trailofbits / eth-security-toolbox Goto Github PK
View Code? Open in Web Editor NEWA Docker container preconfigured with all of the Trail of Bits Ethereum security tools.
License: GNU Affero General Public License v3.0
eth-security-toolbox's Issues
New slither version
Please can you publish the latest docker image with slither 6.14?
kind regards
Update to include newer tools and deprecate not actively used/maintained
- Add Medusa
- Remove Etheno, Manticore, Rattle
Vyper support?
Any plans or work in progress to support Vyper?
If yes, is there a version manager like solc-select?
M1 Support
Please add linux/arm64 docker build to support M1 chips
Slither fails to execute in latest docker tag
I cannot run slither with the latest docker tag of eth-security-toolbox. After #8 was fixed, it now seems slither was "not compiled correctly".
This time, I have no idea how to provide a workaround.
- Steps to reproduce:
- start eth-security-toolbox with mounted project
docker run -it -d -v /path/to/project:/share trailofbits/eth-security-toolbox cdinto project repository (cd /share)- run
slither .
- start eth-security-toolbox with mounted project
- Expected output:
- Slither code analysis.
- Actual output:
ERROR:Slither:Invalid compilation
ERROR:Slither:Solidity version not found ['']
Docker image:
Using default tag: latest
latest: Pulling from trailofbits/eth-security-toolbox
Digest: sha256:38cde2135b8446a8e98d719543ff6647765352937f042d6608d50b88d3bf44b9
Status: Image is up to date for trailofbits/eth-security-toolbox:latest
Consider including vyper
Now that slither supports Vyper, perhaps we should include the binary in the docker image
https://github.com/crytic/slither/blob/e3dcf1ecd3e9de60da046de471c5663ab637993a/.github/workflows/test.yml#L60-L76
Break up monolithic image into images targeting solc versions
The eth-security-toolbox image is nearly 3GB. That is a lot of data to download, when you're looking to run slither against one specific versions of solc. I would like to propose that each version of solc get its own eth-security-toolbox tag.
I could create a driver script, which iterates through solc_releases (a la install_solc.sh), but executes docker build instead. However I am unclear how you want resulting images to be pushed. Is there a CI tool automatically building images for the project?
- Modify dockerfile, so only 1 version of solc is installed per build
- ensure the installed version is the global default, set by solc-select
- Create driver script, which runs
docker build --tag trailofbits/eth-security-toolbox:solc-$VERSION - Push the resulting image to hub.docker.com?
Can't run slither from docker image without interactive mode
Hi! As the title states, running the command:
docker run -v $(pwd):/tmp -w /tmp trailofbits/eth-security-toolbox slither contracts/manifold/lazyclaim/ERC721LazyClaim.sol
gives the error:
/home/ethsec/.local/bin/slither: line 4: import: command not found
/home/ethsec/.local/bin/slither: line 5: import: command not found
/home/ethsec/.local/bin/slither: line 7: from: command not found
/home/ethsec/.local/bin/slither: slither: line 10: syntax error near unexpected token `('
/home/ethsec/.local/bin/slither: slither: line 10: ` sys.argv[0] = re.sub(r'(-script\.pyw?|\.exe)?$', '', sys.argv[0])'The command runs in docker's interactive mode (using the flag -it), but I want to run slither directly from a script
ImportError: Missing some packages for native binary analysis. Please install them with pip3 install manticore[native]
Hi guys,
The docker image doesn't come already with the "manticore[native]" ?
I'm trying to use it with the following command. Do you see anything wrong?
docker run --entrypoint="" -v $PWD:/home/trufflecon/ --user $(id -u):$(id -g) trailofbits/eth-security-toolbox manticore .
Regards,
Add embark and embark-contract-info to the docker image
Slither supports now Embark, so we should add the framework to eth-security-toolbox.
Additionally Slither requires the @trailofbits/embark-contract-info embark plugin (https://github.com/crytic/embark-contract-info)
Add the smart contracts workshop materials
Install foundry
Add foundry to the Docker build.
Adding newer solc versions?
The latest version for solc is 0.8.3. Are you planning on having other versions updated?
Tag docker image with version
Hey guys, it would be great if you could tag the docker image in the registry with a specific version. Currently, only the latest tag is available and then can cause CI's to break, as we cannot select a certain version.
Update solc installation
eth-security-toolbox/Dockerfile
Line 42 in 54bec34
solc-select use latest
Update slither to v0.8.2
v0.8.2 adds support for custom errors
Temp Fix
Run pip3 install slither-analyzer --upgrade in the docker container
Echidna doesn't work
Running echidna-test in the container outputs Killed regardless of the input options.
- Docker version:
v20.10.6 - OS:
macOS 11.2.3 - Processor:
Apple M1 - Image ID:
2ad73f16de91
Error when buiding from the scratch
Here is the output :
ERROR [ 3/21] RUN apt-get -y remove solc
please take a look
Installed Node version creates issues with etheno --ganache
Node version installed in the container:
ethsec@6ab50b1ba5f1:~$ node --version
v14.16.0
causes an issue when running etheno --ganache as described here: crytic/etheno#72
Fix npm/npx support from the docker
Task Description
npm install/ npx are not working correctly from the docker:
$ npx [email protected] version
Error: EACCES: permission denied, mkdir '/home/ethsec/.npm/_npx'
It is the same for a npm install
Unhandled rejection Error: EACCES: permission denied, mkdir '/home/ethsec/.npm/_cacache'
We need to fix it. It is preventing Slither to run correctly with truffle: #9
Acceptance criteria
-
npx [email protected] versioncan run from the docker -
npm installcan run from the docker - Issue #9 is fixed
Required Skills
- Docker experience
Feel free to ask questions here, or join our slack (#ethereum)
Offer slimmer docker image options
The current latest image clocks in at nearly 14 gigs, making it one of the most gigantic images I've come across, and not really something I want to bring into a CI/CD pipeline. Could you offer some other tags that might have fewer tools/versions of solidity installed?
