From 0f5e0e7997dd241c200d03597058c34b57038d78 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20M=2E=20Gonz=C3=A1lez?= Date: Thu, 31 Oct 2024 13:06:57 -0300 Subject: [PATCH 01/17] Fixed broken testing script. --- run-tests.sh | 3 +++ scripts/run-tests.py | 47 +++++++++++++++++++++++++++++-------------- scripts/run-tests2.py | 10 +++++++++ 3 files changed, 45 insertions(+), 15 deletions(-) create mode 100644 run-tests.sh create mode 100644 scripts/run-tests2.py diff --git a/run-tests.sh b/run-tests.sh new file mode 100644 index 00000000..84b6045c --- /dev/null +++ b/run-tests.sh @@ -0,0 +1,3 @@ +#!/bin/sh +#This script is here for convenience only. Do not use it in CI/CD. +python3 scripts/run-tests2.py diff --git a/scripts/run-tests.py b/scripts/run-tests.py index 300aea2f..79b9db8e 100644 --- a/scripts/run-tests.py +++ b/scripts/run-tests.py @@ -1,6 +1,8 @@ import os import argparse import time +import tempfile +import json from utils import ( parse_json_from_string, @@ -14,7 +16,6 @@ GREEN = "\033[92m" ENDC = "\033[0m" - def run_tests(detector): errors = [] directory = os.path.join("test-cases", detector) @@ -27,17 +28,19 @@ def run_tests(detector): if is_rust_project(root): if run_unit_tests(root): errors.append(root) - if run_integration_tests(detector, root): + if not run_integration_tests(detector, root): errors.append(root) return errors +def convert_code(s): + return s.replace('_', '-') def run_unit_tests(root): start_time = time.time() - returncode, _, stderr = run_subprocess(["cargo", "test", "--all-features"], root) + returncode, stdout, _ = run_subprocess(["cargo", "test", "--all-features"], root) print_results( returncode, - stderr, + stdout, "unit-test", root, time.time() - start_time, @@ -48,8 +51,6 @@ def run_unit_tests(root): def run_integration_tests(detector, root): start_time = time.time() - detectors_path = os.path.join(os.getcwd(), "detectors") - returncode, stdout, _ = run_subprocess( [ "cargo", @@ -58,12 +59,11 @@ def run_integration_tests(detector, root): detector, "--metadata", "--local-detectors", - detectors_path, + os.path.join(os.getcwd(), "detectors"), ], root, ) - #print("stderr: ", stderr.read()) if stdout is None: print( f"{RED}Failed to run integration tests in {root} - Metadata returned empty.{ENDC}" @@ -73,13 +73,15 @@ def run_integration_tests(detector, root): detector_metadata = parse_json_from_string(stdout) if not isinstance(detector_metadata, dict): - print("Failed to extract JSON:\n", detector_metadata) + print("Failed to extract JSON:", detector_metadata) return True detector_key = detector.replace("-", "_") short_message = detector_metadata.get(detector_key, {}).get("short_message") - returncode, stdout, stderr = run_subprocess( + _, tempPath = tempfile.mkstemp(None, f'scout_{os.getpid()}_') + + returncode, _, stderr = run_subprocess( [ "cargo", "scout-audit", @@ -87,22 +89,37 @@ def run_integration_tests(detector, root): detector, "--local-detectors", os.path.join(os.getcwd(), "detectors"), + "--output-format", + "raw-json", + "--output-path", + tempPath, ], root, ) - should_lint = root.endswith("vulnerable-example") - if should_lint and short_message and short_message not in stdout: - returncode = 1 + if returncode != 0: + print(f"{RED}Scout failed to run.{ENDC}") + return False + + should_fail = "vulnerable" in root + did_fail = False + + with open(tempPath) as file: + detectors_triggered = {convert_code(json.loads(line.rstrip())['code']['code']) for line in file} + did_fail = detector in detectors_triggered + if should_fail != did_fail: + explanation = "it failed when it shouldn't have" if did_fail else "it didn't fail when it should have" + print(f"{RED}Test case {root} didn't pass because {explanation}.