@cleanunicorn/mythos
A CLI client for MythX
Last updated 18 days ago by cleanunicorn .
MIT · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install @cleanunicorn/mythos 
SYNC missed versions from official npm registry.

mythos

A CLI client for MythX

oclif Version Downloads Codacy Badge License: MIT CircleCI

Installation

Install globally using:

$ npm -g install @cleanunicorn/mythos

Usage

Use this to scan Solidity source code.

You need to provide your MythX address and password.

As an env variable:

$ export MYTHX_ETH_ADDRESS='mythxEthAddress'
$ export MYTHX_PASSWORD='mythxPassword'
$ mythos analyze ./contract.sol Contract

Or as flags:

$ mythos analyze ./contract.sol Contract \
  --mythxEthAddress=mythxEthAddress \
  --mythxPassword=mythxPassword

Example:

$ mythos analyze a.sol A --timeout=180
Reading contract a.sol... done
Downloading Solidity version v0.5.3+commit.10d17f24... done
Analyzing contract A... done
Report found 1 issues
Title: Unprotected SELFDESTRUCT Instruction
Head: The contract can be killed by anyone.
Description: Arbitrary senders can kill this contract and withdraw its balance to their own account.
Source code:

a.sol 7:8
--------------------------------------------------
selfdestruct(msg.sender)
--------------------------------------------------

==================================================

Basic usage

$ npm install -g @cleanunicorn/mythos
$ mythos COMMAND
running command...
$ mythos (-v|--version|version)
@cleanunicorn/mythos/0.8.0 linux-x64 node-v11.13.0
$ mythos --help [COMMAND]
USAGE
  $ mythos COMMAND
...

Commands

mythos analyze CONTRACTFILE CONTRACTNAME

Scan a smart contract with MythX API

USAGE
  $ mythos analyze CONTRACTFILE CONTRACTNAME

ARGUMENTS
  CONTRACTFILE  Contract file to scan
  CONTRACTNAME  Contract name

OPTIONS
  -h, --help                         show CLI help

  --analysisMode=analysisMode        [default: quick] Define the analysis mode when requesting a scan. Choose one from:
                                     quick, full.

  --mythxEthAddress=mythxEthAddress  (required)

  --mythxPassword=mythxPassword      (required)

  --solcVersion=solcVersion          Solidity version to use when compiling (example: 0.4.21). If none is specified it
                                     will try to identify the version from the source code.

  --timeout=timeout                  [default: 180] How many seconds to wait for the result

See code: src/commands/analyze.ts

mythos get-analysis UUID

Retrieve analysis results scanned with MythX API

USAGE
  $ mythos get-analysis UUID

ARGUMENTS
  UUID  uuid to retrive analysis results

OPTIONS
  -h, --help                         show CLI help
  --mythxEthAddress=mythxEthAddress  (required)
  --mythxPassword=mythxPassword      (required)

See code: src/commands/get-analysis.ts

mythos help [COMMAND]

display help for mythos

USAGE
  $ mythos help [COMMAND]

ARGUMENTS
  COMMAND  command to show help for

OPTIONS
  --all  see all commands in CLI

See code: @oclif/plugin-help

Changelog

  • 0.8.0

    • Fix file name when running get-analysis to save response as issues-${uuid}.json
    • Make compilation errors more obvious
    • Display more information from report: compiler version used, API versions, SWC-ID, report's UUID
    • Display clear error when incorrect contract name is specified
    • Display compilation warnings
  • 0.7.0

    • Send the AST when requesting an analysis
  • 0.6.0

    • Fix external lib import, it sends the library information to MythX
    • Dump issues in a file as issues-[uuid].json for easy manual inspection
  • 0.5.2

    • Setup automatic tests
  • 0.5.1

    • Fix dynamic linking issue (thanks to @eswarasai).
  • 0.5.0

    • Automatically import other files (thanks to @eswarasai).
    • Fix minor issue when picking Solidty version (thanks to @eswarasai).
    • Fix issue count (thanks to @tagomaru).
  • 0.4.1

    • Update npm dependencies
  • 0.4.0

    • Correctly pick solidity version when an interval is set (thanks to @nanspro).
    • Add get-analysis command to retrieve a scanned result (thanks to @tagomaru).
    • Fix displaying severity in output list.
  • 0.3.2

    • Display message on syntax error.
  • 0.3.1

    • Add Severity to output.
  • 0.3.0

    • Request different depths of analyses with --analysisMode can be full or quick.
    • Add changelog.
  • 0.2.0

    • Stable version, first release.

Current Tags

  • 0.8.0                                ...           latest (18 days ago)

20 Versions

  • 0.8.0                                ...           18 days ago
  • 0.7.0                                ...           19 days ago
  • 0.6.0                                ...           20 days ago
  • 0.5.2                                ...           a month ago
  • 0.5.1                                ...           a month ago
  • 0.5.0                                ...           a month ago
  • 0.4.1                                ...           a month ago
  • 0.4.0                                ...           a month ago
  • 0.3.2                                ...           a month ago
  • 0.3.1                                ...           a month ago
  • 0.3.0                                ...           a month ago
  • 0.2.0                                ...           a month ago
  • 0.1.2                                ...           a month ago
  • 0.1.1                                ...           a month ago
  • 0.1.0                                ...           2 months ago
  • 0.0.5                                ...           2 months ago
  • 0.0.4                                ...           2 months ago
  • 0.0.3                                ...           2 months ago
  • 0.0.2                                ...           2 months ago
  • 0.0.1                                ...           2 months ago
Downloads
Today 0
This Week 0
This Month 48
Last Day 0
Last Week 0
Last Month 305
Dependencies (12)
Dev Dependencies (13)
Dependents (0)
None

Copyright 2014 - 2016 © taobao.org |