duaraghav8 / solium-plugin-security Goto Github PK

When installing ethlint you get a npm warning message:

npm WARN [email protected] requires a peer of solium@^1.0.0 but none is installed. You must install peer dependencies yourself.

I expect this is because solium has now been renamed to ethlint, but this project still lists solium as a peer dependency

  "peerDependencies": {
    "solium": "^1.0.0"
  },

https://github.com/duaraghav8/solium-plugin-security/blob/master/package.json#L29-L31

I'm happy to open a PR to address this, but I'm not super familiar with how peerDependencies work.

I think ideally it'd specify that it could have a peer depednecy of solium@^1.0.0 OR ethlint@^1.0.0?

If I try to use one of the newer security rules I get an error when running Solium:

✖ [Fatal error] - An error occurred while linting over /home/alex/Work/augur-core/source/contracts/Augur.sol: An error occured while trying to load rules: Unable to load Plugin "solium-plugin-securtiy"

This is when I include something like

"securtiy/else-after-elseif": "error",

when using solium 1.0.9

After running npm install --dev (which works fine), I run npm test and get the following:

~/Projects/solium-plugin-security (master) $ npm test

> [email protected] test /Users/Cisplatin/Projects/solium-plugin-security
> mocha --require should --reporter spec --recursive

npm /Users/Cisplatin/Projects/solium-plugin-security/test/index.js:18
		const { meta, rules } = SoliumSecurityPlugin;
		      ^

SyntaxError: Unexpected token {
    at exports.runInThisContext (vm.js:53:16)
    at Module._compile (module.js:387:25)
    at Object.Module._extensions..js (module.js:422:10)
    at Module.load (module.js:357:32)
    at Function.Module._load (module.js:314:12)
    at Module.require (module.js:367:17)
    at require (internal/module.js:16:19)
    at /Users/Cisplatin/Projects/solium-plugin-security/node_modules/mocha/lib/mocha.js:231:27
    at Array.forEach (native)
    at Mocha.loadFiles (/Users/Cisplatin/Projects/solium-plugin-security/node_modules/mocha/lib/mocha.js:228:14)
    at Mocha.run (/Users/Cisplatin/Projects/solium-plugin-security/node_modules/mocha/lib/mocha.js:514:10)
    at Object.<anonymous> (/Users/Cisplatin/Projects/solium-plugin-security/node_modules/mocha/bin/_mocha:484:18)
    at Module._compile (module.js:413:34)
    at Object.Module._extensions..js (module.js:422:10)
    at Module.load (module.js:357:32)
    at Function.Module._load (module.js:314:12)
    at Function.Module.runMain (module.js:447:10)
    at startup (node.js:142:18)
    at node.js:939:3
npm ERR! Test failed.  See above for more details.

This is running node v5.9.0

extremely messed up situation. Need to find a permanent fix for it.

See complete thread #23 to understand problem and current fix being used for it.

we will soon be having a no-send security rule (#5)
So the plugin shouldn't recommend the user to use 'send' or 'transfer' in place of call.value. Recommend only transfer

Hey @duaraghav8, do you know why travis is failing like this?

Error: An error occured while trying to load rules: Unable to load Plugin "solium-plugin-security".

https://travis-ci.org/duaraghav8/solium-plugin-security/builds/318629461

• Improve no-assign-params message to point out the exact param that's being modified instead of just mentioning function name
• Refine no-explicit-visibility rule.
• Coverage
• Tests for remaining rules (that are in prod in v0.2.0) + package.json tests (just like in Solium)
• README: add augur bounty in description "these rules have been taken from..."
• Fully document how #25 has been resolved
• Travis ensure success
• Add Augur & all bounty participants' name in docs (under community section)
• remove list-of-rules.tgn
• run eslint - standardize indentation, quotes, bracketing, etc.
• Arrange rules alphabetically in readme, index.js etc (if necessary)

Types of refinement to be done

• Renaming
• refactoring of rule implementations
• recommended = true/false
• type (default severity or switched off) (duaraghav8/Ethlint#142)
• more automated tests

https://github.com/AugurProject/augur-bounties
(Rules that have either already been merged or their PR is now ready and about to be merged have been checked)
Note that some rules were already part of this plugin before the bounty was released, so nobody has initiated PRs for them.

• [required] Prohibit function overriding
• [required] Enforce function prototype to have a return type
• [optional] Functions must have a single return at the end of the function
• [required] Prohibit modification of for loop iteration counting variables in the loop body
• [required] Prohibit loops without fixed bounds
• [required] Functions must have an explicit return statement
• [required] Prohibit abstract functions
• [required] Prohibit use of inheritance
• [required] Prohibit use of multiple inheritance
• [required] Prohibit use of send
• [required] An else clause must be included after else if
• [optional] Prohibit use of user-defined modifiers
• [required] Prohibit unreachable code
• [required] Prohibit use of var / all variable types must be explicitly stated
• [required] Prohibit use of tx.origin
• [required] Prohibit use of continue statement
• [required] Prohibit use of selfdestruct/suicide
• [required] Prohibit use of integer types smaller than 256 bits
• [required] Prohibit use of assembly
• [required] Prohibit use of named parameters in function calls.
• [required] Prohibit fixedpoint (fixed and ufixed) types
• [optional] Prohibit use of call.value
• [required] Prohibit bitshifts and bit operators
• [optional] Restrict functions to a user-specified number of lines of code
• [required] Only one break statement allowed per loop

Hi,

I was wondering how you specify that you want to activate all the security rules (enabled and disabled rules by default) in .soliumrc.json file?

Cycl0pe