feat: AST Caching, Deprecated Functions, and Config Options#1
Closed
thebabalola wants to merge 115 commits intomainfrom
Closed
feat: AST Caching, Deprecated Functions, and Config Options#1thebabalola wants to merge 115 commits intomainfrom
thebabalola wants to merge 115 commits intomainfrom
Conversation
chore: Add Logo and Branding Assets
…llision-Analysis Add-Storage-Key-Collision-Analysis
Adds the foundational ADRs for the Sanctifier project following the standard Michael Nygard format: - ADR-001: Record Architecture Decisions - ADR-002: Use Rust for Core Implementation - ADR-003: Focus on Static Analysis Over Runtime Analysis - ADR-004: Plugin System Design for Analyzers - ADR-005: Use Walrus for WASM Parsing Closes HyperSafeD#44
- Add init subcommand to scaffold .sanctify.toml configuration files - Generate default configuration with sensible defaults: - ignore_paths: target, .git - enabled_rules: auth_gaps, panics, arithmetic, ledger_size - ledger_limit: 64000 - strict_mode: false - Example custom rules for unsafe blocks and mem::forget - Support --force flag to overwrite existing configuration - Add comprehensive unit tests (11 tests, all passing) - Implement colored output for success, warnings, and errors Closes HyperSafeD#19
- Add has_read tracking to identify storage getter functions - Functions that only call .get() are now ignored by auth gap detector - Fixes false positives on read-only getter functions Fixes HyperSafeD#7
- Updated ASCII art logo with new design - Added version display (v0.1.0) - Added tagline about Stellar ecosystem - Added print_banner helper function for CLI sections Fixes HyperSafeD#10
- Added scan_events() function to detect event issues - Checks for inconsistent topic counts across same event names - Recommends using symbol_short! for gas optimization - Added EventIssue struct for event analysis results - Added tests for consistency and gas optimization detection Fixes HyperSafeD#20
chore: enhance CLI branding
feat: Event Topic Consistency Check
…mand feat: implement sanctifier init command
…-adrs-44 docs: add initial Architecture Decision Records (ADRs)
Repo Avatar
…cies-to-Soroban-SDK-v20 chore: Update dependencies to Soroban SDK v20
- chrono v0.4.43 -> v0.4.44 - js-sys v0.3.87 -> v0.3.90 - regex-syntax v0.8.9 -> v0.8.10 - wasm-bindgen v0.2.110 -> v0.2.113 - wasm-bindgen-macro v0.2.110 -> v0.2.113 - wasm-bindgen-macro-support v0.2.110 -> v0.2.113 - wasm-bindgen-shared v0.2.110 -> v0.2.113 Ensures compatibility with the latest Rust toolchain.
Add comprehensive tests for the GasEstimator module: - Simple function baseline (50 instructions) - Binary operations (+5 per operation) - Function calls (+20 per call) - Storage operations (get/set/has/update/remove: +1000) - require_auth (+500) - Loop constructs (for/while/loop with 10x inner multiplier) - Local variable memory estimation - Vec and Symbol macro costs - Multiple public function detection - Complex transfer function scenario - Error handling (empty/invalid source, no impl block) - Soroban known limits verification Closes HyperSafeD#100
Add static analysis to detect unhandled Result types in public contract functions. This ensures all Results returned by internal functions are explicitly handled before the public contract boundary. New types: - UnhandledResultIssue: Represents an unhandled Result call New methods: - Analyzer::scan_unhandled_results(): Scans for unhandled Result types Detection handles: - Direct function calls returning Result - Public function context (private functions not flagged) - Function returning Result (allowed to propagate) - Various handling patterns: ?, .unwrap(), .expect(), match, .map(), etc. Tests cover all major handling patterns and edge cases. Closes HyperSafeD#101
Break down the monolithic rule engine into trait-based plugins to allow easier addition of new security checks. Changes: - Create new `rules` module with trait-based plugin system - Define `Rule` trait with name, description, and check method - Create `RuleViolation` and `Severity` types for uniform reporting - Create `RuleRegistry` for managing and running rules - Implement 5 rules as plugins: - auth_gap: Detects storage mutations without auth - ledger_size: Analyzes contracttype size limits - panic_detection: Finds panic!/unwrap/expect calls - arithmetic_overflow: Detects unchecked arithmetic - unhandled_result: Finds unhandled Result types - Update Analyzer to include RuleRegistry - Add run_rules() and run_rule() methods to Analyzer - Add tests for rule system functionality The plugin system allows easy extension by: 1. Implementing the Rule trait 2. Registering the rule with RuleRegistry Closes HyperSafeD#102
…on-tests-32 feat: Add integration tests for token contract
- Adds z3 crate dependency - Implements SMT context and unconstrained addition verification - Exposes smt module in core Analyzer Closes HyperSafeD#111
…-init feat(cli): Implement `sanctifier init` config scaffolding (HyperSafeD#103)
…x-older-versions-125 chore(ci): add Rust matrix builder for last 3 stable versions
UI docs storybook
…rage-ast-parser feat: Implement AST parser for Soroban
…harness-for-token-initialization Build Kani proof harness for token initialization
… cli_tests conflict
…sanctifier-update feat(cli): add sanctifier update command
…-static-analysis test: benchmark static analysis execution times (HyperSafeD#128)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
15 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Resolves all merge conflicts across branches and unifies project logic. Includes implementation of AST caching (Issue HyperSafeD#53), 'exclude' configuration option (Issue HyperSafeD#48), and new static analysis rules for deprecated host functions.