Welcome to MythX CLI’s documentation!¶
A PythX-driven CLI for MythX¶
This package aims to provide a simple to use command line interface for the MythX smart contract security analysis API. It’s main purpose is to demonstrate how advanced features can be implemented using the PythX Python language bindings for MythX to simplify API interaction.
What is MythX?¶
MythX is a security analysis API that allows anyone to create purpose-built security tools for smart contract developers. Tools built on MythX integrate seamlessly into the development environments and continuous integration pipelines used throughout the Ethereum ecosystem.
Usage¶
$ mythx
Usage: mythx [OPTIONS] COMMAND [ARGS]...
Your CLI for interacting with https://mythx.io/
Options:
--debug Provide additional debug output
--access-token TEXT Your access token generated from the MythX
dashboard
--eth-address TEXT Your MythX account's Ethereum address
--password TEXT Your MythX account's password as set in the
dashboard
--format [simple|json|json-pretty|table]
The format to display the results in
[default: table]
--ci Return exit code 1 if high-severity issue is
found
-y, --yes Do not prompt for any confirmations
-o, --output TEXT Output file to write the results into
--help Show this message and exit.
Commands:
analysis Get information on running and finished analyses.
analyze Analyze the given directory or arguments with MythX.
group Create, modify, and view analysis groups.
version Display API version information.
Installation¶
The MythX CLI runs on Python 3.6+, including 3.8-dev and pypy.
To get started, simply run
$ pip3 install mythx-cli
Alternatively, clone the repository and run
$ pip3 install .
Or directly through Python’s setuptools
:
$ python3 setup.py install
- Free software: MIT license
- Documentation: https://mythx-cli.readthedocs.io.
Installation¶
Stable release¶
To install MythX CLI, run this command in your terminal:
$ pip install mythx-cli
This is the preferred method to install MythX CLI, as it will always install the most recent stable release.
If you don’t have pip installed, this Python installation guide can guide you through the process.
From sources¶
The sources for MythX CLI can be downloaded from the Github repo.
You can either clone the public repository:
$ git clone git://github.com/dmuhs/mythx-cli
Or download the tarball:
$ curl -OL https://github.com/dmuhs/mythx-cli/tarball/master
Once you have a copy of the source, you can install it with:
$ python setup.py install
Usage¶
Authentication¶
Basic MythX services are free of charge. No payment information or email address are required and you can start using MythX right away by signing up for an account here. Once set up, head over to the dashboard. In the Profile section various means of authentication are presented.
Using Access Tokens¶
This is the recommended way of authenticating with the MythX smart contract analysis API. In the Profile section there is an elements labeled “MythX API Key”. To generate a new API key, the account password must be entered:
On successful authentication a new JWT token is generated, which can be used for further authentication by API clients. It will only be shown once and can be copied using the icon on the right of the truncated secret string. If the token is lost, a new one can be generated again in the same way as explained above.
This key can be passed to the MythX CLI either as an environment variable
names MYTHX_ACCESS_TOKEN
or as an explicit parameter
--access-token
.
For security reasons it is recommended to always pass the token through an
environment variable, e.g. defined in the settings of a Continuous Integration (CI)
server or a shell script that can be sourced from.
Using Address and Password (not recommended)¶
Alternatively, username and password can be used for authentication. This is not recommended as a potential attacker can get access to the MythX account as a whole if these credentials are leaked. For compatibility reasons this functionality has been included, however it is to be expected that this API feature will be disabled in the future.
The username corresponds to the Ethereum address the MythX account has been
registered under, and the password is the one that has been set during
registration, or separately in the MythX dashboard.
Both can be passed either explicitly using the --eth-address
and --password
option respectively, or by setting the
MYTHX_ETH_ADDRESS
and MYTHX_PASSWORD
environment variables.
Note that if username and password, as well as an access token are given, the access token will always take precedence and no login action using the provided credentials will be performed.
The Analysis Functionality¶
Submitting Analyses¶
$ mythx analyze --help
Usage: mythx analyze [OPTIONS] [TARGET]...
Analyze the given directory or arguments with MythX.