{ENDC}") + return False print_results( returncode, - stdout, + stderr, "integration-test", root, time.time() - start_time, ) - return returncode != 0 + return True if __name__ == "__main__": diff --git a/scripts/run-tests2.py b/scripts/run-tests2.py new file mode 100644 index 00000000..3d8571d1 --- /dev/null +++ b/scripts/run-tests2.py @@ -0,0 +1,10 @@ +#This script is here for convenience only. Do not use it in CI/CD. +import os +import stat + +def is_dir(path): + return stat.S_ISDIR(os.stat(path).st_mode) + +for name in os.listdir('test-cases'): + if is_dir('test-cases/' + name) and name[0:1] != '.' and name != 'target': + os.system(f'python3 scripts/run-tests.py --detector={name}') From f497340571a2d9ec5ed754ff1a1e8d55bd62226c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20M=2E=20Gonz=C3=A1lez?= Date: Thu, 31 Oct 2024 13:08:13 -0300 Subject: [PATCH 02/17] Changed file mode. --- run-tests.sh | 0 1 file changed, 0 insertions(+), 0 deletions(-) mode change 100644 => 100755 run-tests.sh diff --git a/run-tests.sh b/run-tests.sh old mode 100644 new mode 100755 From bbb681b39293a59657f4b52c9716047ae23d1c3a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20M=2E=20Gonz=C3=A1lez?= Date: Thu, 31 Oct 2024 13:38:03 -0300 Subject: [PATCH 03/17] Fixed soroban-version/remediated. --- .../soroban-version-1/remediated-example/Cargo.toml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test-cases/soroban-version/soroban-version-1/remediated-example/Cargo.toml b/test-cases/soroban-version/soroban-version-1/remediated-example/Cargo.toml index 1b1850f3..13886518 100644 --- a/test-cases/soroban-version/soroban-version-1/remediated-example/Cargo.toml +++ b/test-cases/soroban-version/soroban-version-1/remediated-example/Cargo.toml @@ -7,10 +7,10 @@ version = "0.1.0" crate-type = ["cdylib"] [dependencies] -soroban-sdk = { version = "=21.4.0" } +soroban-sdk = { version = "=21.7.6" } [dev-dependencies] -soroban-sdk = { version = "=21.4.0", features = ["testutils"] } +soroban-sdk = { version = "=21.7.6", features = ["testutils"] } [features] testutils = ["soroban-sdk/testutils"] From 311474724099d5949f9a07505e0d6235b68e3cdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20M=2E=20Gonz=C3=A1lez?= Date: Thu, 31 Oct 2024 13:46:17 -0300 Subject: [PATCH 04/17] Fixed assert-violation/vulnerable. --- test-cases/assert-violation/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-cases/assert-violation/Cargo.toml b/test-cases/assert-violation/Cargo.toml index 4aa7883f..be5ff97b 100644 --- a/test-cases/assert-violation/Cargo.toml +++ b/test-cases/assert-violation/Cargo.toml @@ -4,7 +4,7 @@ members = ["assert-violation-*/*"] resolver = "2" [workspace.dependencies] -soroban-sdk = { version = "=21.4.0" } +soroban-sdk = { version = "=21.7.6" } [profile.release] codegen-units = 1 From 61293057824081ef2d65b50d0f77d9f4b3d454cb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20M=2E=20Gonz=C3=A1lez?= Date: Thu, 31 Oct 2024 13:54:05 -0300 Subject: [PATCH 05/17] Fixed unnecessary-lint-allow/remediated. --- scripts/run-tests.py | 55 +++++++++++++++++++++++++++++++------------- 1 file changed, 39 insertions(+), 16 deletions(-) diff --git a/scripts/run-tests.py b/scripts/run-tests.py index 79b9db8e..eb8dcf95 100644 --- a/scripts/run-tests.py +++ b/scripts/run-tests.py @@ -48,9 +48,12 @@ def run_unit_tests(root): return returncode != 0 + def run_integration_tests(detector, root): start_time = time.time() + local_detectors = os.path.join(os.getcwd(), "detectors") + returncode, stdout, _ = run_subprocess( [ "cargo", @@ -59,7 +62,7 @@ def