mythx_cli.analyze package

mythx_cli.analyze.command

mythx_cli.analyze.command.analyze(*args, **kwargs)

Analyze the given directory or arguments with MythX.

Parameters:

• ctx – Click context holding group-level parameters
• target – Arguments passed to the analyze subcommand
• async_flag – Whether to execute the analysis asynchronously
• mode – Full or quick analysis mode
• create_group – Create a new group for the analysis
• group_id – The group ID to add the analysis to
• group_name – The group name to attach to the analysis
• min_severity – Ignore SWC IDs below the designated level
• swc_blacklist – A comma-separated list of SWC IDs to ignore
• swc_whitelist – A comma-separated list of SWC IDs to include
• solc_version – The solc version to use for Solidity compilation
• include – List of contract names to send - exclude everything else
• remap_import – List of import remappings to pass on to solc

Returns:

mythx_cli.analyze.util

mythx_cli.analyze.util.find_solidity_files(project_dir: str) → Optional[List[str]]

Return all Solidity files in the given directory.

This will match all files with the .sol extension.

Parameters:project_dir – The directory to search in Returns:Solidity files in project_dir or None

mythx_cli.analyze.util.find_truffle_artifacts(project_dir: Union[str, pathlib.Path]) → Optional[List[str]]

Look for a Truffle build folder and return all relevant JSON artifacts.

This function will skip the Migrations.json file and return all other files under <project-dir>/build/contracts/. If no files were found, None is returned.

Parameters:project_dir – The base directory of the Truffle project Returns:Files under <project-dir>/build/contracts/ or None

mythx_cli.analyze.util.is_valid_job(job) → bool

Detect interface contracts.

This utility function is used to detect interface contracts in solc and Truffle artifacts. This is done by checking whether any bytecode or source maps are to be found in the speficied job. This check is performed after the payload has been assembled to cover Truffle and Solidity analysis jobs.

Parameters:job – The payload to perform the check on Returns:True if the submitted job is for an interface, False otherwise

mythx_cli.analyze.util.sanitize_paths(job: Dict) → Dict

Remove the common prefix from paths.

This method takes a job payload, iterates through all paths, and removes all their common prefixes. This is an effort to only submit information on a need-to-know basis to MythX. Unless it’s to distinguish between files, the API does not need to know the absolute path of a file. This may even leak user information and should be removed.

If a common prefix cannot be found (e.g. if there is just one element in the source list), the relative path from the current working directory will be returned.

This concerns the following fields: - sources - AST absolute path - legacy AST absolute path - source list - main source

Parameters:job – The payload to sanitize Returns:The sanitized job

mythx_cli.analyze.util.walk_solidity_files(ctx, solc_version: str, base_path: Optional[str] = None, remappings: Tuple[str] = None) → List[Dict]

Aggregate all Solidity files in the given base path.

Given a base path, this function will recursively walk through the filesystem and aggregate all Solidity files it comes across. The resulting job list will contain all the Solidity payloads (optionally compiled), ready for submission.

Parameters:

• ctx –
  param ctx:Click context holding group-level parameters
• solc_version – The solc version to use for Solidity compilation
• base_path – The base path to walk through from
• remappings – Import remappings to pass to solcx

Returns: