mythx_cli.analyze package

mythx_cli.analyze.command

mythx_cli.analyze.command.analyze(*args, **kwargs)

Analyze the given directory or arguments with MythX.

Parameters:
  • ctx – Click context holding group-level parameters
  • target – Arguments passed to the analyze subcommand
  • async_flag – Whether to execute the analysis asynchronously
  • mode – Full or quick analysis mode
  • create_group – Create a new group for the analysis
  • group_id – The group ID to add the analysis to
  • group_name – The group name to attach to the analysis
  • min_severity – Ignore SWC IDs below the designated level
  • swc_blacklist – A comma-separated list of SWC IDs to ignore
  • swc_whitelist – A comma-separated list of SWC IDs to include
  • solc_version – The solc version to use for Solidity compilation
  • include – List of contract names to send - exclude everything else
  • remap_import – List of import remappings to pass on to solc
  • check_properties – Enable property verification mode
Returns:

mythx_cli.analyze.util

This module contains helpers for generating MythX analysis payloads.

mythx_cli.analyze.util.delete_absolute_prefix(path: str, prefix: str)[source]
mythx_cli.analyze.util.is_valid_job(job) → bool[source]

Detect interface contracts.

This utility function is used to detect interface contracts in solc and Truffle artifacts. This is done by checking whether any bytecode or source maps are to be found in the speficied job. This check is performed after the payload has been assembled to cover Truffle and Solidity analysis jobs.

Parameters:job – The payload to perform the check on
Returns:True if the submitted job is for an interface, False otherwise
mythx_cli.analyze.util.sanitize_paths(job: Dict) → Dict[source]

Remove the common prefix from paths.

This method takes a job payload, iterates through all paths, and removes all their common prefixes. This is an effort to only submit information on a need-to-know basis to MythX. Unless it’s to distinguish between files, the API does not need to know the absolute path of a file. This may even leak user information and should be removed.

If a common prefix cannot be found (e.g. if there is just one element in the source list), the relative path from the current working directory will be returned.

This concerns the following fields: - sources - AST absolute path - legacy AST absolute path - source list - main source

Parameters:job – The payload to sanitize
Returns:The sanitized job