run_integration_tests(detector, root): detector, "--metadata", "--local-detectors", - os.path.join(os.getcwd(), "detectors"), + local_detectors, ], root, ) @@ -81,21 +84,41 @@ def run_integration_tests(detector, root): _, tempPath = tempfile.mkstemp(None, f'scout_{os.getpid()}_') - returncode, _, stderr = run_subprocess( - [ - "cargo", - "scout-audit", - "--filter", - detector, - "--local-detectors", - os.path.join(os.getcwd(), "detectors"), - "--output-format", - "raw-json", - "--output-path", - tempPath, - ], - root, - ) + returncode = None + stderr = None + + if detector != "unnecessary-lint-allow": + returncode, _, stderr = run_subprocess( + [ + "cargo", + "scout-audit", + "--filter", + detector, + "--local-detectors", + local_detectors, + "--output-format", + "raw-json", + "--output-path", + tempPath, + ], + root, + ) + else: + #We need to handle this case differently, because using filter will + #cause other detectors to not run, making the test case invalid. + returncode, _, stderr = run_subprocess( + [ + "cargo", + "scout-audit", + "--local-detectors", + local_detectors, + "--output-format", + "raw-json", + "--output-path", + tempPath, + ], + root, + ) if returncode != 0: print(f"{RED}Scout failed to run.{ENDC}") From dcd09a3bca82c67104cf085f6c61d1279580cbd7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20M=2E=20Gonz=C3=A1lez?= Date: Thu, 31 Oct 2024 14:02:57 -0300 Subject: [PATCH 06/17] Fixed token-interface-events/remediated. --- .../token-interface-events-1/remediated-example/src/lib.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/test-cases/token-interface-events/token-interface-events-1/remediated-example/src/lib.rs b/test-cases/token-interface-events/token-interface-events-1/remediated-example/src/lib.rs index 5417416e..14f62606 100644 --- a/test-cases/token-interface-events/token-interface-events-1/remediated-example/src/lib.rs +++ b/test-cases/token-interface-events/token-interface-events-1/remediated-example/src/lib.rs @@ -78,7 +78,8 @@ impl TokenInterfaceEvents { } pub fn mint(env: Env, to: Address, amount: i128) { - Self::get_metadata(env.clone()).admin.require_auth(); + let admin = Self::get_metadata(env.clone()).admin; + admin.require_auth(); let previous_balance: i128 = env .clone() .storage() @@ -87,7 +88,8 @@ impl TokenInterfaceEvents { .unwrap_or(0); env.storage() .instance() - .set(&DataKey::Balance(to), &(previous_balance + amount)); + .set(&DataKey::Balance(to.clone()), &(previous_balance + amount)); + TokenUtils::new(&env).events().mint(admin, to, amount); } fn get_allowance(env: Env, from: Address, spender: Address) -> AllowanceFromSpender { From f8b6f75929cfa830b23bda6a7a20c480caf19f41 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20M=2E=20Gonz=C3=A1lez?= Date: Thu, 31 Oct 2024 14:05:38 -0300 Subject: [PATCH 07/17] Fixed integer-overflow-or-underflow/vulnerable. --- test-cases/integer-overflow-or-underflow/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-cases/integer-overflow-or-underflow/Cargo.toml b/test-cases/integer-overflow-or-underflow/Cargo.toml index aa613703..9480a3e6 100644 --- a/test-cases/integer-overflow-or-underflow/Cargo.toml +++ b/test-cases/integer-overflow-or-underflow/Cargo.toml @@ -4,7 +4,7 @@ members = ["integer-overflow-or-underflow-*/*"] resolver = "2" [workspace.dependencies] -soroban-sdk = { version = "=21.4.0" } +soroban-sdk = { version = "=21.7.6" } [profile.release] codegen-units = 1 From 178e3f26588b7e3528e69dc58712a2d64f6a461e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20M=2E=20Gonz=C3=A1lez?