Options:
--async / --wait Submit the job and print the UUID, or wait for
execution to finish
--mode [quick|full] [default: quick]
--group-id TEXT The group ID to add the analysis to
--group-name TEXT The group name to attach to the analysis
--min-severity TEXT Ignore SWC IDs below the designated level
--swc-blacklist TEXT A comma-separated list of SWC IDs to ignore
--solc-version TEXT The solc version to use for Solidity compilation
--help Show this message and exit.
Submit a new analysis to the MythX API.
This command works in different scenarios, simply by calling mythx analyze
:
- Either
truffle-config.js
ortruffle.js
are found in the directory. In this case, the MythX CLI checks the<project_dir>/build/contracts
path for artifact JSON files generated by thetruffle compile
command. For each artifact found a new job is submitted to the MythX API. - If no Truffle project can be detected, the MythX CLI will automatically
enumerate all Solidity files (having the
.sol
extension) in the current directory and all subdirectories. A prompt will be displayed asking the user to confirm the submission of the number of smart contracts found. This is done to make sure a user does not accidentally submit a huge repository of Solidity files (unless they actually want it). For automation purposes the prompt can be automatically confirmed by providing the-y/--yes
option, e.g.mythx --yes analyze
. - To analyze specific Solidity files or bytecode, data can also explicitly
be passed to the
analyze
subcommand. The argument can be a list of creation bytecode strings (beginning with0x
) and Solidity files (valid files ending with with.sol
). The arguments can have arbitrary order and for each a new analysis request will be submitted. Otherwise, a directory may be passed. The MythX CLI will then proceed to recursively enumerate all Solidity files in the given directory and add them for submission, similar to the previous point.
If a Solidity file is analyzed in any of the given scenarios, the MythX CLI
will attempt to automatically compile the file and obtain data such as the
creation bytecode and the Solidity AST to enrich the request data
submitted to the MythX API.
This will increase the number of detected issues (as e.g. symbolic execution
tools in the MythX backend can pick up on the bytecode), as well as reduce
the number of false positive issues. The MythX CLI will try to infer the
solc
version based on the pragma set in the source code.
Fetching the Analysis Status¶
Usage: mythx analysis status [OPTIONS] [UUIDS]...
Options:
--help Show this message and exit.
This subcommand prints the status of an already submitted analysis.:
$ mythx --format=simple analysis status 381eff48-04db-4f81-a417-8394b6614472
UUID: 381eff48-04db-4f81-a417-8394b6614472
Submitted at: 2019-09-05 20:34:27.606000+00:00
Status: Finished
By default a simple text representation is printed to stdout.
More data on the MythX API’s status response can be obtained by specifying
a different output format such as json-pretty
.
Fetching Analysis Reports¶
Usage: mythx analysis report [OPTIONS] [UUIDS]...
Options:
--help Show this message and exit.
This subcommand prints the report of one or more finished analyses in the user-specified format. By default, it will print a tabular representation of the report to stdout:
$ mythx analysis report f9e69a6a-2339-43b0-ad03-125c6cf81a70
Report for /home/circleci/project/contracts/token.sol
https://dashboard.mythx.io/#/console/analyses/f9e69a6a-2339-43b0-ad03-125c6cf81a70
╒════════╤═══════════════════════════════════╤════════════╤═══════════════════════════════════════════╕
│ Line │ SWC Title │ Severity │ Short Description │
╞════════╪═══════════════════════════════════╪════════════╪═══════════════════════════════════════════╡
│ 14 │ Integer Overflow and Underflow │ High │ The binary addition can overflow. │
├────────┼───────────────────────────────────┼────────────┼───────────────────────────────────────────┤
│ 13 │ Integer Overflow and Underflow │ High │ The binary subtraction can underflow. │
├────────┼───────────────────────────────────┼────────────┼───────────────────────────────────────────┤
│ 1 │ Floating Pragma │ Low │ A floating pragma is set. │
├────────┼───────────────────────────────────┼────────────┼───────────────────────────────────────────┤
│ 5 │ State Variable Default Visibility │ Low │ The state variable visibility is not set. │
╘════════╧═══════════════════════════════════╧════════════╧═══════════════════════════════════════════╛
The simple
format option will also resolve the report’s source map
locations to the corresponding line and column numbers in the Solidity
source file.
