mythx_cli.analyze package¶
mythx_cli.analyze.command¶
-
mythx_cli.analyze.command.
analyze
(*args, **kwargs)¶ Analyze the given directory or arguments with MythX.
Parameters: - ctx – Click context holding group-level parameters
- target – Arguments passed to the analyze subcommand
- async_flag – Whether to execute the analysis asynchronously
- mode – Full or quick analysis mode
- create_group – Create a new group for the analysis
- group_id – The group ID to add the analysis to
- group_name – The group name to attach to the analysis
- min_severity – Ignore SWC IDs below the designated level
- swc_blacklist – A comma-separated list of SWC IDs to ignore
- swc_whitelist – A comma-separated list of SWC IDs to include
- solc_version – The solc version to use for Solidity compilation
- include – List of contract names to send - exclude everything else
- remap_import – List of import remappings to pass on to solc
- check_properties – Enable property verification mode
- enable_scribble – Enable instrumentation with scribble
- scribble_path – Optional path to the scribble executable
- scenario – Force an analysis scenario
Returns:
mythx_cli.analyze.solidity¶
This module contains functions to generate Solidity-related payloads.
-
class
mythx_cli.analyze.solidity.
SolidityJob
(target: pathlib.Path)[source]¶ Bases:
object
-
generate_payloads
(version: Optional[str], contract: str = None, remappings: Tuple[str] = None, enable_scribble: bool = False, scribble_path: str = 'scribble')[source]¶ Generate a MythX analysis request from a given Solidity file.
This function will open the file, try to detect the used solc version from the pragma definition, and automatically compile it. If the given solc version is not installed on the client’s system, it will be automatically downloaded.
From the solc output, the following data is sent to the MythX API for analysis:
abi
ast
bin
bin-runtime
srcmap
srcmap-runtime
Parameters: - version – The solc version to use for compilation
- contract – The contract name(s) to submit
- remappings – Import remappings to pass to solcx
- enable_scribble – Enable instrumentation with scribble
- scribble_path – Optional path to the scribble executable
-
-
mythx_cli.analyze.solidity.
patch_solc_bytecode
(code: str) → str[source]¶ Patch solc bytecode placeholders.
This function patches placeholders in solc output. These placeholders are meant to be replaced with deployed library/dependency addresses on deployment, but do not form valid EVM bytecode. To produce a valid payload, placeholders are replaced with the zero-address.
Parameters: code – The bytecode to patch Returns: The patched bytecode with the zero-address filled in
-
mythx_cli.analyze.solidity.
walk_solidity_files
(solc_version: str, base_path: Optional[str] = None, remappings: Tuple[str] = None, enable_scribble: bool = False, scribble_path: str = 'scribble') → List[Dict][source]¶ Aggregate all Solidity files in the given base path.
Given a base path, this function will recursively walk through the filesystem and aggregate all Solidity files it comes across. The resulting job list will contain all the Solidity payloads (optionally compiled), ready for submission.
Parameters: - solc_version – The solc version to use for Solidity compilation
- base_path – The base path to walk through from
- remappings – Import remappings to pass to solcx
- enable_scribble – Enable instrumentation with scribble
- scribble_path – Optional path to the scribble executable
Returns:
mythx_cli.analyze.truffle¶
This module contains functions to generate payloads for Truffle projects.
-
class
mythx_cli.analyze.truffle.
TruffleJob
(target: pathlib.Path)[source]¶ Bases:
object
A truffle job to be sent to the API.
This object represents a collection of truffle artifacts that will be sent to the API. It aggregates artifacts and transforms them into API-conform payload dicts.
-
find_truffle_artifacts
() → Union[Tuple[List[str], List[str]], Tuple[None, None]][source]¶ Look for a Truffle build folder and return all relevant JSON artifacts.
This function will skip the Migrations.json file and return all other files under
<project-dir>/build/contracts/
. If no files were found,None
is returned.Returns: Files under <project-dir>/build/contracts/
orNone
-
generate_payloads
()[source]¶ Generate a MythX analysis request payload based on a truffle build artifact.
This will send the following artifact entries to MythX for analysis:
contractName
bytecode
deployedBytecode
sourceMap
deployedSourceMap
sourcePath
source
ast
legacyAST
- the compiler version
Returns: The payload dictionary to be sent to MythX
-
static
patch_truffle_bytecode
(code: str) → str[source]¶ Patch Truffle bytecode placeholders.
This function patches placeholders in Truffle artifact files. These placeholders are meant to be replaced with deployed library/dependency addresses on deployment, but do not form valid EVM bytecode. To produce a valid payload, placeholders are replaced with the zero-address.
Parameters: code – The bytecode to patch Returns: The patched bytecode with the zero-address filled in
-
mythx_cli.analyze.util¶
This module contains helpers for generating MythX analysis payloads.
-
class
mythx_cli.analyze.util.
ScenarioMode
[source]¶ Bases:
enum.Enum
An enumeration.
-
SOLIDITY_DIR
= 2¶
-
SOLIDITY_FILE
= 1¶
-
TRUFFLE
= 3¶
-
-
mythx_cli.analyze.util.
delete_absolute_prefix
(path: str, prefix: str)[source]¶ Delete a prefix of an absolute path.
If the path is not absolute yet, it will be expanded.
Parameters: - path – Path string to delete the prefix from
- prefix – Prefix to remove
Returns: The trimmed path
-
mythx_cli.analyze.util.
detect_truffle_files
(path: pathlib.Path, project_base: str = 'build/contracts/*.json') → bool[source]¶ Detect Truffle projects in paths.
This function detects whether a Truffle project can be found in the given project base path.
Parameters: - path – The path prefix to look in (e.g. the CLI target)
- project_base – The truffle-specific path suffix
Returns: Boolean indicating whether path contains a truffle project
-
mythx_cli.analyze.util.
determine_analysis_targets
(target: str, forced_scenario: str) → List[Tuple[mythx_cli.analyze.util.ScenarioMode, Union[pathlib.Path, str]]][source]¶ Determine the scenario for an analysis target.
This function will, based on a list of targets or lack thereof, return a list of two-tuples, each containing the determined analysis scenario and the target. In case no initial target is given, the current working directory is used as a replacement.
It is also possible to force evaluation of a given target (or the cwd) by passing the scenario name (“solidity” or “truffle”) to the
forced_scenario
parameter.Parameters: - target – The initial target to determine the scenario for
- forced_scenario – A string to manually override scenario detection
Returns: A list of tuples containing detected scenario and target
-
mythx_cli.analyze.util.
is_valid_job
(job) → bool[source]¶ Detect interface contracts.
This utility function is used to detect interface contracts in solc and Truffle artifacts. This is done by checking whether any bytecode or source maps are to be found in the speficied job. This check is performed after the payload has been assembled to cover Truffle and Solidity analysis jobs.
Parameters: job – The payload to perform the check on Returns: True if the submitted job is for an interface, False otherwise
-
mythx_cli.analyze.util.
sanitize_paths
(job: Dict) → Dict[source]¶ Remove the common prefix from paths.
This method takes a job payload, iterates through all paths, and removes all their common prefixes. This is an effort to only submit information on a need-to-know basis to MythX. Unless it’s to distinguish between files, the API does not need to know the absolute path of a file. This may even leak user information and should be removed.
If a common prefix cannot be found (e.g. if there is just one element in the source list), the relative path from the current working directory will be returned.
This concerns the following fields: - sources - AST absolute path - legacy AST absolute path - source list - main source
Parameters: job – The payload to sanitize Returns: The sanitized job