Install all versions of solc
Install as many versions of solc as possible and write a script to switch between them.
Adding new solc versions
Could you please add the latest solc versions >=0.5.14 that set the default EVM version to "Istanbul" ?
Slither fails to execute in latest docker tag
I cannot run slither with the latest docker tag of eth-security-toolbox. It appears npx is missing from the image. Current fix: manually running sudo npm install -g npx.
I am not sure what changed, but our project used to work fine, but now requires this manual step in between.
- Steps to reproduce:
- start eth-security-toolbox with mounted project
docker run -it -d -v /path/to/project:/share trailofbits/eth-security-toolbox cdinto project repository (cd /share)- run
slither .
- start eth-security-toolbox with mounted project
- Expected output:
- Slither code analysis.
- Actual output:
INFO:Slither:'npx [email protected] compile' running (use --truffle-version [email protected] to use specific version)
ERROR:root:Error in .
ERROR:root:Traceback (most recent call last):
File "/home/ethsec/.local/lib/python3.6/site-packages/slither/__main__.py", line 554, in main_impl
(results, number_contracts) = process(filename, args, detector_classes, printer_classes)
File "/home/ethsec/.local/lib/python3.6/site-packages/slither/__main__.py", line 57, in process
triage_mode=args.triage_mode)
File "/home/ethsec/.local/lib/python3.6/site-packages/slither/slither.py", line 58, in __init__
kwargs.get('truffle_version', None))
File "/home/ethsec/.local/lib/python3.6/site-packages/slither/slither.py", line 142, in _init_from_truffle
process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
File "/usr/lib/python3.6/subprocess.py", line 709, in __init__
restore_signals, start_new_session)
File "/usr/lib/python3.6/subprocess.py", line 1344, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'npx': 'npx'Fix automated build
Our automated docker build has been broken for some time. We should fix it, and/or consider moving to the github package registry
Use solc-select from pip
We can now remove
https://github.com/crytic/eth-security-toolbox/blob/3fa099cef9a70c5d65ce9c3dca8b945076b7ae11/Dockerfile#L9-L15
plus the related scripts, and use
pip install solc-select
solc-select install
Instead
etheno does not work
I've installed the latest version of trailofbits/eth-security-toolbox docker image, but ethen command fails.
ethsec@bbdbd6fa2619:~$ etheno
Traceback (most recent call last):
File "/home/ethsec/.local/lib/python3.6/site-packages/pkg_resources/__init__.py", line 573, in _build_master
ws.require(__requires__)
File "/home/ethsec/.local/lib/python3.6/site-packages/pkg_resources/__init__.py", line 891, in require
needed = self.resolve(parse_requirements(requirements))
File "/home/ethsec/.local/lib/python3.6/site-packages/pkg_resources/__init__.py", line 782, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (eth-utils 2.0.0 (/home/ethsec/.local/lib/python3.6/site-packages), Requirement.parse('eth-utils<2.0.0,>=1.9.5'), {'web3'})
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ethsec/.local/bin/etheno", line 33, in <module>
sys.exit(load_entry_point('etheno==0.2.4', 'console_scripts', 'etheno')())
File "/home/ethsec/.local/bin/etheno", line 25, in importlib_load_entry_point
return next(matches).load()
File "/home/ethsec/.local/lib/python3.6/site-packages/importlib_metadata/__init__.py", line 194, in load
module = import_module(match.group('module'))
File "/usr/lib/python3.6/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 994, in _gcd_import
File "<frozen importlib._bootstrap>", line 971, in _find_and_load
File "<frozen importlib._bootstrap>", line 941, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
File "<frozen importlib._bootstrap>", line 994, in _gcd_import
File "<frozen importlib._bootstrap>", line 971, in _find_and_load
File "<frozen importlib._bootstrap>", line 955, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 665, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 678, in exec_module
File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
File "/home/ethsec/.local/lib/python3.6/site-packages/etheno/__init__.py", line 1, in <module>
from .etheno import Etheno, EthenoPlugin
File "/home/ethsec/.local/lib/python3.6/site-packages/etheno/etheno.py", line 1, in <module>
import pkg_resources
File "/home/ethsec/.local/lib/python3.6/site-packages/pkg_resources/__init__.py", line 3266, in <module>
@_call_aside
File "/home/ethsec/.local/lib/python3.6/site-packages/pkg_resources/__init__.py", line 3241, in _call_aside
f(*args, **kwargs)
File "/home/ethsec/.local/lib/python3.6/site-packages/pkg_resources/__init__.py", line 3279, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File "/home/ethsec/.local/lib/python3.6/site-packages/pkg_resources/__init__.py", line 575, in _build_master
return cls._build_from_requirements(__requires__)
File "/home/ethsec/.local/lib/python3.6/site-packages/pkg_resources/__init__.py", line 588, in _build_from_requirements
dists = ws.resolve(reqs, Environment())
File "/home/ethsec/.local/lib/python3.6/site-packages/pkg_resources/__init__.py", line 777, in resolve
raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'rlp<3,>=1.0.0' distribution was not found and is required by eth-accountBest regards
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.