= Date: Thu, 31 Oct 2024 14:11:29 -0300 Subject: [PATCH 08/17] Fixed integer-overflow-or-underflow detector. --- .../integer-overflow-or-underflow/src/lib.rs | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/detectors/integer-overflow-or-underflow/src/lib.rs b/detectors/integer-overflow-or-underflow/src/lib.rs index 130b844a..64ebe621 100644 --- a/detectors/integer-overflow-or-underflow/src/lib.rs +++ b/detectors/integer-overflow-or-underflow/src/lib.rs @@ -16,7 +16,7 @@ use utils::ConstantAnalyzer; pub const LINT_MESSAGE: &str = "Potential for integer arithmetic overflow/underflow. Consider checked, wrapping or saturating arithmetic."; dylint_linting::declare_late_lint! { - pub INTEGER_OVERFLOW_UNDERFLOW, + pub INTEGER_OVERFLOW_OR_UNDERFLOW, Warn, LINT_MESSAGE, { @@ -30,7 +30,7 @@ dylint_linting::declare_late_lint! { enum Type { Overflow, Underflow, - OverflowUnderflow, + OverflowAndUnderflow, } impl Type { @@ -38,7 +38,7 @@ impl Type { match self { Type::Overflow => "overflow", Type::Underflow => "underflow", - Type::OverflowUnderflow => "overflow or underflow", + Type::OverflowAndUnderflow => "overflow or underflow", } } } @@ -84,14 +84,14 @@ impl Finding { ) } } -pub struct IntegerOverflowUnderflowVisitor<'a, 'tcx> { +pub struct IntegerOverflowOrUnderflowVisitor<'a, 'tcx> { cx: &'a LateContext<'tcx>, findings: Vec, is_complex_operation: bool, constant_analyzer: ConstantAnalyzer<'a, 'tcx>, } -impl<'tcx> IntegerOverflowUnderflowVisitor<'_, 'tcx> { +impl<'tcx> IntegerOverflowOrUnderflowVisitor<'_, 'tcx> { pub fn check_pow(&mut self, expr: &Expr<'tcx>, base: &Expr<'tcx>, exponent: &Expr<'tcx>) { if self.constant_analyzer.is_constant(base) && self.constant_analyzer.is_constant(exponent) { @@ -137,7 +137,7 @@ impl<'tcx> IntegerOverflowUnderflowVisitor<'_, 'tcx> { } let (finding_type, cause) = if self.is_complex_operation { - (Type::OverflowUnderflow, Cause::Multiple) + (Type::OverflowAndUnderflow, Cause::Multiple) } else { match op { BinOpKind::Add => (Type::Overflow, Cause::Add), @@ -152,7 +152,7 @@ impl<'tcx> IntegerOverflowUnderflowVisitor<'_, 'tcx> { } } -impl<'a, 'tcx> Visitor<'tcx> for IntegerOverflowUnderflowVisitor<'a, 'tcx> { +impl<'a, 'tcx> Visitor<'tcx> for IntegerOverflowOrUnderflowVisitor<'a, 'tcx> { fn visit_expr(&mut self, expr: &'tcx Expr<'tcx>) { match expr.kind { ExprKind::Binary(op, lhs, rhs) | ExprKind::AssignOp(op, lhs, rhs) => { @@ -178,7 +178,7 @@ impl<'a, 'tcx> Visitor<'tcx> for IntegerOverflowUnderflowVisitor<'a, 'tcx> { } } -impl<'tcx> LateLintPass<'tcx> for IntegerOverflowUnderflow { +impl<'tcx> LateLintPass<'tcx> for IntegerOverflowOrUnderflow { fn check_fn( &mut self, cx: &LateContext<'tcx>, @@ -201,7 +201,7 @@ impl<'tcx> LateLintPass<'tcx> for IntegerOverflowUnderflow { constant_analyzer.visit_body(body); // Analyze the function for integer overflow/underflow - let mut visitor = IntegerOverflowUnderflowVisitor { + let mut visitor = IntegerOverflowOrUnderflowVisitor { cx, findings: Vec::new(), is_complex_operation: false, @@ -213,7 +213,7 @@ impl<'tcx> LateLintPass<'tcx> for IntegerOverflowUnderflow { for finding in visitor.findings { span_lint_and_help( cx, - INTEGER_OVERFLOW_UNDERFLOW, + INTEGER_OVERFLOW_OR_UNDERFLOW, finding.span, finding.generate_message(), None, From f825925994209886cdd15d68b76e0ffd579af4fc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20M=2E=20Gonz=C3=A1lez?= Date: Thu, 31 Oct 2024 14:17:10 -0300 Subject: [PATCH 09/17] Fixed avoid-panic-error test case. --- test-cases/avoid-panic-error/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-cases/avoid-panic-error/Cargo.toml b/test-cases/avoid-panic-error/Cargo.toml index 993a8540..4e7a72b0 100644 --- a/test-cases/avoid-panic-error/Cargo.toml +++ b/test-cases/avoid-panic-error/Cargo.toml @@ -4,7 +4,7 @@ members = ["avoid-panic-error-*/*"] resolver = "2" [workspace.dependencies] -soroban-sdk = { version = "=21.4.0" } +soroban-sdk = { version = "=21.7.6" } [profile.release] codegen-units = 1 From 8f4ae3130b33363ce4375ac2c913f4adaedac2cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20M=2E=20Gonz=C3=A1lez?