Comments (6)
Just a heads up that we are likely moving towards subcommands and that work may conflict. We may be able to make the filter a global arg and pass that down to the detect
command and print
command as outlined here:
Instead of filter, maybe we can use exclude and include (or similar names, but that works in both directions). We can then use the same options for detectors and printers, so something like
--exclude-filenames / --include-filenames
--exclude-contracts / --include-contracts
--exclude-functions / --include-functions. Maybe with both support for f(..) and contract.f(..), so we work with top level functions, and can filter similar functions across contracts in case of inheritance
@shortdoom I've been thinking about a way to expose info in a way that's easier to query. If we replaced the printer table output with something more structured that can be parsed we can do something like the following. This example queries for writes to is_killed
and can be combined with a logical operator to further filter the query like /-is_killed && Sends ETH: no/
. Wdyt of this approach?
![Screenshot 2023-11-17 at 2 14 15 PM](https://private-user-images.githubusercontent.com/87383155/283920973-d7be51f4-edf6-4a44-b2b7-f5d51d66a2bc.png?jwt=eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJnaXRodWIuY29tIiwiYXVkIjoicmF3LmdpdGh1YnVzZXJjb250ZW50LmNvbSIsImtleSI6ImtleTUiLCJleHAiOjE3MTIxMzE2MzAsIm5iZiI6MTcxMjEzMTMzMCwicGF0aCI6Ii84NzM4MzE1NS8yODM5MjA5NzMtZDdiZTUxZjQtZWRmNi00YTQ0LWIyYjctZjVkNTFkNjZhMmJjLnBuZz9YLUFtei1BbGdvcml0aG09QVdTNC1ITUFDLVNIQTI1NiZYLUFtei1DcmVkZW50aWFsPUFLSUFWQ09EWUxTQTUzUFFLNFpBJTJGMjAyNDA0MDMlMkZ1cy1lYXN0LTElMkZzMyUyRmF3czRfcmVxdWVzdCZYLUFtei1EYXRlPTIwMjQwNDAzVDA4MDIxMFomWC1BbXotRXhwaXJlcz0zMDAmWC1BbXotU2lnbmF0dXJlPTZjNTJlMjFiMTVhNzJhM2Y1MzdiM2Q5NDNlNGEwNzllNTUwZGNiMzc0ZjJkMDAyODA0MDE0MjBhZTA4MjlmZDMmWC1BbXotU2lnbmVkSGVhZGVycz1ob3N0JmFjdG9yX2lkPTAma2V5X2lkPTAmcmVwb19pZD0wIn0.8oc392KqaQEPN_pypuqlWA51TfTPYoFSZycVGGmkU1w)
from slither.
regex is not needed, all of the listed information is available to slither as formatted py object (string) in either Function or Contract class.
i think the Issue could be generalized to better control over any output as slither relies extensively on prettyTable for formatting cli display and on the other hand complex json data type for output with --json flag. both of those have drawbacks when integrating with other external to slither scripts. amazingly, as much as Slither allows for easy integration directly with Class objects, it's output pipeline is pretty "hardcoded" from what I've seen
some middleware allowing for specifying custom ouput easily is good idea (say, simplified-json). either in form of a standalone method accessible from the core (by user or other slither classes) or as a separate util.
from slither.
hi @lucas-manuel 👋🏽
Great idea.
We have talked about making slither-printer
it's own thing which could take some clargs for filtering as well as output options as @shortdoom suggests. Would also be nice to have a toggle for --fully-derived-contracts only, for example, for certain printers.
Making slither-printer
a separate command is not a requirement to this but it would be cleaner than trying to tack on more clargs to the base slither
command.
I can work on this when I have some time (soon ™️) or if someone else wants to take a shot at implementing this we can provide guidance.
from slither.
@lucas-manuel @devtooligan @0xalpharush
if you are fine with having this as a separate "tool" and not as a "printer", I can make a PR today, just green-light following logic and reasoning behind it:
- printers are built around Contract class and do not accept any args. it's a problem because some of the data needed is residing in the Function class. basically, how printers are structured disallows, without some changes of AbstractPrinter or creating new type of abstract interface, to implement "filtering printer" effectively. hence why the "tool" and not printer. tooling interface allows for multiple arguments and it's more relaxed.
example use case:
"Return all functions without get* at the start that are external, have external calls, don't have any modifiers, and modify state."
example input:
slither-function-filter contract.sol --viz external --ext-call 1 --modifier 0 --state 1
where,
1 or 0 for true/fals, if --ext-call 1 == include all functions that make AT LEAST 1 external call
returns:
functions matching criteria printed to cli (guidance as to this may be needed, i didn't spent that much time on Output class, PR will just print to cli initially)
from slither.
@shortdoom yes a tool would be totally fine with me, that sounds good!
from slither.
i made a "draft" PR. it doesn't include requested regex matching but it's straight forward to implement if needed. i followed existing implementation of parser without sub-commands for now as this is the current state of dev
branch. regardless, I think slither-function-filter
tool still can provide functionality above of (to be updated) output control of printers/detectors. search -> match -> print is the specific flow of this tool.
as for the better control of outputs, I'll comment in the referenced Issue after having some closer look. but I am of a biased opinion that Python API outputs should be prioritized over cli for restructuring. for larger codebases API integration is go-to solution over parsing cli output. for cli I think that standardization of output is enough - making output parsable ie. <name>:<value>
- exactly as presented on the screenshot.
from slither.
Related Issues (20)
- Starter foundry project fails HOT 2
- Allow users to filter files under test HOT 2
- Sarif error output
- support for cancun: transient storage opcodes, blobhash HOT 2
- use pytest parameterize instead of list of booleans HOT 1
- remove deprecated flags for next breaking release HOT 1
- Detector 'Too Many Digits' is confusing, change name to 'Quantifier amount is ambiguous' HOT 5
- Failed to generate IR HOT 20
- error slither: command not found.
- [Bug]: Slither cannot parse event arguments from global scope
- [Bug]: Events not recognizing type aliases HOT 1
- Storage method of control flow diagram HOT 1
- [Bug]: Failed to generate IR for a function HOT 3
- [Bug-Candidate]: Vyper interfaces with default argument crash Slither
- Failed to generate IR for L2UsdcBridge.onlyEOA. HOT 3
- [Bug-Candidate]: Vyper unpacking call's returned values crash Slither
- [False-Positive]: Vyper constant-states
- Record name location for declarations HOT 2
- filter `name-reused` to only run on Truffle projects
- [Bug-Candidate]: pip install fails when run against fresh install due to hexbytes version mismatch HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from slither.