This is only possible if the user has specified the source map in their
request and is passing the Solidity source code as text.:
$ mythx --format=simple analysis report ab9092f7-54d0-480f-9b63-1bb1508280e2
UUID: ab9092f7-54d0-480f-9b63-1bb1508280e2
Title: Assert Violation (Low)
Description: It is possible to trigger an exception (opcode 0xfe). Exceptions can be caused by type errors, division by zero, out-of-bounds array access, or assert violations. Note that explicit `assert()` should only be used to check invariants. Use `require()` for regular input checking.
/home/spoons/diligence/mythx-qa/land/contracts/estate/EstateStorage.sol:24
mapping(uint256 => uint256[]) public estateLandIds;
Listing Past Analyses¶
Usage: mythx analysis list [OPTIONS]
Options:
--number INTEGER RANGE The number of most recent analysis jobs to display
--help Show this message and exit.
This subcommand lists the past analyses associated to the current user.
By default this subcommand will list the past five analyses associated to
the authenticated user account.
The number of returned analyses can be updated by passing the
--number
option.
It is worth noting that at the time of writing this document the API only
returns 20 analysis status objects per call.
If a number greater than this is passed to mythx analysis list
,
the MythX CLI will automatically query the next page until the desired
number is reached.
To prevent too many network requests, the maximum number of analyses that can be fetched it capped at 100.:
$ mythx analysis list
╒══════════════════════════════════════╤══════════╤═════════════════╤══════════════════════════════════╕
│ ac5af0dd-bd78-4cfb-b4ed-32f21216aaf6 │ Finished │ mythx-cli-0.2.1 │ 2019-10-30 09:41:36.165000+00:00 │
├──────────────────────────────────────┼──────────┼─────────────────┼──────────────────────────────────┤
│ 391db48f-9e89-424f-8063-7626fdd2051e │ Finished │ mythx-cli-0.2.1 │ 2019-10-30 09:40:59.868000+00:00 │
├──────────────────────────────────────┼──────────┼─────────────────┼──────────────────────────────────┤
│ 5a1fc208-7a7f-425a-bbc5-8512e5c37b50 │ Finished │ mythx-cli-0.2.1 │ 2019-10-30 09:40:06.092000+00:00 │
├──────────────────────────────────────┼──────────┼─────────────────┼──────────────────────────────────┤
│ 1667a99d-6335-4a71-aa78-0d729e25b8e1 │ Finished │ mythx-cli-0.2.1 │ 2019-10-30 09:39:47.736000+00:00 │
├──────────────────────────────────────┼──────────┼─────────────────┼──────────────────────────────────┤
│ fa88b710-e423-4535-a7b1-0c8c71833724 │ Finished │ mythx-cli-0.2.1 │ 2019-10-30 09:38:23.064000+00:00 │
╘══════════════════════════════════════╧══════════╧═════════════════╧══════════════════════════════════╛
The Grouping Functionality¶
Usage: mythx group [OPTIONS] COMMAND [ARGS]...
Create, modify, and view analysis groups.
Options:
--help Show this message and exit.
Commands:
close Close/seal an existing group.
list Get a list of analysis groups.
open Create a new group to assign future analyses to.
status Get the status of an analysis group.
A group can be regarded as a batch of analyses. They is supposed to capture groups of related analyses and display them in an easy-to-read overview in the MythX dashboard overview.
Opening Groups¶
To open a new group, simply type:
$ mythx group open "super important"
Opened group with ID 5df7c8932a73230011271d27 and name 'super important'
The name is optional and can be omitted if not needed.
Adding Analyses to a Group¶
To analyze a sample, simply pass the group ID (and optionally the name)
as parameters to the mythx analyze
call:
This will associate the individual analysis jobs to the same group in the MythX Dashboard:
Closing Groups¶
After all data has been submitted, the group must be closed again:
$ mythx group close 5df7c8932a73230011271d27
Closed group with ID 5df7c8932a73230011271d27 and name 'super important'
MythX analysis groups will always stay open until explicitly closed.
Fetching the Group Status¶
$ mythx group status 5e0f761d5171cc001109dd18
╒══════════════════════════════════╤═════════════════════════════════════════════════╕
│ ID │ 5e0f761d5171cc001109dd18 │
├──────────────────────────────────┼─────────────────────────────────────────────────┤
│ Name │ <unnamed> │
├──────────────────────────────────┼─────────────────────────────────────────────────┤
│ Creation Date │ 2020-01-03 17:13:01+0000 │
├──────────────────────────────────┼─────────────────────────────────────────────────┤
│ Created By │ 5c2e4e843204d7001402aedc │
├──────────────────────────────────┼─────────────────────────────────────────────────┤
│ Progress │ 100/100 │
├──────────────────────────────────┼─────────────────────────────────────────────────┤
│ Main Sources │ /home/x-dag-ts/project/contracts/sample-127.sol │
├──────────────────────────────────┼─────────────────────────────────────────────────┤
│ Status │ Sealed │
├──────────────────────────────────┼─────────────────────────────────────────────────┤
│ Queued Analyses │ 0 │
├──────────────────────────────────┼─────────────────────────────────────────────────┤
│ Running Analyses │ 0 │
├──────────────────────────────────┼─────────────────────────────────────────────────┤
│ Failed Analyses │ 0 │
├──────────────────────────────────┼─────────────────────────────────────────────────┤
│ Finished Analyses │ 6 │
├──────────────────────────────────┼─────────────────────────────────────────────────┤
│ Total Analyses │ 6 │
├──────────────────────────────────┼─────────────────────────────────────────────────┤
│ High Severity Vulnerabilities │ 3 │
├──────────────────────────────────┼─────────────────────────────────────────────────┤
│ Medium Severity Vulnerabilities │ 1 │
├──────────────────────────────────┼─────────────────────────────────────────────────┤
│ Low Severity Vulnerabilities │ 8 │
├──────────────────────────────────┼─────────────────────────────────────────────────┤
│ Unknown Severity Vulnerabilities │ 0 │
╘══════════════════════════════════╧═════════════════════════════════════════════════╛
This subcommand fetches status information on one of multiple given group IDs. This will show an overview over the submission time, analysis progress, the group status, as well as various statistics over the number of Vulnerabilities that have been found once the analysis is completed.
Listing Groups¶
$ mythx group list
╒══════════════════════════╤════════╤════════════════╤══════════════════════════╕
│ 5e0f761dae12730019ac7c95 │ sealed │ token.sol │ 2020-01-03 17:13:01+0000 │
├──────────────────────────┼────────┼────────────────┼──────────────────────────┤
│ 5e0f7398bf92eb00111df09f │ sealed │ token.sol │ 2020-01-03 17:02:16+0000 │
╘══════════════════════════╧════════╧════════════════╧══════════════════════════╛
This will show an overview over all the user-defined groups.
It behaves similar to the analysis list command, and the maximum number of
returned results can also be updated by passing the --number
option.
Format Options¶
A format option is passed to the --format
option of the
mythx
root command. E.g.:
$ mythx --format json-pretty analysis report ab9092f7-54d0-480f-9b63-1bb1508280e2
This will print the report for the given analysis job UUID in pretty-printed JSON format to stdout. Currently the following formatters are available:
tabular
(default): Print the results in a pretty (extended) ASCII table.simple
: Print the results in simple plain text (easy to grep). This does not include all result data but a subset of it that seems relevant for most use-cases.json
: Print all of the result data as a single-line JSON string to stdout.json-pretty
: The same asjson
, just pretty-printed, with an indentation of two spaces and alphabetically sorted object keys.
API Version Information¶
Usage: mythx version [OPTIONS]
Options:
--help Show this message and exit.
This subcommand hits the MythX API’s /version
endpoint and obtains
version information on the API. This can be especially useful for continuous
scans as the backend tool capabilities of MythX are constantly being improved.
This means that it’s a good idea to rerun old scans with newer versions of
MythX as potentially more vulnerabilities can be found, false positives are
removed, and additional helpful data can be returned.
The MythX team has included a hash of all versions so changes are easily noticed simply by comparing the hash an analysis has run under with the one returned by the API.:
$ mythx version
API: v1.4.34.4
Harvey: 0.0.33
Maru: 0.5.3
Mythril: 0.21.14
Hashed: 00c17c8b0ae13bebc9a7f678d8ee55db
This output can be adapted using the --format
parameter as well to
fetch e.g. JSON output for easier parsing.