= Date: Thu, 31 Oct 2024 14:17:34 -0300 Subject: [PATCH 10/17] Fixed dos-unexpected-revert-with-vector detector. --- .../dos-unexpected-revert-with-vector/src/lib.rs | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/detectors/dos-unexpected-revert-with-vector/src/lib.rs b/detectors/dos-unexpected-revert-with-vector/src/lib.rs index 19e07564..0424eebf 100644 --- a/detectors/dos-unexpected-revert-with-vector/src/lib.rs +++ b/detectors/dos-unexpected-revert-with-vector/src/lib.rs @@ -18,10 +18,10 @@ use rustc_span::Span; const LINT_MESSAGE: &str = "This vector operation is called without access control"; dylint_linting::impl_late_lint! { - pub UNEXPECTED_REVERT_WARN, + pub DOS_UNEXPECTED_REVERT_WITH_VECTOR, Warn, "", - UnexpectedRevertWarn::default(), + DosUnexpectedRevertWithVector::default(), { name: "Unexpected Revert Inserting to Storage", long_message: " It occurs by preventing transactions by other users from being successfully executed forcing the blockchain state to revert to its original state.", @@ -32,14 +32,14 @@ dylint_linting::impl_late_lint! { } #[derive(Default)] -pub struct UnexpectedRevertWarn {} -impl UnexpectedRevertWarn { +pub struct DosUnexpectedRevertWithVector {} +impl DosUnexpectedRevertWithVector { pub fn new() -> Self { Self {} } } -impl<'tcx> LateLintPass<'tcx> for UnexpectedRevertWarn { +impl<'tcx> LateLintPass<'tcx> for DosUnexpectedRevertWithVector { fn check_fn( &mut self, cx: &LateContext<'tcx>, @@ -87,7 +87,7 @@ impl<'tcx> LateLintPass<'tcx> for UnexpectedRevertWarn { if uvf_storage.push_def_id.is_some() && !uvf_storage.require_auth { span_lint( uvf_storage.cx, - UNEXPECTED_REVERT_WARN, + DOS_UNEXPECTED_REVERT_WITH_VECTOR, uvf_storage.push_span.unwrap(), LINT_MESSAGE, ); From 43ae9cb64a5fbcb4f9cdc6384e2deb8ccf9901c1 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20M=2E=20Gonz=C3=A1lez?= Date: Thu, 31 Oct 2024 14:20:11 -0300 Subject: [PATCH 11/17] Fixed unnecessary-admin-parameter test cases. --- test-cases/unnecessary-admin-parameter/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-cases/unnecessary-admin-parameter/Cargo.toml b/test-cases/unnecessary-admin-parameter/Cargo.toml index 36e93130..c5ccb679 100644 --- a/test-cases/unnecessary-admin-parameter/Cargo.toml +++ b/test-cases/unnecessary-admin-parameter/Cargo.toml @@ -4,7 +4,7 @@ members = ["unnecessary-admin-parameter-*/*"] resolver = "2" [workspace.dependencies] -soroban-sdk = { version = "=21.6.0" } +soroban-sdk = { version = "=21.7.6" } [profile.release] codegen-units = 1 From 1d589d9c6eeb4c2872ba4d2ca675b39e0aa14f5d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20M=2E=20Gonz=C3=A1lez?= Date: Thu, 31 Oct 2024 14:24:30 -0300 Subject: [PATCH 12/17] Fixed front-running test cases. --- test-cases/front-running/Cargo.toml | 3 ++- .../front-running-1/remediated-example/Cargo.toml | 6 +++--- .../front-running-1/vulnerable-example/Cargo.toml | 6 +++--- 3 files changed, 8 insertions(+), 7 deletions(-) diff --git a/test-cases/front-running/Cargo.toml b/test-cases/front-running/Cargo.toml index 5a1bfab3..34dcc421 100644 --- a/test-cases/front-running/Cargo.toml +++ b/test-cases/front-running/Cargo.toml @@ -4,7 +4,8 @@ members = ["front-running-*/*"] resolver = "2" [workspace.dependencies] -soroban-sdk = { version = "=20.0.0" } +soroban-sdk = { version = "=21.7.6" } +soroban-token-sdk = { version = "=21.7.6" } [profile.release] codegen-units = 1 diff --git a/test-cases/front-running/front-running-1/remediated-example/Cargo.toml b/test-cases/front-running/front-running-1/remediated-example/Cargo.toml index a9947e6b..0634f3f0 100644 --- a/test-cases/front-running/front-running-1/remediated-example/Cargo.toml +++ b/test-cases/front-running/front-running-1/remediated-example/Cargo.toml @@ -7,11 +7,11 @@ version = "0.1.0" crate-type = ["cdylib"] [dependencies] -soroban-sdk = { version = "20.0.0" } -soroban-token-sdk = { version = "20.0.0" } +soroban-sdk = { workspace = true } +soroban-token-sdk = { workspace = true } [dev-dependencies] -soroban-sdk = { version = "20.0.0", features = ["testutils"] } +soroban-sdk = { workspace = true, features = ["testutils"] } [features] testutils = ["soroban-sdk/testutils"] diff --git a/test-cases/front-running/front-running-1/vulnerable-example/Cargo.toml b/test-cases/front-running/front-running-1/vulnerable-example/Cargo.toml index 77555903..2d04cfab 100644 --- a/test-cases/front-running/front-running-1/vulnerable-example/Cargo.toml +++ b/test-cases/front-running/front-running-1/vulnerable-example/Cargo.toml @@ -7,11 +7,11 @@ version = "0.1.0" crate-type = ["cdylib"] [dependencies] -soroban-sdk = { version = "20.0.0" } -soroban-token-sdk = { version = "20.0.0" } +soroban-sdk = { workspace = true } +soroban-token-sdk = { workspace = true } [dev-dependencies] -soroban-sdk = { version = "20.0.0", features = ["testutils"] } +soroban-sdk = { workspace = true, features = ["testutils"] } [features] testutils = ["soroban-sdk/testutils"] From 3f3a96d41ca1c58bd40222d6831246d12874ba67 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20M=2E=20Gonz=C3=A1lez?= Date: Thu, 31 Oct 2024 14:33:53 -0300 Subject: [PATCH 13/17] Fixed unsafe-map-get test cases. --- test-cases/unsafe-map-get/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-cases/unsafe-map-get/Cargo.toml b/test-cases/unsafe-map-get/Cargo.toml index 3a88faaa..55d75246 100644 --- a/test-cases/unsafe-map-get/Cargo.toml +++ b/test-cases/unsafe-map-get/Cargo.toml @@ -4,7 +4,7 @@ members = ["unsafe-map-get-*/*"] resolver = "2" [workspace.dependencies] -soroban-sdk = { version = "=21.4.0" } +soroban-sdk = { version = "=21.7.6" } [profile.release] codegen-units = 1 From 93b89e1883be4b63246f78d9daf30df19e3b5801 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20M=2E=20Gonz=C3=A1lez?= Date: Thu, 31 Oct 2024 14:34:11 -0300 Subject: [PATCH 14/17] Fixed iterators-over-indexing detector. --- detectors/iterators-over-indexing/src/lib.rs | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/detectors/iterators-over-indexing/src/lib.rs b/detectors/iterators-over-indexing/src/lib.rs index 4f39260e..63c5a3a4 100644 --- a/detectors/iterators-over-indexing/src/lib.rs +++ b/detectors/iterators-over-indexing/src/lib.rs @@ -27,7 +27,7 @@ const LINT_MESSAGE: &str = "Hardcoding an index could lead to panic if the top bound is out of bounds."; dylint_linting::declare_late_lint! { - pub ITERATOR_OVER_INDEXING, + pub ITERATORS_OVER_INDEXING, Warn, LINT_MESSAGE, { @@ -365,7 +365,7 @@ impl<'a, 'b> Visitor<'a> for ForLoopVisitor<'a, 'b> { } } -impl<'tcx> LateLintPass<'tcx> for IteratorOverIndexing { +impl<'tcx> LateLintPass<'tcx> for IteratorsOverIndexing { fn check_fn( &mut self, cx: &rustc_lint::LateContext<'tcx>, @@ -388,7 +388,7 @@ impl<'tcx> LateLintPass<'tcx> for IteratorOverIndexing { for span in span_constant { span_lint_and_help( cx, - ITERATOR_OVER_INDEXING, + ITERATORS_OVER_INDEXING, span, LINT_MESSAGE, None, From 8c5bba67c5fda1b42a477a5fea8618a28585d695 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20M=2E=20Gonz=C3=A1lez?= Date: Thu, 31 Oct 2024 14:43:49 -0300 Subject: [PATCH 15/17] Fixed unsafe-expect test cases. --- test-cases/unsafe-expect/Cargo.toml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/test-cases/unsafe-expect/Cargo.toml b/test-cases/unsafe-expect/Cargo.toml index d220ab60..10a63775 100644 --- a/test-cases/unsafe-expect/Cargo.toml +++ b/test-cases/unsafe-expect/Cargo.toml @@ -4,7 +4,7 @@ members = ["unsafe-expect-*/*"] resolver = "2" [workspace.dependencies] -soroban-sdk = { version = "=21.4.0" } +soroban-sdk = { version = "=21.7.6" } [profile.release] codegen-units = 1 From df8e20253b6f337ea27e20a785f0598e24aecd24 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20M=2E=20Gonz=C3=A1lez?= Date: Thu, 31 Oct 2024 14:55:28 -0300 Subject: [PATCH 16/17] Fixed token-interface-events test case. --- test-cases/token-interface-events/Cargo.toml | 4 ++-- .../remediated-example/Cargo.toml | 8 ++++---- .../vulnerable-example/Cargo.toml | 8 ++++---- 3 files changed, 10 insertions(+), 10 deletions(-) diff --git a/test-cases/token-interface-events/Cargo.toml b/test-cases/token-interface-events/Cargo.toml index 257b9d87..03622046 100644 --- a/test-cases/token-interface-events/Cargo.toml +++ b/test-cases/token-interface-events/Cargo.toml @@ -4,8 +4,8 @@ members = ["token-interface-events-*/*"] resolver = "2" [workspace.dependencies] -soroban-sdk = { version = "=21.4.0" } -soroban-token-sdk = { version = "21.4.0" } +soroban-sdk = { version = "=21.7.6" } +soroban-token-sdk = { version = "=21.7.6" } [profile.release] codegen-units = 1 diff --git a/test-cases/token-interface-events/token-interface-events-1/remediated-example/Cargo.toml b/test-cases/token-interface-events/token-interface-events-1/remediated-example/Cargo.toml index cd132465..5cdc2f09 100644 --- a/test-cases/token-interface-events/token-interface-events-1/remediated-example/Cargo.toml +++ b/test-cases/token-interface-events/token-interface-events-1/remediated-example/Cargo.toml @@ -7,13 +7,13 @@ edition = "2021" crate-type = ["cdylib"] [dependencies] -soroban-sdk = "=21.4.0" -soroban-token-sdk = { version = "21.4.0" } +soroban-sdk = { workspace = true } +soroban-token-sdk = { workspace = true } [dev_dependencies] -soroban-sdk = { version = "=21.4.0", features = ["testutils"] } -soroban-token-sdk = { version = "21.4.0" } +soroban-sdk = { workspace = true, features = ["testutils"] } +soroban-token-sdk = { workspace = true } [features] diff --git a/test-cases/token-interface-events/token-interface-events-1/vulnerable-example/Cargo.toml b/test-cases/token-interface-events/token-interface-events-1/vulnerable-example/Cargo.toml index 8fd75f45..3f0dc267 100644 --- a/test-cases/token-interface-events/token-interface-events-1/vulnerable-example/Cargo.toml +++ b/test-cases/token-interface-events/token-interface-events-1/vulnerable-example/Cargo.toml @@ -7,13 +7,13 @@ edition = "2021" crate-type = ["cdylib"] [dependencies] -soroban-sdk = "=21.4.0" -soroban-token-sdk = { version = "21.4.0" } +soroban-sdk = { workspace = true } +soroban-token-sdk = { workspace = true } [dev_dependencies] -soroban-sdk = { version = "=21.4.0", features = ["testutils"] } -soroban-token-sdk = { version = "21.4.0" } +soroban-sdk = { workspace = true, features = ["testutils"] } +soroban-token-sdk = { workspace = true } [features] From 57826b02de4aaf24c3d81a2f74a7a2bcbb3f654c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?V=C3=ADctor=20M=2E=20Gonz=C3=A1lez?= Date: Thu, 31 Oct 2024 15:26:43 -0300 Subject: [PATCH 17/17] Fixed Clippy errors. --- .../front-running-1/remediated-example/src/lib.rs | 14 +++++++------- .../front-running-1/vulnerable-example/src/lib.rs | 10 +++++----- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/test-cases/front-running/front-running-1/remediated-example/src/lib.rs b/test-cases/front-running/front-running-1/remediated-example/src/lib.rs index 6795865a..64e123e2 100644 --- a/test-cases/front-running/front-running-1/remediated-example/src/lib.rs +++ b/test-cases/front-running/front-running-1/remediated-example/src/lib.rs @@ -70,11 +70,11 @@ mod tests { // Given let env = Env::default(); let admin = Address::generate(&env); - let token_contract_id = env.register_stellar_asset_contract(admin); + let asset_contract = env.register_stellar_asset_contract_v2(admin); let contract_id = env.register_contract(None, FrontRunning); let client = FrontRunningClient::new(&env, &contract_id); - client.init(&token_contract_id); + client.init(&asset_contract.address()); // When let from = Address::generate(&env); @@ -92,7 +92,7 @@ mod tests { from.clone(), AuthorizedInvocation { function: AuthorizedFunction::Contract(( - token_contract_id.clone(), + asset_contract.address().clone(), Symbol::new(&env, "approve"), (&from, &spender, 200_i128, 200_u32).into_val(&env) )), @@ -111,11 +111,11 @@ mod tests { // Given let env = Env::default(); let admin = Address::generate(&env); - let token_contract_id = env.register_stellar_asset_contract(admin); + let asset_contract = env.register_stellar_asset_contract_v2(admin); let contract_id = env.register_contract(None, FrontRunning); let client = FrontRunningClient::new(&env, &contract_id); - client.init(&token_contract_id); + client.init(&asset_contract.address()); // When let token_client = TokenClient::new(&env, &client.get_token()); @@ -147,11 +147,11 @@ mod tests { // Given let env = Env::default(); let admin = Address::generate(&env); - let token_contract_id = env.register_stellar_asset_contract(admin); + let asset_contract = env.register_stellar_asset_contract_v2(admin); let contract_id = env.register_contract(None, FrontRunning); let client = FrontRunningClient::new(&env, &contract_id); - client.init(&token_contract_id); + client.init(&asset_contract.address()); // When let token_client = TokenClient::new(&env, &client.get_token()); diff --git a/test-cases/front-running/front-running-1/vulnerable-example/src/lib.rs b/test-cases/front-running/front-running-1/vulnerable-example/src/lib.rs index b7fbf131..b836042a 100644 --- a/test-cases/front-running/front-running-1/vulnerable-example/src/lib.rs +++ b/test-cases/front-running/front-running-1/vulnerable-example/src/lib.rs @@ -69,11 +69,11 @@ mod tests { // Given let env = Env::default(); let admin = Address::generate(&env); - let token_contract_id = env.register_stellar_asset_contract(admin); + let asset_contract = env.register_stellar_asset_contract_v2(admin); let contract_id = env.register_contract(None, FrontRunning); let client = FrontRunningClient::new(&env, &contract_id); - client.init(&token_contract_id); + client.init(&asset_contract.address()); // When let from = Address::generate(&env); @@ -91,7 +91,7 @@ mod tests { from.clone(), AuthorizedInvocation { function: AuthorizedFunction::Contract(( - token_contract_id.clone(), + asset_contract.address().clone(), Symbol::new(&env, "approve"), (&from, &spender, 200_i128, 200_u32).into_val(&env) )), @@ -110,11 +110,11 @@ mod tests { // Given let env = Env::default(); let admin = Address::generate(&env); - let token_contract_id = env.register_stellar_asset_contract(admin); + let asset_contract = env.register_stellar_asset_contract_v2(admin); let contract_id = env.register_contract(None, FrontRunning); let client = FrontRunningClient::new(&env, &contract_id); - client.init(&token_contract_id); + client.init(&asset_contract.address()); // When let token_client = TokenClient::new(&env, &client.get_token());