparison with a boolean literal, which is unnecessary. |
| | [`discarded_assignment`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#discarded-assignment) | Checks for variables that are assigned to without being utilized. |
| | [`division_before_multiplication`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#division-before-multiplication) | Checks for division operations before multiplications, which can result in value truncation. |
| | [`explicit_return_statement`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#explicit-return-statement) | Checks for functions that end with explicit `return` statements, which is unnecessary. |
| | [`external_call_in_loop`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#external-call-in-loop) | Checks if any functions contain any loops which performs calls to external functions. |
| | [`inline_assembly_usage`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#inline-assembly-usage) | Checks functions for inline assembly usage. |
| | [`large_literal`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#large-literal) | Checks for expressions that contain large literal values, which may be difficult to read or interpreted incorrectly. |
| | [`locked_native_asset`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#locked-native-asset) | Checks if a contract can withdraw potential incoming native assets. |
| | [`magic_number`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#magic-number) | Checks for expressions that contain irregular numerical constants that can be introduced as named constants. |
| | [`manipulatable_balance_usage`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#manipulatable-balance-usage) | Checks if any functions contain balance usage which can potentially be manipulated. |
| | [`missing_logs`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#missing-logs) | Checks for publicly-accessible functions that make changes to storage variables without emitting logs. |
| | [`msg_amount_in_loop`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#msg-amount-in-loop) | Checks for calls to `std::context::msg_amount()` or `std::registers::balance()` inside a while loop. In most cases, the result of the call should be stored in a local variable and decremented over each loop iteration. |
| | [`non_zero_identity_validation`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#non-zero-identity-validation) | Checks to see if functions containing `Identity`, `Address` and `ContractId` parameters are checked for a zero value. |
| | [`potential_infinite_loop`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#potential-infinite-loop) | Checks for potentially infinite loops. |
| | [`redundant_comparison`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#redundant-comparison) | Checks for functions that make redundant comparisons. |
| | [`redundant_storage_access`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#redundant-storage-access) | Checks for redundant calls to `storage.x.read()` and `storage.x.write(x)`. |
| | [`storage_field_mutability`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#storage-field-mutability) | Checks for any storage fields that can be refactored into constants or configurable fields. |
| | [`storage_not_updated`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#storage-not-updated) | Checks for local variables that are read from storage, then modified without being written back to storage. |
| | [`storage_read_in_loop_condition`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#storage-read-in-loop-condition) | Checks for loops that contain a storage read in their condition, which can increase gas costs for each iteration. |
| | [`strict_equality`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#strict-equality) | Checks for the use of strict equalities, which can be manipulated by an attacker. |
| | [`unchecked_call_payload`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#unchecked-call-payload) | Checks for functions that supply a `raw_ptr` argument to the `CALL` assembly instruction, or a `Bytes` argument without checking its length. |
| | [`unprotected_initialization`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#unprotected-initialization) | Checks for initializer functions that can be called without requirements. |
| | [`unprotected_storage_variable`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#unprotected-storage-variable) | Checks for functions that make changes to storage variables without access restriction. |
| | [`unsafe_timestamp_usage`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#unsafe-timestamp-usage) | Checks for dependence on `std::block::timestamp` or `std::block::timestamp_of_block`, which can be manipulated by an attacker. |
| | [`unused_import`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#unused-import) | Checks for imported symbols that are not used. |
| | [`weak_prng`](https://github.com/camden-smallwood/sway-analyzer/blob/master/https://github.com/camden-smallwood/sway-analyzer/wiki/Detectors#weak-prng) | Checks for weak PRNG due to a modulo operation on a block timestamp. |
近期下载者:
相关文件:
收藏者: