@cleanunicorn/mythos
A CLI client for MythX
Last updated a month ago by cleanunicorn .
MIT · Repository · Bugs · Original npm · Tarball · package.json
$ cnpm install @cleanunicorn/mythos 
SYNC missed versions from official npm registry.

mythos

A CLI client for MythX

oclif Version Downloads Codacy Badge License: MIT CircleCI Discord

Installation

Install globally using:

$ npm -g install @cleanunicorn/mythos

Usage

Use this to scan Solidity source code.

You need to provide your MythX address and password.

As an env variable:

$ export MYTHX_ETH_ADDRESS='mythxEthAddress'
$ export MYTHX_PASSWORD='mythxPassword'
$ mythos analyze ./contract.sol Contract

Or as flags:

$ mythos analyze ./contract.sol Contract \
  --mythxEthAddress=mythxEthAddress \
  --mythxPassword=mythxPassword

Example:

$ mythos analyze no-pragma.sol NoPragma

Reading contract no-pragma.sol... done
Compiling with Solidity version: latest
 ›   Warning: no-pragma.sol:1:1: Warning: Source file does not specify required compiler version! Consider adding "pragma solidity ^0.5.7;"
 ›   contract NoPragma {
 ›   ^ (Relevant source part starts here and spans across multiple lines).
 ›
Compiling contract no-pragma.sol... done
Analyzing contract NoPragma... done

UUID: 9350d5c4-b89f-43ef-b1f7-48840fee8a02
API Version: v1.4.12
Harvey Version: 0.0.16
Maestro Version: 1.2.6
Maru Version: 0.4.2
Mythril Version: 0.20.3

Report found 2 issues
Meta:
Covered instructions: 40
Covered paths: 4
Selected compiler version: v0.4.25

Title: (SWC-106) Unprotected SELFDESTRUCT Instruction
Severity: High
Head: The contract can be killed by anyone.
Description: Anyone can kill this contract and withdraw its balance to an arbitrary address.
Source code:

no-pragma.sol 3:8
--------------------------------------------------
selfdestruct(msg.sender)
--------------------------------------------------

==================================================

Title: (SWC-103) Floating Pragma
Severity: Medium
Head: No pragma is set.
Description: It is recommended to make a conscious choice on what version of Solidity is used for compilation. Currently no version is set in the Solidity file.
Source code:

no-pragma.sol 1:0
--------------------------------------------------

--------------------------------------------------

==================================================

Done

Basic usage

$ npm install -g @cleanunicorn/mythos
$ mythos COMMAND
running command...
$ mythos (-v|--version|version)
@cleanunicorn/mythos/0.10.4 linux-x64 node-v11.15.0
$ mythos --help [COMMAND]
USAGE
  $ mythos COMMAND
...

Commands

mythos analyze CONTRACTFILE CONTRACTNAME

Scan a smart contract with MythX API

USAGE
  $ mythos analyze CONTRACTFILE CONTRACTNAME

ARGUMENTS
  CONTRACTFILE  Contract file to scan
  CONTRACTNAME  Contract name

OPTIONS
  -h, --help                         show CLI help

  --analysisMode=analysisMode        [default: quick] Define the analysis mode when requesting a scan. Choose one from:
                                     quick, full.

  --mythxEthAddress=mythxEthAddress  (required)

  --mythxPassword=mythxPassword      (required)

  --solcVersion=solcVersion          Solidity version to use when compiling (example: 0.4.21). If none is specified it
                                     will try to identify the version from the source code.

