A powerful static analysis tool for Solana smart contracts written in Rust. Detect vulnerabilities, security issues, and code quality problems in your Solana/Anchor projects.
Install the command-line interface tool globally:
git clone https://github.com/your-org/rust-solana-analyzer.git
cd rust-solana-analyzer
cargo install --path cliVerify installation:
eloizer --versionBuild the library from source:
git clone https://github.com/your-org/rust-solana-analyzer.git
cd rust-solana-analyzer
cargo build --release
# Analyze a Solana project
eloizer analyze --path test-securty-solana/programs/test-securty-solana/src
# Generate a report
eloizer analyze --path src/ --output security-report.md
# List available detection rules
eloizer list-rules
# Get information about a specific rule
eloizer rule-info pda-sharing-cwe-345# Ignore low severity findings
eloizer analyze --path src/ --ignore low,informational
# Ignore specific rules
eloizer analyze --path src/ --ignore-rules unsafe-code
# Generate AST files
eloizer analyze --path src/ --ast
# Verbose output
eloizer analyze --path src/ --verboseFor complete CLI documentation, see CLI.md.
# Analyze a Solana project with debug logging
RUST_LOG=debug cargo run -- --path test-securty-solana/programs/test-securty-solana/src --analyze --output report.md
# Analyze without debug logging
cargo run -- --path /path/to/your/project --analyze
# Show AST output for debugging
cargo run -- --path src/lib.rs --ast
# Analyze specific files
cargo run -- --path src/lib.rs --analyze --output my-report.mdcargo run -- [OPTIONS]
Options:
--path <PATH> Path to Solana project or Rust files to analyze
--analyze Run vulnerability analysis
--ast Show AST output for debugging
--output <FILE> Output report to file (default: stdout)
--ignore <PATTERNS> Ignore files matching patterns
-h, --help Print help information
Environment Variables:
RUST_LOG=debug Enable debug logging
RUST_LOG=info Enable info logging
rust-solana-analyzer/
├── cli/ ........................................ Command-line interface
│ ├── src/
│ │ ├── main.rs ............................. CLI entry point
│ │ └── commands/ ........................... CLI commands
│ │ ├── analyze.rs ...................... Analysis command
│ │ ├── list_rules.rs ................... List rules command
│ │ ├── rule_info.rs .................... Rule info command
│ │ ├── init.rs ......................... Init config command
│ │ └── config.rs ....................... Config command
│ ├── Cargo.toml .............................. CLI dependencies
│ └── README.md ............................... CLI documentation
├── src/ ........................................ Core library
│ ├── lib.rs .................................. Library entry point
│ ├── ast/ .................................... AST Parser
│ │ ├── mod.rs
│ │ ├── parser.rs
│ │ └── json.rs
│ └── analyzer/
│ ├── mod.rs .............................. Core types (Finding, Severity)
│ ├── engine.rs ........................... Rule Engine
│ ├── span_utils.rs ....................... Location system
│ ├── reporting.rs ........................ Report generator
│ ├── dsl/ ................................ DSL for rules
│ │ ├── mod.rs
│ │ ├── query.rs ........................ Generic helpers
│ │ └── builders.rs ..................... RuleBuilder fluent API
│ └── rules/solana/ ....................... Modular rules by severity
│ ├── mod.rs
│ ├── high/ ........................... HIGH severity
│ │ ├── unsafe_code/
│ │ │ ├── mod.rs .................. Rule implementation
│ │ │ └── filters.rs .............. Specific filters
│ │ └── missing_signer_check/
│ │ ├── mod.rs
│ │ └── filters.rs
│ ├── medium/ ......................... MEDIUM severity
│ │ ├── division_by_zero/
│ │ ├── duplicate_mutable_accounts/
│ │ └── owner_check/
│ └── low/ ............................ LOW severity
│ ├── anchor_instructions/
│ └── missing_error_handling/
├── Cargo.toml .................................. Library dependencies
├── CLI.md ...................................... CLI documentation
├── DSL_DOCUMENTATION.md ........................ DSL documentation
└── ARCHITECTURE.md ............................. Technical architecture
Our DSL makes it easy to write custom vulnerability detectors:
pub fn create_rule() -> Arc<dyn Rule> {
RuleBuilder::new()
.id("my-custom-rule")
.severity(Severity::Medium)
.title("Custom Vulnerability Pattern")
.description("Detects a specific vulnerability pattern")
.dsl_query(|ast, _file_path, _span_extractor| {
AstQuery::new(ast)
.functions() // Find all functions
.public_functions() // Filter public only
.calls_to("dangerous_function") // That call dangerous_function
})
.build()
}Generic Filters:
.functions()- All functions.structs()- All structs.public_functions()- Public functions only.derives_accounts()- Structs deriving Accounts.calls_to("name")- Functions calling specific function.uses_unsafe()- Code using unsafe blocks.with_name("name")- Items with specific name
Custom Filters: Each rule can implement custom filters for specific vulnerability patterns.
We welcome contributions! Please see our Contributing Guide for details.
- Create a new directory under
src/analyzer/rules/solana/{severity}/ - Implement
mod.rswith the rule configuration - Add specific filters in
filters.rsif needed - Register the rule in the parent module
- Add tests and documentation
- CLI Documentation - Complete command-line interface guide
- Architecture Overview - Technical architecture details
- DSL Documentation - Rule development guide
- X Twitter
- Email: contact@inversive.xyz
- Website: Inversive.xyz
This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0-only). See the LICENSE file for details.