The MythX CLI¶
mythx_cli package¶
Subpackages¶
mythx_cli.formatter package¶
mythx_cli.formatter.base¶
This module contains the base formatter interface.
-
class
mythx_cli.formatter.base.
BaseFormatter
[source]¶ Bases:
abc.ABC
The base formatter interface for printing various response types.
-
static
format_analysis_list
(obj: mythx_models.response.analysis_list.AnalysisListResponse)[source]¶ Format an analysis list response.
-
static
format_analysis_status
(resp: mythx_models.response.analysis_status.AnalysisStatusResponse) → str[source]¶ Format an analysis status response.
-
static
mythx_cli.formatter.json¶
This module contains the compressed and pretty-printing JSON formatters.
-
class
mythx_cli.formatter.json.
JSONFormatter
[source]¶ Bases:
mythx_cli.formatter.base.BaseFormatter
-
static
format_analysis_list
(resp: mythx_models.response.analysis_list.AnalysisListResponse) → str[source]¶ Format an analysis list response as compressed JSON.
-
static
format_analysis_status
(resp: mythx_models.response.analysis_status.AnalysisStatusResponse) → str[source]¶ Format an analysis status response as compressed JSON.
-
static
format_detected_issues
(resp: mythx_models.response.detected_issues.DetectedIssuesResponse, inp: mythx_models.response.analysis_input.AnalysisInputResponse) → str[source]¶ Format an issue report response as compressed JSON.
-
static
format_group_list
(resp: mythx_models.response.group_list.GroupListResponse)[source]¶ Format a group list response as compressed JSON.
-
static
-
class
mythx_cli.formatter.json.
PrettyJSONFormatter
[source]¶ Bases:
mythx_cli.formatter.base.BaseFormatter
-
static
format_analysis_list
(obj: mythx_models.response.analysis_list.AnalysisListResponse) → str[source]¶ Format an analysis list response as pretty-printed JSON.
-
static
format_analysis_status
(obj: mythx_models.response.analysis_status.AnalysisStatusResponse) → str[source]¶ Format an analysis status response as pretty-printed JSON.
-
static
format_detected_issues
(obj: mythx_models.response.detected_issues.DetectedIssuesResponse, inp: mythx_models.response.analysis_input.AnalysisInputResponse)[source]¶ Format an issue report response as pretty-printed JSON.
-
static
format_group_list
(resp: mythx_models.response.group_list.GroupListResponse)[source]¶ Format a group list response as pretty-printed JSON.
-
static
mythx_cli.formatter.simple_stdout¶
This module contains a simple text formatter class printing a subset of the response data.
-
class
mythx_cli.formatter.simple_stdout.
SimpleFormatter
[source]¶ Bases:
mythx_cli.formatter.base.BaseFormatter
-
static
format_analysis_list
(resp: mythx_models.response.analysis_list.AnalysisListResponse) → str[source]¶ Format an analysis list response to a simple text representation.
-
static
format_analysis_status
(resp: mythx_models.response.analysis_status.AnalysisStatusResponse) → str[source]¶ Format an analysis status response to a simple text representation.
-
static
format_detected_issues
(resp: mythx_models.response.detected_issues.DetectedIssuesResponse, inp: mythx_models.response.analysis_input.AnalysisInputResponse) → str[source]¶ Format an issue report to a simple text representation.
-
static
format_group_list
(resp: mythx_models.response.group_list.GroupListResponse)[source]¶ Format an analysis group response to a simple text representation.
-
static
mythx_cli.formatter.tabular¶
This module contains a tabular data formatter class printing a subset of the response data.
-
class
mythx_cli.formatter.tabular.
TabularFormatter
[source]¶ Bases:
mythx_cli.formatter.base.BaseFormatter
-
static
format_analysis_list
(resp: mythx_models.response.analysis_list.AnalysisListResponse) → str[source]¶ Format an analysis list response to a tabular representation.
-
static
format_analysis_status
(resp: mythx_models.response.analysis_status.AnalysisStatusResponse) → str[source]¶ Format an analysis status response to a tabular representation.
