duaraghav8 / solium-plugin-security Goto Github PK
View Code? Open in Web Editor NEWThe Official Security Plugin for Ethlint (formerly Solium)
Home Page: http://npmjs.com/package/solium-plugin-security
License: MIT License
The Official Security Plugin for Ethlint (formerly Solium)
Home Page: http://npmjs.com/package/solium-plugin-security
License: MIT License
When installing ethlint
you get a npm warning message:
npm WARN [email protected] requires a peer of solium@^1.0.0 but none is installed. You must install peer dependencies yourself.
I expect this is because solium
has now been renamed to ethlint
, but this project still lists solium
as a peer dependency
"peerDependencies": {
"solium": "^1.0.0"
},
https://github.com/duaraghav8/solium-plugin-security/blob/master/package.json#L29-L31
I'm happy to open a PR to address this, but I'm not super familiar with how peerDependencies work.
I think ideally it'd specify that it could have a peer depednecy of solium@^1.0.0
OR ethlint@^1.0.0
?
If I try to use one of the newer security rules I get an error when running Solium:
โ [Fatal error] - An error occurred while linting over /home/alex/Work/augur-core/source/contracts/Augur.sol: An error occured while trying to load rules: Unable to load Plugin "solium-plugin-securtiy"
This is when I include something like
"securtiy/else-after-elseif": "error",
when using solium 1.0.9
After running npm install --dev
(which works fine), I run npm test
and get the following:
~/Projects/solium-plugin-security (master) $ npm test
> [email protected] test /Users/Cisplatin/Projects/solium-plugin-security
> mocha --require should --reporter spec --recursive
npm /Users/Cisplatin/Projects/solium-plugin-security/test/index.js:18
const { meta, rules } = SoliumSecurityPlugin;
^
SyntaxError: Unexpected token {
at exports.runInThisContext (vm.js:53:16)
at Module._compile (module.js:387:25)
at Object.Module._extensions..js (module.js:422:10)
at Module.load (module.js:357:32)
at Function.Module._load (module.js:314:12)
at Module.require (module.js:367:17)
at require (internal/module.js:16:19)
at /Users/Cisplatin/Projects/solium-plugin-security/node_modules/mocha/lib/mocha.js:231:27
at Array.forEach (native)
at Mocha.loadFiles (/Users/Cisplatin/Projects/solium-plugin-security/node_modules/mocha/lib/mocha.js:228:14)
at Mocha.run (/Users/Cisplatin/Projects/solium-plugin-security/node_modules/mocha/lib/mocha.js:514:10)
at Object.<anonymous> (/Users/Cisplatin/Projects/solium-plugin-security/node_modules/mocha/bin/_mocha:484:18)
at Module._compile (module.js:413:34)
at Object.Module._extensions..js (module.js:422:10)
at Module.load (module.js:357:32)
at Function.Module._load (module.js:314:12)
at Function.Module.runMain (module.js:447:10)
at startup (node.js:142:18)
at node.js:939:3
npm ERR! Test failed. See above for more details.
This is running node v5.9.0
extremely messed up situation. Need to find a permanent fix for it.
See complete thread #23 to understand problem and current fix being used for it.
we will soon be having a no-send
security rule (#5)
So the plugin shouldn't recommend the user to use 'send' or 'transfer' in place of call.value. Recommend only transfer
Hey @duaraghav8, do you know why travis is failing like this?
Error: An error occured while trying to load rules: Unable to load Plugin "solium-plugin-security".
https://travis-ci.org/duaraghav8/solium-plugin-security/builds/318629461
no-assign-params
message to point out the exact param that's being modified instead of just mentioning function nameno-explicit-visibility
rule.v0.2.0
) + package.json tests (just like in Solium)list-of-rules.tgn
recommended
= true/falsetype
(default severity or switched off) (duaraghav8/Ethlint#142)https://github.com/AugurProject/augur-bounties
(Rules that have either already been merged or their PR is now ready and about to be merged have been checked)
Note that some rules were already part of this plugin before the bounty was released, so nobody has initiated PRs for them.
Hi,
I was wondering how you specify that you want to activate all the security rules (enabled and disabled rules by default) in .soliumrc.json file?
Cycl0pe
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.