mythx_cli.analyze package

mythx_cli.analyze.command

mythx_cli.analyze.command.analyze(*args, **kwargs)

Analyze the given directory or arguments with MythX.

Parameters:
  • ctx – Click context holding group-level parameters
  • target – Arguments passed to the analyze subcommand
  • async_flag – Whether to execute the analysis asynchronously
  • mode – Full or quick analysis mode
  • create_group – Create a new group for the analysis
  • group_id – The group ID to add the analysis to
  • group_name – The group name to attach to the analysis
  • min_severity – Ignore SWC IDs below the designated level
  • swc_blacklist – A comma-separated list of SWC IDs to ignore
  • swc_whitelist – A comma-separated list of SWC IDs to include
  • solc_version – The solc version to use for Solidity compilation
  • include – List of contract names to send - exclude everything else
  • remap_import – List of import remappings to pass on to solc
  • check_properties – Enable property verification mode
  • enable_scribble – Enable instrumentation with scribble
  • scribble_path – Optional path to the scribble executable
  • scenario – Force an analysis scenario
Returns:

mythx_cli.analyze.solidity

This module contains functions to generate Solidity-related payloads.

class mythx_cli.analyze.solidity.SolidityJob(target: pathlib.Path)[source]

Bases: object

generate_payloads(version: Optional[str], contract: str = None, remappings: Tuple[str] = None, enable_scribble: bool = False, scribble_path: str = 'scribble')[source]

Generate a MythX analysis request from a given Solidity file.

This function will open the file, try to detect the used solc version from the pragma definition, and automatically compile it. If the given solc version is not installed on the client’s system, it will be automatically downloaded.

From the solc output, the following data is sent to the MythX API for analysis:

  • abi
  • ast
  • bin
  • bin-runtime
  • srcmap
  • srcmap-runtime
Parameters:
  • version – The solc version to use for compilation
  • contract – The contract name(s) to submit
  • remappings – Import remappings to pass to solcx
  • enable_scribble – Enable instrumentation with scribble
  • scribble_path – Optional path to the scribble executable
mythx_cli.analyze.solidity.patch_solc_bytecode(code: str) → str[source]

Patch solc bytecode placeholders.

This function patches placeholders in solc output. These placeholders are meant to be replaced with deployed library/dependency addresses on deployment, but do not form valid EVM bytecode. To produce a valid payload, placeholders are replaced with the zero-address.

Parameters:code – The bytecode to patch
Returns:The patched bytecode with the zero-address filled in
mythx_cli.analyze.solidity.walk_solidity_files(solc_version: str, base_path: Optional[str] = None, remappings: Tuple[str] = None, enable_scribble: bool = False, scribble_path: str = 'scribble') → List[Dict][source]

Aggregate all Solidity files in the given base path.

Given a base path, this function will recursively walk through the filesystem and aggregate all Solidity files it comes across. The resulting job list will contain all the Solidity payloads (optionally compiled), ready for submission.

Parameters:
  • solc_version – The solc version to use for Solidity compilation
  • base_path – The base path to walk through from
  • remappings – Import remappings to pass to solcx
  • enable_scribble – Enable instrumentation with scribble
  • scribble_path – Optional path to the scribble executable
Returns:

mythx_cli.analyze.truffle

This module contains functions to generate payloads for Truffle projects.

class mythx_cli.analyze.truffle.TruffleJob(target: pathlib.Path)[source]

Bases: object

A truffle job to be sent to the API.

This object represents a collection of truffle artifacts that will be sent to the API. It aggregates artifacts and transforms them into API-conform payload dicts.

find_truffle_artifacts() → Union[Tuple[List[str], List[str]], Tuple[None, None]][source]

Look for a Truffle build folder and return all relevant JSON artifacts.

This function will skip the Migrations.json file and return all other files under <project-dir>/build/contracts/. If no files were found, None is returned.

Returns:Files under <project-dir>/build/contracts/ or None
generate_payloads()[source]

Generate a MythX analysis request payload based on a truffle build artifact.

This will send the following artifact entries to MythX for analysis:

  • contractName
  • bytecode
  • deployedBytecode
  • sourceMap
  • deployedSourceMap
  • sourcePath
  • source
  • ast
  • legacyAST
  • the compiler version
Returns:The payload dictionary to be sent to MythX
static patch_truffle_bytecode(code: str) → str[source]

Patch Truffle bytecode placeholders.

This function patches placeholders in Truffle artifact files. These placeholders are meant to be replaced with deployed library/dependency addresses on deployment, but do not form valid EVM bytecode. To produce a valid payload, placeholders are replaced with the zero-address.

Parameters:code – The bytecode to patch
Returns:The patched bytecode with the zero-address filled in

mythx_cli.analyze.util

This module contains helpers for generating MythX analysis payloads.

class mythx_cli.analyze.util.ScenarioMode[source]

Bases: enum.Enum

An enumeration.

SOLIDITY_DIR = 2
SOLIDITY_FILE = 1
TRUFFLE = 3
mythx_cli.analyze.util.delete_absolute_prefix(path: str, prefix: str)[source]

Delete a prefix of an absolute path.

If the path is not absolute yet, it will be expanded.

Parameters:
  • path – Path string to delete the prefix from
  • prefix – Prefix to remove
Returns:

The trimmed path

mythx_cli.analyze.util.detect_truffle_files(path: pathlib.Path, project_base: str = 'build/contracts/*.json') → bool[source]

Detect Truffle projects in paths.

This function detects whether a Truffle project can be found in the given project base path.

Parameters:
  • path – The path prefix to look in (e.g. the CLI target)
  • project_base – The truffle-specific path suffix
Returns:

Boolean indicating whether path contains a truffle project

mythx_cli.analyze.util.determine_analysis_targets(target: str, forced_scenario: str) → List[Tuple[mythx_cli.analyze.util.ScenarioMode, Union[pathlib.Path, str]]][source]

Determine the scenario for an analysis target.

This function will, based on a list of targets or lack thereof, return a list of two-tuples, each containing the determined analysis scenario and the target. In case no initial target is given, the current working directory is used as a replacement.

It is also possible to force evaluation of a given target (or the cwd) by passing the scenario name (“solidity” or “truffle”) to the forced_scenario parameter.

Parameters:
  • target – The initial target to determine the scenario for
  • forced_scenario – A string to manually override scenario detection
Returns:

A list of tuples containing detected scenario and target

mythx_cli.analyze.util.is_valid_job(job) → bool[source]

Detect interface contracts.

This utility function is used to detect interface contracts in solc and Truffle artifacts. This is done by checking whether any bytecode or source maps are to be found in the speficied job. This check is performed after the payload has been assembled to cover Truffle and Solidity analysis jobs.

Parameters:job – The payload to perform the check on
Returns:True if the submitted job is for an interface, False otherwise
mythx_cli.analyze.util.sanitize_paths(job: Dict) → Dict[source]

Remove the common prefix from paths.

This method takes a job payload, iterates through all paths, and removes all their common prefixes. This is an effort to only submit information on a need-to-know basis to MythX. Unless it’s to distinguish between files, the API does not need to know the absolute path of a file. This may even leak user information and should be removed.

If a common prefix cannot be found (e.g. if there is just one element in the source list), the relative path from the current working directory will be returned.

This concerns the following fields: - sources - AST absolute path - legacy AST absolute path - source list - main source

Parameters:job – The payload to sanitize
Returns:The sanitized job