-
static
format_detected_issues
(resp: mythx_models.response.detected_issues.DetectedIssuesResponse, inp: mythx_models.response.analysis_input.AnalysisInputResponse) → str[source]¶ Format an issue report to a tabular representation.
-
static
format_group_list
(resp: mythx_models.response.group_list.GroupListResponse)[source]¶ Format an analysis group response to a tabular representation.
-
static
mythx_cli.payload package¶
mythx_cli.payload.bytecode¶
This module contains functions to generate bytecode-only analysis request payloads.
mythx_cli.payload.solidity¶
This module contains functions to generate Solidity-related payloads.
-
mythx_cli.payload.solidity.
generate_solidity_payload
(file, version)[source]¶ Generate a MythX analysis request from a given Solidity file.
This function will open the file, try to detect the used solc version from the pragma definition, and automatically compile it. If the given solc version is not installed on the client’s system, it will be automatically downloaded.
From the solc output, the following data is sent to the MythX API for analysis:
abi
ast
bin
bin-runtime
srcmap
srcmap-runtime
Parameters: file – The path pointing towards the Solidity file Returns: The payload dictionary to be sent to MythX
mythx_cli.payload.truffle¶
This module contains functions to generate payloads for Truffle projects.
-
mythx_cli.payload.truffle.
generate_truffle_payload
(file)[source]¶ Generate a MythX analysis request payload based on a truffle build artifact.
This will send the following artifact entries to MythX for analysis:
contractName
bytecode
deployedBytecode
sourceMap
deployedSourceMap
sourcePath
source
ast
legacyAST
- the compiler version
Parameters: file – The path to the Truffle build artifact Returns: The payload dictionary to be sent to MythX
mythx_cli.cli¶
The main runtime of the MythX CLI.
-
mythx_cli.cli.
find_solidity_files
(project_dir)[source]¶ Return all Solidity files in the given directory.
This will match all files with the .sol extension.
Parameters: project_dir – The directory to search in Returns: Solidity files in project_dir or None
-
mythx_cli.cli.
find_truffle_artifacts
(project_dir)[source]¶ Look for a Truffle build folder and return all relevant JSON artifacts.
This function will skip the Migrations.json file and return all other files under
<project-dir>/build/contracts/
. If no files were found,None
is returned.Parameters: project_dir – The base directory of the Truffle project Returns: Files under <project-dir>/build/contracts/
orNone
-
mythx_cli.cli.
sanitize_paths
(job)[source]¶ Remove the common prefix from paths.
This method takes a job payload, iterates through all paths, and removes all their common prefixes. This is an effort to only submit information on a need-to-know basis to MythX. Unless it’s to distinguish between files, the API does not need to know the absolute path of a file. This may even leak user information and should be removed.
If a common prefix cannot be found (e.g. if there is just one element in the source list), the relative path from the current working directory will be returned.
This concerns the following fields: - sources - AST absolute path - legacy AST absolute path - source list - main source
Parameters: job – The payload to sanitize
mythx_cli.util¶
Contributing¶
Contributions are welcome, and they are greatly appreciated! Every little bit helps, and credit will always be given.
You can contribute in many ways:
Types of Contributions¶
Report Bugs¶
Report bugs at https://github.com/dmuhs/mythx-cli/issues.
If you are reporting a bug, please include:
- Your operating system name and version.
- Any details about your local setup that might be helpful in troubleshooting.
- Detailed steps to reproduce the bug.
Fix Bugs¶
Look through the GitHub issues for bugs. Anything tagged with “bug” and “help wanted” is open to whoever wants to implement it.
Implement Features¶
Look through the GitHub issues for features. Anything tagged with “enhancement” and “help wanted” is open to whoever wants to implement it.
Write Documentation¶
MythX CLI could always use more documentation, whether as part of the official MythX CLI docs, in docstrings, or even on the web in blog posts, articles, and such.
Submit Feedback¶
The best way to send feedback is to file an issue at https://github.com/dmuhs/mythx-cli/issues.
If you are proposing a feature:
- Explain in detail how it would work.
- Keep the scope as narrow as possible, to make it easier to implement.