  --timeout=timeout                  [default: 180] How many seconds to wait for the result

See code: src/commands/analyze.ts

mythos get-analysis UUID

Retrieve analysis results scanned with MythX API

USAGE
  $ mythos get-analysis UUID

ARGUMENTS
  UUID  uuid to retrive analysis results

OPTIONS
  -h, --help                         show CLI help
  --mythxEthAddress=mythxEthAddress  (required)
  --mythxPassword=mythxPassword      (required)

See code: src/commands/get-analysis.ts

mythos help [COMMAND]

display help for mythos

USAGE
  $ mythos help [COMMAND]

ARGUMENTS
  COMMAND  command to show help for

OPTIONS
  --all  see all commands in CLI

See code: @oclif/plugin-help

Changelog

  • 0.10.5

    • Update lodash.template to 4.5.0 because of a security issue.
  • 0.10.4

    • Fix Microsoft Windows backslash path issue when specifying contract filename the paths like folder\file.sol are transformed to folder/file.sol.
    • Remove sample output.txt file from repo.
  • 0.10.3

    • Upgrade dependencies.
  • 0.10.2

    • Update tests.
    • Do not use nightly solidity version when compiling.
  • 0.10.1

    • Improve regex expression which matches for linked libs.
    • Slightly improve output.
  • 0.10.0

    • Add newly added required parameter in request: mainSource.
    • Display errors in a more consistent way.
  • 0.9.0

    • Update to new armlet version and to new API changes
  • 0.8.1

    • Fix off by one source mapping
  • 0.8.0

    • Fix file name when running get-analysis to save response as issues-${uuid}.json
    • Make compilation errors more obvious
    • Display more information from report: compiler version used, API versions, SWC-ID, report's UUID
    • Display clear error when incorrect contract name is specified
    • Display compilation warnings
  • 0.7.0

    • Send the AST when requesting an analysis
  • 0.6.0

    • Fix external lib import, it sends the library information to MythX
    • Dump issues in a file as issues-[uuid].json for easy manual inspection
  • 0.5.2

    • Setup automatic tests
  • 0.5.1

    • Fix dynamic linking issue (thanks to @eswarasai).
  • 0.5.0

    • Automatically import other files (thanks to @eswarasai).
    • Fix minor issue when picking Solidty version (thanks to @eswarasai).
    • Fix issue count (thanks to @tagomaru).
  • 0.4.1

    • Update npm dependencies
  • 0.4.0

    • Correctly pick solidity version when an interval is set (thanks to @nanspro).
    • Add get-analysis command to retrieve a scanned result (thanks to @tagomaru).
    • Fix displaying severity in output list.
  • 0.3.2

    • Display message on syntax error.
  • 0.3.1

    • Add Severity to output.
  • 0.3.0

    • Request different depths of analyses with --analysisMode can be full or quick.
    • Add changelog.
  • 0.2.0

    • Stable version, first release.

Current Tags

  • 0.10.5                                ...           latest (a month ago)

27 Versions

  • 0.10.5                                ...           a month ago
  • 0.10.4                                ...           2 months ago
  • 0.10.3                                ...           3 months ago
  • 0.10.2                                ...           3 months ago
  • 0.10.0                                ...           3 months ago
  • 0.9.0                                ...           3 months ago
  • 0.8.1                                ...           4 months ago
  • 0.8.0                                ...           4 months ago
  • 0.7.0                                ...           5 months ago
  • 0.6.0                                ...           5 months ago
  • 0.5.2                                ...           5 months ago
  • 0.5.1                                ...           5 months ago
  • 0.5.0                                ...           5 months ago
  • 0.4.1                                ...           5 months ago
  • 0.4.0                                ...           5 months ago
  • 0.3.2                                ...           5 months ago
  • 0.3.1                                ...           5 months ago
  • 0.3.0                                ...           5 months ago
  • 0.2.0                                ...           5 months ago
  • 0.1.2                                ...           5 months ago
  • 0.1.1                                ...           5 months ago
  • 0.1.0                                ...           6 months ago
  • 0.0.5                                ...           6 months ago
  • 0.0.4                                ...           6 months ago
  • 0.0.3                                ...           6 months ago
  • 0.0.2                                ...           6 months ago
  • 0.0.1                                ...           6 months ago
Downloads
Today 0
This Week 0
This Month 0
Last Day 0
Last Week 0
Last Month 75
Dependencies (12)
Dev Dependencies (13)

Copyright 2014 - 2017 © taobao.org |