Merge branch 'dev' into dev-echidna

Author: montyly

.github/workflows/black.yml

@@ -26,7 +26,7 @@ jobs:
 
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           # Full git history is needed to get a proper list of changed files within `super-linter`
           fetch-depth: 0

.github/workflows/ci.yml

@@ -53,7 +53,7 @@ jobs:
           - os: windows-2022
             type: truffle
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Python ${{ matrix.python }}
         uses: actions/setup-python@v4
         with:
@@ -67,7 +67,7 @@ jobs:
 
       - name: Set up nix
         if: matrix.type == 'dapp'
-        uses: cachix/install-nix-action@v22
+        uses: cachix/install-nix-action@v23
 
       - name: Set up cachix
         if: matrix.type == 'dapp'

.github/workflows/docker.yml

@@ -17,13 +17,13 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
+        uses: docker/setup-qemu-action@v3
 
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
+        uses: docker/setup-buildx-action@v3
         id: buildx
         with:
           install: true
@@ -40,14 +40,14 @@ jobs:
             type=edge
 
       - name: GitHub Container Registry Login
-        uses: docker/login-action@v2
+        uses: docker/login-action@v3
         with:
           registry: ghcr.io
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Docker Build and Push
-        uses: docker/build-push-action@v4
+        uses: docker/build-push-action@v5
         with:
           platforms: linux/amd64,linux/arm64/v8,linux/arm/v7
           target: final

.github/workflows/docs.yml

@@ -28,7 +28,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
       - name: Setup Pages
         uses: actions/configure-pages@v3
       - uses: actions/setup-python@v4
@@ -37,7 +37,7 @@ jobs:
       - run: pip install -e ".[doc]"
       - run: pdoc -o html/ slither '!slither.tools' #TODO fix import errors on pdoc run
       - name: Upload artifact
-        uses: actions/upload-pages-artifact@v1
+        uses: actions/upload-pages-artifact@v2
         with:
           # Upload the doc
           path: './html/'

.github/workflows/doctor.yml

@@ -29,7 +29,7 @@ jobs:
           - os: windows-2022
             python: 3.8
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up Python ${{ matrix.python }}
         uses: actions/setup-python@v4

.github/workflows/linter.yml

@@ -9,8 +9,6 @@ defaults:
 on:
   pull_request:
     branches: [master, dev]
-    paths:
-      - "**/*.py"
 
   schedule:
     # run CI every day even if no PRs/merges occur
@@ -27,7 +25,7 @@ jobs:
 
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           # Full git history is needed to get a proper list of changed files within `super-linter`
           fetch-depth: 0
@@ -42,6 +40,10 @@ jobs:
           mkdir -p .github/linters
           cp pyproject.toml .github/linters
 
+      - name: Register yamllint problem matcher
+        run: |
+          echo "::add-matcher::.github/workflows/matchers/yamllint.json"
+
       - name: Lint everything else
         uses: super-linter/super-linter/slim@v4.9.2
         if: always()
@@ -55,7 +57,6 @@ jobs:
           VALIDATE_PYTHON_PYLINT: false
           VALIDATE_PYTHON_BLACK: false
           VALIDATE_PYTHON_ISORT: false
-          # Always false
           VALIDATE_JSON: false
           VALIDATE_JAVASCRIPT_STANDARD: false
           VALIDATE_PYTHON_FLAKE8: false

.github/workflows/matchers/pylint.json

@@ -0,0 +1,32 @@
+{
+    "problemMatcher": [
+      {
+        "owner": "pylint-error",
+        "severity": "error",
+        "pattern": [
+          {
+            "regexp": "^(.+):(\\d+):(\\d+):\\s(([EF]\\d{4}):\\s.+)$",
+            "file": 1,
+            "line": 2,
+            "column": 3,
+            "message": 4,
+            "code": 5
+          }
+        ]
+      },
+      {
+        "owner": "pylint-warning",
+        "severity": "warning",
+        "pattern": [
+          {
+            "regexp": "^(.+):(\\d+):(\\d+):\\s(([CRW]\\d{4}):\\s.+)$",
+            "file": 1,
+            "line": 2,
+            "column": 3,
+            "message": 4,
+            "code": 5
+          }
+        ]
+      }
+    ]
+}

.github/workflows/matchers/yamllint.json

@@ -0,0 +1,22 @@
+{
+    "problemMatcher": [
+      {
+        "owner": "yamllint",
+        "pattern": [
+          {
+            "regexp": "^(.*\\.ya?ml)$",
+            "file": 1
+          },
+          {
+            "regexp": "^\\s{2}(\\d+):(\\d+)\\s+(error|warning)\\s+(.*?)\\s+\\((.*)\\)$",
+            "line": 1,
+            "column": 2,
+            "severity": 3,
+            "message": 4,
+            "code": 5,
+            "loop": true
+          }
+        ]
+      }
+    ]
+  }

.github/workflows/pip-audit.yml

@@ -18,7 +18,7 @@ jobs:
 
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
 
       - name: Install Python
         uses: actions/setup-python@v4

.github/workflows/publish.yml

@@ -10,7 +10,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
 
       - name: Set up Python
         uses: actions/setup-python@v4
@@ -44,11 +44,10 @@ jobs:
           path: dist/
 
       - name: publish
-        uses: pypa/gh-action-pypi-publish@v1.8.7
+        uses: pypa/gh-action-pypi-publish@v1.8.10
 
       - name: sign
-        uses: sigstore/gh-action-sigstore-python@v1.2.3
+        uses: sigstore/gh-action-sigstore-python@v2.1.0
         with:
           inputs: ./dist/*.tar.gz ./dist/*.whl
           release-signing-artifacts: true
-          bundle-only: true

