Comments (23)
I've created WIP pr in #55
@benstew thanks, any input/help is appreciated
from slither.
nitpick - @dguido, maybe we should also add a --version
command? Keeping things consistent with a common interface.
from slither.
added --version
command
@benstew some tools require an additional argument in cases where the output should be written to file instead of stdout. This would also give the user more control and no 'unexpected' files would be created.
from slither.
I think we should keep the exclusion rules related to the severity, such as --exclude-informational
.
When reviewing for a first time a codebase, you probably want to focus only on security issues
from slither.
@disconnect3d I agree, imho this a very consistent way.
@montyly going to update the --exclude detector-name..
behaviour but I'm not quite sure that we need --list-{printers,detectors} commands as the values are already displayed in the help.
from slither.
I've added --list-{printers,detectors}
and utilised the already available output_to_markdown
method and adapted it for printers, let me know if this ok.
Also I played a bit around with json output and I think the current behaviour is just fine, i.e --json results.json
instead of adding a new --output
flag. This is because printers print to stdout by default and this would require a bit more work. I'm becoming more and more unsure if this should be added.
You can also ping me on slack if you want to for further discussions.
from slither.
Is there a resource with all the possible slither args? I am trying to slither with foundry so it would be helpful
from slither.
Personally I'd say this is more consistent with other tools.
I'm going to take a look at this tomorrow.
from slither.
In agreement here. I would be in favor of changing following @dguido's suggestion.
It seems like one of the only open items would be around the default --print
option. I don't think we need to overthink this, just utilizing the contract summary as the default should add utility. If another printer is sought, it's easy to update the parameters. Plus it will support the existing printer documentation quite seamlessly. Happy to lend a hand @redshark1802.
from slither.
Currently json ouput prints to a file, how should the the argument for output look like?
We would have to require one additional argument for the json output filename if json was chosen.
from slither.
@redshark1802 do you think that specifying the output filename warrants an additional required argument? Seems like we could just default to something intuitive for the time being. We can always add this functionality later based on feedback.
from slither.
from slither.
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
This issue now has a funding of 70.0 DAI (70.0 USD @ $1.0/DAI) attached to it as part of the Ethereum Community Fund via ECF Web 3.0 Infrastructure Fund fund.
- If you would like to work on this issue you can 'start work' on the Gitcoin Issue Details page.
- Want to chip in? Add your own contribution here.
- Questions? Checkout Gitcoin Help or the Gitcoin Slack
- $50,106.08 more funded OSS Work available on the Gitcoin Issue Explorer
from slither.
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
Work has been started.
These users each claimed they can complete the work by 7 months, 2 weeks from now.
Please review their action plans below:
1) redshark1802 has been approved to start work.
WIP #55
Learn more on the Gitcoin Issue Details page.
from slither.
I'm also in favor of leaving the --exclude-[LEVEL]
switches in but what about --exclude-backdoor
etc?
We still need to decide how to handle the output switch between stdout and json: should we just put the results in results.json
when json output is used or additionally ask the user for an output filename?
from slither.
I am in favor to ask the user for an output filename, and maye have results.json
as default value?
I dont have a strong opinion about the exclude-detector, but I am ok if we use the same system than for detect (--exlude detector1, detector2...
), as it allows a better control for the user.
Maybe we could also have --list-detectors
and --list-printer
to print the text description of each detector/printer?
from slither.
We could also put json on the stdout and all the other logs to stderr. This way the user could just do slither ... > output.json
.
from slither.
With each detector/printer you have an help information, which describes what the detector/printer does.
It could be useful to be able to print that description directly from the command line, so the users don't need to go back to the README page
from slither.
Hey, I merged the PR, and added some modifications on the command line (like I removed --output, to only keep --json, we will see in the future how people are using the option)
Thanks for your help and your feedback!
@mkosowsk can you validate the bounty? thx!
from slither.
You're welcome, thanks.
from slither.
@redshark1802 please submit the bounty on the Gitcoin Issue Details page and I will pay out ASAP. Thanks! :)
from slither.
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
Work for 70.0 DAI (70.0 USD @ $1.0/DAI) has been submitted by:
@mkosowsk please take a look at the submitted work:
- PR by @redshark1802
- Learn more on the Gitcoin Issue Details page
- Want to chip in? Add your own contribution here.
- Questions? Checkout Gitcoin Help or the Gitcoin Slack
- $54,694.37 more funded OSS Work available on the Gitcoin Issue Explorer
from slither.
Issue Status: 1. Open 2. Started 3. Submitted 4. Done
The funding of 70.0 DAI (70.0 USD @ $1.0/DAI) attached to this issue has been approved & issued to @redshark1802.
- Learn more on the Gitcoin Issue Details page
- Questions? Checkout Gitcoin Help or the Gitcoin Slack
- $54,624.37 more funded OSS Work available on the Gitcoin Issue Explorer
from slither.
Related Issues (20)
- Filter paths before parsing and lowering AST when possible HOT 2
- [Bug-Candidate]: Slither calls solc with non-existant option "--evm-version" HOT 2
- [Bug]: slither.core.expressions.new_contract.NewContract object's contract_name field is not str HOT 3
- [False-Positive]: `Block timestamp` and `Dangerous strict equalities` HOT 2
- add `detectors_to_include` which overrides `exclude_*`
- [Bug]: EVM printer fails for Abstract Contracts
- Monthly issue metrics report
- Regarding the issues during the slither detection process HOT 1
- [Bug- Candidate]: Failed to generate IR HOT 1
- [Bug]: ERROR:root:Top level EventDefinition not supported HOT 5
- [Bug-Candidate]: Fail to scan in a project that supports both Hardhat and Foundry, keeps deleting the `build-info` folder when `slither .` is used HOT 7
- Monthly issue metrics report
- Add Support for Integer overflow and underflow detection HOT 4
- [Bug]: ERROR:ContractSolcParsing when using same alias for import HOT 2
- [Bug-Candidate]: ERROR:SlitherSolcParsing HOT 2
- [Bug]: detector `unused-import` mistakes the interface inheritance HOT 1
- Monthly issue metrics report
- [Bug]: ERROR:SlitherSolcParsing: Failed to convert IR to SSA for EnumerableSetLib contract. HOT 1
- optimize and make sure unused-imports is accurate HOT 1
- [Bug]: info from `solc-version` detector displays misleading message HOT 3
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from slither.