trailofbits / eth-security-toolbox Goto Github PK
View Code? Open in Web Editor NEWA Docker container preconfigured with all of the Trail of Bits Ethereum security tools.
License: GNU Affero General Public License v3.0
A Docker container preconfigured with all of the Trail of Bits Ethereum security tools.
License: GNU Affero General Public License v3.0
Please can you publish the latest docker image with slither 6.14?
kind regards
Any plans or work in progress to support Vyper?
If yes, is there a version manager like solc-select?
Please add linux/arm64 docker build to support M1 chips
I cannot run slither with the latest docker tag of eth-security-toolbox. After #8 was fixed, it now seems slither was "not compiled correctly".
This time, I have no idea how to provide a workaround.
docker run -it -d -v /path/to/project:/share trailofbits/eth-security-toolbox
cd
into project repository (cd /share
)slither .
ERROR:Slither:Invalid compilation
ERROR:Slither:Solidity version not found ['']
Docker image:
Using default tag: latest
latest: Pulling from trailofbits/eth-security-toolbox
Digest: sha256:38cde2135b8446a8e98d719543ff6647765352937f042d6608d50b88d3bf44b9
Status: Image is up to date for trailofbits/eth-security-toolbox:latest
Now that slither supports Vyper, perhaps we should include the binary in the docker image
https://github.com/crytic/slither/blob/e3dcf1ecd3e9de60da046de471c5663ab637993a/.github/workflows/test.yml#L60-L76
The eth-security-toolbox image is nearly 3GB. That is a lot of data to download, when you're looking to run slither against one specific versions of solc. I would like to propose that each version of solc get its own eth-security-toolbox tag.
I could create a driver script, which iterates through solc_releases (a la install_solc.sh), but executes docker build instead. However I am unclear how you want resulting images to be pushed. Is there a CI tool automatically building images for the project?
docker build --tag trailofbits/eth-security-toolbox:solc-$VERSION
Hi! As the title states, running the command:
docker run -v $(pwd):/tmp -w /tmp trailofbits/eth-security-toolbox slither contracts/manifold/lazyclaim/ERC721LazyClaim.sol
gives the error:
/home/ethsec/.local/bin/slither: line 4: import: command not found
/home/ethsec/.local/bin/slither: line 5: import: command not found
/home/ethsec/.local/bin/slither: line 7: from: command not found
/home/ethsec/.local/bin/slither: slither: line 10: syntax error near unexpected token `('
/home/ethsec/.local/bin/slither: slither: line 10: ` sys.argv[0] = re.sub(r'(-script\.pyw?|\.exe)?$', '', sys.argv[0])'
The command runs in docker's interactive mode (using the flag -it
), but I want to run slither directly from a script
Hi guys,
The docker image doesn't come already with the "manticore[native]" ?
I'm trying to use it with the following command. Do you see anything wrong?
docker run --entrypoint="" -v $PWD:/home/trufflecon/ --user $(id -u):$(id -g) trailofbits/eth-security-toolbox manticore .
Regards,
Slither supports now Embark, so we should add the framework to eth-security-toolbox
.
Additionally Slither requires the @trailofbits/embark-contract-info
embark plugin (https://github.com/crytic/embark-contract-info)
Add foundry to the Docker build.
The latest version for solc is 0.8.3. Are you planning on having other versions updated?
Hey guys, it would be great if you could tag the docker image in the registry with a specific version. Currently, only the latest
tag is available and then can cause CI's to break, as we cannot select a certain version.
eth-security-toolbox/Dockerfile
Line 42 in 54bec34
solc-select use latest
v0.8.2 adds support for custom errors
Run pip3 install slither-analyzer --upgrade
in the docker container
Running echidna-test
in the container outputs Killed
regardless of the input options.
v20.10.6
macOS 11.2.3
Apple M1
2ad73f16de91
Here is the output :
ERROR [ 3/21] RUN apt-get -y remove solc
please take a look
Node version installed in the container:
ethsec@6ab50b1ba5f1:~$ node --version
v14.16.0
causes an issue when running etheno --ganache
as described here: crytic/etheno#72
npm install
/ npx
are not working correctly from the docker:
$ npx [email protected] version
Error: EACCES: permission denied, mkdir '/home/ethsec/.npm/_npx'
It is the same for a npm install
Unhandled rejection Error: EACCES: permission denied, mkdir '/home/ethsec/.npm/_cacache'
We need to fix it. It is preventing Slither to run correctly with truffle: #9
npx [email protected] version
can run from the dockernpm install
can run from the dockerFeel free to ask questions here, or join our slack (#ethereum)
The current latest
image clocks in at nearly 14 gigs, making it one of the most gigantic images I've come across, and not really something I want to bring into a CI/CD pipeline. Could you offer some other tags that might have fewer tools/versions of solidity installed?
Install as many versions of solc as possible and write a script to switch between them.
Could you please add the latest solc versions >=0.5.14 that set the default EVM version to "Istanbul" ?
I cannot run slither with the latest docker tag of eth-security-toolbox. It appears npx
is missing from the image. Current fix: manually running sudo npm install -g npx
.
I am not sure what changed, but our project used to work fine, but now requires this manual step in between.
docker run -it -d -v /path/to/project:/share trailofbits/eth-security-toolbox
cd
into project repository (cd /share
)slither .
INFO:Slither:'npx [email protected] compile' running (use --truffle-version [email protected] to use specific version)
ERROR:root:Error in .
ERROR:root:Traceback (most recent call last):
File "/home/ethsec/.local/lib/python3.6/site-packages/slither/__main__.py", line 554, in main_impl
(results, number_contracts) = process(filename, args, detector_classes, printer_classes)
File "/home/ethsec/.local/lib/python3.6/site-packages/slither/__main__.py", line 57, in process
triage_mode=args.triage_mode)
File "/home/ethsec/.local/lib/python3.6/site-packages/slither/slither.py", line 58, in __init__
kwargs.get('truffle_version', None))
File "/home/ethsec/.local/lib/python3.6/site-packages/slither/slither.py", line 142, in _init_from_truffle
process = subprocess.Popen(cmd, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
File "/usr/lib/python3.6/subprocess.py", line 709, in __init__
restore_signals, start_new_session)
File "/usr/lib/python3.6/subprocess.py", line 1344, in _execute_child
raise child_exception_type(errno_num, err_msg, err_filename)
FileNotFoundError: [Errno 2] No such file or directory: 'npx': 'npx'
Our automated docker build has been broken for some time. We should fix it, and/or consider moving to the github package registry
We can now remove
https://github.com/crytic/eth-security-toolbox/blob/3fa099cef9a70c5d65ce9c3dca8b945076b7ae11/Dockerfile#L9-L15
plus the related scripts, and use
pip install solc-select
solc-select install
Instead
I've installed the latest
version of trailofbits/eth-security-toolbox
docker image, but ethen
command fails.
ethsec@bbdbd6fa2619:~$ etheno
Traceback (most recent call last):
File "/home/ethsec/.local/lib/python3.6/site-packages/pkg_resources/__init__.py", line 573, in _build_master
ws.require(__requires__)
File "/home/ethsec/.local/lib/python3.6/site-packages/pkg_resources/__init__.py", line 891, in require
needed = self.resolve(parse_requirements(requirements))
File "/home/ethsec/.local/lib/python3.6/site-packages/pkg_resources/__init__.py", line 782, in resolve
raise VersionConflict(dist, req).with_context(dependent_req)
pkg_resources.ContextualVersionConflict: (eth-utils 2.0.0 (/home/ethsec/.local/lib/python3.6/site-packages), Requirement.parse('eth-utils<2.0.0,>=1.9.5'), {'web3'})
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File "/home/ethsec/.local/bin/etheno", line 33, in <module>
sys.exit(load_entry_point('etheno==0.2.4', 'console_scripts', 'etheno')())
File "/home/ethsec/.local/bin/etheno", line 25, in importlib_load_entry_point
return next(matches).load()
File "/home/ethsec/.local/lib/python3.6/site-packages/importlib_metadata/__init__.py", line 194, in load
module = import_module(match.group('module'))
File "/usr/lib/python3.6/importlib/__init__.py", line 126, in import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 994, in _gcd_import
File "<frozen importlib._bootstrap>", line 971, in _find_and_load
File "<frozen importlib._bootstrap>", line 941, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
File "<frozen importlib._bootstrap>", line 994, in _gcd_import
File "<frozen importlib._bootstrap>", line 971, in _find_and_load
File "<frozen importlib._bootstrap>", line 955, in _find_and_load_unlocked
File "<frozen importlib._bootstrap>", line 665, in _load_unlocked
File "<frozen importlib._bootstrap_external>", line 678, in exec_module
File "<frozen importlib._bootstrap>", line 219, in _call_with_frames_removed
File "/home/ethsec/.local/lib/python3.6/site-packages/etheno/__init__.py", line 1, in <module>
from .etheno import Etheno, EthenoPlugin
File "/home/ethsec/.local/lib/python3.6/site-packages/etheno/etheno.py", line 1, in <module>
import pkg_resources
File "/home/ethsec/.local/lib/python3.6/site-packages/pkg_resources/__init__.py", line 3266, in <module>
@_call_aside
File "/home/ethsec/.local/lib/python3.6/site-packages/pkg_resources/__init__.py", line 3241, in _call_aside
f(*args, **kwargs)
File "/home/ethsec/.local/lib/python3.6/site-packages/pkg_resources/__init__.py", line 3279, in _initialize_master_working_set
working_set = WorkingSet._build_master()
File "/home/ethsec/.local/lib/python3.6/site-packages/pkg_resources/__init__.py", line 575, in _build_master
return cls._build_from_requirements(__requires__)
File "/home/ethsec/.local/lib/python3.6/site-packages/pkg_resources/__init__.py", line 588, in _build_from_requirements
dists = ws.resolve(reqs, Environment())
File "/home/ethsec/.local/lib/python3.6/site-packages/pkg_resources/__init__.py", line 777, in resolve
raise DistributionNotFound(req, requirers)
pkg_resources.DistributionNotFound: The 'rlp<3,>=1.0.0' distribution was not found and is required by eth-account
Best regards
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.