- Remember that this is a volunteer-driven project, and that contributions are welcome :)
Get Started!¶
Ready to contribute? Here’s how to set up mythx-cli for local development.
Fork the mythx-cli repo on GitHub.
Clone your fork locally:
$ git clone git@github.com:your_name_here/mythx-cli.git
Install your local copy into a virtualenv. Assuming you have virtualenvwrapper installed, this is how you set up your fork for local development:
$ mkvirtualenv mythx-cli $ cd mythx-cli/ $ python setup.py develop
Create a branch for local development:
$ git checkout -b name-of-your-bugfix-or-feature
Now you can make your changes locally.
When you’re done making changes, check that your changes pass flake8 and the tests, including testing other Python versions with tox:
$ flake8 mythx_cli tests $ python setup.py test or py.test $ tox
To get flake8 and tox, just pip install them into your virtualenv.
Commit your changes and push your branch to GitHub:
$ git add . $ git commit -m "Your detailed description of your changes." $ git push origin name-of-your-bugfix-or-feature
Submit a pull request through the GitHub website.
Pull Request Guidelines¶
Before you submit a pull request, check that it meets these guidelines:
- The pull request should include tests.
- If the pull request adds functionality, the docs should be updated. Put your new functionality into a function with a docstring, and add the feature to the list in README.rst.
- The pull request should work for Python 3.6, 3.7, the 3.8-dev branch, and for PyPy. Check https://travis-ci.org/dmuhs/mythx-cli/pull_requests and make sure that the tests pass for all supported Python versions.
Deploying¶
A reminder for the maintainers on how to deploy. Make sure all your changes are committed (including an entry in HISTORY.rst). Then run:
$ bumpversion patch # possible: major / minor / patch
$ git push
$ git push --tags
Travis will then deploy to PyPI if tests pass.
Credits¶
Development Lead¶
- Dominik Muhs <dominik.muhs@consensys.net>
Contributors¶
None yet. Why not be the first?
History¶
0.5.0 (2020-01-14)¶
- Add
--create-group
flag to analyze subcommand - Add privacy feature to truncate paths in submission
- Support Truffle projects as target directories
- Add SonarQube output format option
- Revamp usage documentation
- Update coverage to 5.0.3
- Update package details
0.4.1 (2020-01-03)¶
- Add batch directory submission feature
- Add a
--yes
flag to skip confirmation messages
0.4.0 (2020-01-02)¶
- Add
--output
flag to print to file - Refactor test suite
- Update coverage to 5.0.1
- Update Sphinx to 2.3.1
- Update tox to 3.14.3
0.3.0 (2019-12-16)¶
- Add links to MythX dashboard in formatters
- Add support for analysis groups
- Split up logic in subcommands (analysis and group)
- Add CI flag to return 1 on high-severity issues
- Add parameter to blacklist SWC IDs
- Fix bug where
--solc-version
parameter did not work - Refactor test suite
- Update pytest to 5.3.1
- Update Sphinx to 2.3.0
0.2.1 (2019-10-04)¶
- Update PythX to 1.3.2
0.2.0 (2019-10-04)¶
- Update PythX to 1.3.1
- Add tabular format option as new pretty default
- Update pytest to 5.2.0
- Various bugfixes
0.1.8 (2019-09-16)¶
- Update dependencies to account for new submodules
0.1.7 (2019-09-16)¶
- Update pythx from 1.2.4 to 1.2.5
- Clean stale imports, fix formatting issues
0.1.6 (2019-09-15)¶
- Improve CLI docstrings
- Add more formatter-related documentation
0.1.5 (2019-09-15)¶
- Add autodoc to Sphinx setup
- Add middleware for tool name field
- Enable pypy3 support
- Add more verbose documentation
- Allow username/password login
0.1.4 (2019-09-13)¶
- Fix Atom’s automatic Python import sorting (broke docs)
0.1.3 (2019-09-13)¶
- Fix faulty version generated by bumpversion
0.1.2 (2019-09-13)¶
- Fix bumpversion regex issue
0.1.1 (2019-09-13)¶
- Initial implementation
- Integrated Travis, PyUp, PyPI upload
0.1.0 (2019-08-31)¶
- First release on PyPI.