.github/workflows/pylint.yml

@@ -9,6 +9,8 @@ defaults:
 on:
   pull_request:
     branches: [master, dev]
+    paths:
+      - "**/*.py"
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -21,7 +23,7 @@ jobs:
 
     steps:
       - name: Checkout Code
-        uses: actions/checkout@v3
+        uses: actions/checkout@v4
         with:
           # Full git history is needed to get a proper list of changed files within `super-linter`
           fetch-depth: 0
@@ -36,6 +38,10 @@ jobs:
           mkdir -p .github/linters
           cp pyproject.toml .github/linters
 
+      - name: Register pylint problem matcher
+        run: |
+          echo "::add-matcher::.github/workflows/matchers/pylint.json"
+
       - name: Pylint
         uses: super-linter/super-linter/slim@v4.9.2
         if: always()

.github/workflows/test.yml

@@ -27,7 +27,7 @@ jobs:
         type: ["unit", "integration", "tool"]
         python: ${{ (github.event_name == 'pull_request' && fromJSON('["3.8", "3.11"]')) || fromJSON('["3.8", "3.9", "3.10", "3.11"]') }}
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Python ${{ matrix.python }}
         uses: actions/setup-python@v4
         with:
@@ -57,7 +57,23 @@ jobs:
             npm install hardhat
             popd || exit
           fi
-
+      - name: Install Vyper
+        run: |
+          INSTALLDIR="$RUNNER_TEMP/vyper-install"
+          if [[ "$RUNNER_OS" = "Windows" ]]; then
+              URL="https://github.com/vyperlang/vyper/releases/download/v0.3.7/vyper.0.3.7+commit.6020b8bb.windows.exe"
+              FILENAME="vyper.exe"
+          elif [[ "$RUNNER_OS" = "Linux" ]]; then
+              URL="https://github.com/vyperlang/vyper/releases/download/v0.3.7/vyper.0.3.7+commit.6020b8bb.linux"
+              FILENAME="vyper"
+          else
+              echo "Unknown OS"
+              exit 1
+          fi
+          mkdir -p "$INSTALLDIR"
+          curl "$URL" -o "$INSTALLDIR/$FILENAME" -L
+          chmod 755 "$INSTALLDIR/$FILENAME"
+          echo "$INSTALLDIR" >> "$GITHUB_PATH"
       - name: Run ${{ matrix.type }} tests
         env:
           TEST_TYPE: ${{ matrix.type }}
@@ -84,7 +100,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
       - name: Set up Python 3.8
         uses: actions/setup-python@v4
         with:

CITATION.cff

@@ -0,0 +1,64 @@
+cff-version: 1.2.0
+title: Slither Analyzer
+message: >-
+  If you use this software, please cite it using the
+  metadata from this file.
+type: software
+authors:
+  - given-names: Josselin
+    family-names: Feist
+  - given-names: Gustavo
+    family-names: Grieco
+  - given-names: Alex
+    family-names: Groce
+identifiers:
+  - type: doi
+    value: 10.48550/arXiv.1908.09878
+    description: arXiv.1908.09878
+  - type: url
+    value: 'https://arxiv.org/abs/1908.09878'
+    description: arxiv
+  - type: doi
+    value: 10.1109/wetseb.2019.00008
+repository-code: 'https://github.com/crytic/slither'
+url: 'https://www.trailofbits.com/'
+repository-artifact: 'https://github.com/crytic/slither/releases'
+abstract: >-
+  Slither is a static analysis framework designed to provide
+  rich information about Ethereum smart contracts.
+
+  It works by converting Solidity smart contracts into an
+  intermediate representation called SlithIR.
+
+  SlithIR uses Static Single Assignment (SSA) form and a
+  reduced instruction set to ease implementation of analyses
+  while preserving semantic information that would be lost
+  in transforming Solidity to bytecode. 
+
+  Slither allows for the application of commonly used
+  program analysis techniques like dataflow and taint
+  tracking.
+
+
+  Our framework has four main use cases: 
+
+  (1) automated detection of vulnerabilities,
+
+  (2) automated detection of code optimization
+  opportunities,
+
+  (3) improvement of the user's understanding of the
+  contracts, and
+
+  (4) assistance with code review.  
+keywords:
+  - Ethereum
+  - Static Analysis
+  - Smart contracts
+  - EVM
+  - bug detection
+  - Software Engineering
+license: AGPL-3.0-only
+commit: 3d4f934d3228f072b7df2c5e7252c64df4601bc8
+version: 0.9.5
+date-released: '2023-06-28'

CONTRIBUTING.md

@@ -96,8 +96,8 @@ For each new detector, at least one regression tests must be present.
 #### Adding parsing tests
 
 1. Create a test in `tests/e2e/solc_parsing/`
-2. Run `python tests/e2e/solc_parsing/test_ast_parsing.py --compile`. This will compile the artifact in `tests/e2e/solc_parsing/compile`. Add the compiled artifact to git.
-3. Update `ALL_TESTS` in `tests/e2e/solc_parsing/test_ast_parsing.py`.
+2. Update `ALL_TESTS` in `tests/e2e/solc_parsing/test_ast_parsing.py`.
+3. Run `python tests/e2e/solc_parsing/test_ast_parsing.py --compile`. This will compile the artifact in `tests/e2e/solc_parsing/compile`. Add the compiled artifact to git.
 4. Run `python tests/e2e/solc_parsing/test_ast_parsing.py --generate`. This will generate the json artifacts in `tests/e2e/solc_parsing/expected_json`. Add the generated files to git.
 5. Run `pytest tests/e2e/solc_parsing/test_ast_parsing.py` and check that everything worked.