@snovon/solast 0.2.0

package/dist/detectors/fhe-state-leakage.js

@@ -0,0 +1,400 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.FheStateLeakageDetector = void 0;
+const ast_1 = require("./_common/ast");
+const fhe_1 = require("./_common/fhe");
+const RULE_ID = 'fhe-state-leakage';
+const SEVERITY = 'high';
+const DECRYPT_TO_STORAGE = `${RULE_ID}/decrypt-to-public-storage`;
+const DECRYPT_TO_EVENT = `${RULE_ID}/decrypt-to-event`;
+const CIPHERTEXT_PLAINTEXT_COMPARE = `${RULE_ID}/ciphertext-plaintext-compare`;
+const UNGUARDED_CIPHERTEXT_RETURN = `${RULE_ID}/unguarded-ciphertext-return`;
+const COMPARE_MEMBERS = new Set(['eq', 'ne', 'gt', 'gte', 'lt', 'lte']);
+class FheStateLeakageDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    enabledByDefault = false;
+    scanAst(ast, file) {
+        if (!ast || ast.type !== 'SourceUnit')
+            return [];
+        const findings = [];
+        const fheAliases = collectFheTypeAliases(ast);
+        const localNonAliasFheNames = collectLocalNonAliasFheNames(ast);
+        const hasFheNamespace = containsFheNamespaceCall(ast);
+        for (const contract of ast.children || []) {
+            if (contract?.type !== 'ContractDefinition')
+                continue;
+            if (contract.kind === 'interface' || contract.kind === 'library')
+                continue;
+            const stateVars = collectStateVariables(contract);
+            const contractHasFheState = [...stateVars.values()].some(variable => (0, fhe_1.isFheCipherType)(variable.typeName, fheAliases, localNonAliasFheNames));
+            if (!contractHasFheState && !hasFheNamespace)
+                continue;
+            for (const fn of contract.subNodes || []) {
+                if (fn?.type !== 'FunctionDefinition' || !fn.body)
+                    continue;
+                const ctx = {
+                    contractName: contract.name || '<anonymous>',
+                    functionName: fn.name || (fn.isConstructor ? '<constructor>' : '<anonymous>'),
+                    file,
+                    stateVars,
+                    params: collectParameterNames(fn),
+                    localTypes: collectNamedReturnTypes(fn),
+                    decryptTaintedLocals: new Set(),
+                    returnLocals: collectNamedReturnNames(fn),
+                    ciphertextReturnAssignments: new Map(),
+                    hasAccessModifier: hasUserModifier(fn),
+                    hasAllowCall: false,
+                    findings,
+                };
+                walkFunction(fn.body, ctx, fheAliases, localNonAliasFheNames);
+                inspectViewReturn(fn, ctx, fheAliases, localNonAliasFheNames);
+            }
+        }
+        return findings;
+    }
+}
+exports.FheStateLeakageDetector = FheStateLeakageDetector;
+function collectFheTypeAliases(ast) {
+    const aliases = new Set();
+    for (const child of ast.children || []) {
+        if (child?.type === 'TypeDefinition' && (0, fhe_1.isFheTypeName)(child.name)) {
+            aliases.add(child.name);
+        }
+    }
+    return aliases;
+}
+function collectLocalNonAliasFheNames(ast) {
+    const names = new Set();
+    walk(ast, current => {
+        if ((current?.type === 'StructDefinition' || current?.type === 'EnumDefinition') && (0, fhe_1.isFheTypeName)(current.name)) {
+            names.add(current.name);
+        }
+    });
+    return names;
+}
+function collectStateVariables(contract) {
+    const variables = new Map();
+    for (const sub of contract.subNodes || []) {
+        if (sub?.type !== 'StateVariableDeclaration')
+            continue;
+        for (const variable of sub.variables || []) {
+            if (!variable?.name)
+                continue;
+            variables.set(variable.name, {
+                typeName: typeNameToString(variable.typeName),
+                visibility: variable.visibility || 'default',
+            });
+        }
+    }
+    return variables;
+}
+function collectParameterNames(fn) {
+    const names = new Set();
+    for (const param of fn.parameters || []) {
+        if (param?.name)
+            names.add(param.name);
+    }
+    return names;
+}
+function collectNamedReturnNames(fn) {
+    const names = new Set();
+    for (const param of fn.returnParameters || []) {
+        if (param?.name)
+            names.add(param.name);
+    }
+    return names;
+}
+function collectNamedReturnTypes(fn) {
+    const types = new Map();
+    for (const param of fn.returnParameters || []) {
+        if (param?.name)
+            types.set(param.name, typeNameToString(param.typeName));
+    }
+    return types;
+}
+function hasUserModifier(fn) {
+    return Array.isArray(fn.modifiers) && fn.modifiers.length > 0;
+}
+function walkFunction(node, ctx, fheAliases, localNonAliasFheNames) {
+    if (!node || typeof node !== 'object')
+        return;
+    if (node.type === 'VariableDeclarationStatement') {
+        recordVariableDeclaration(node, ctx, fheAliases, localNonAliasFheNames);
+    }
+    if (node.type === 'BinaryOperation' && node.operator === '=') {
+        recordAssignment(node, ctx, fheAliases, localNonAliasFheNames);
+    }
+    if (node.type === 'EmitStatement') {
+        inspectEmit(node, ctx);
+    }
+    if (node.type === 'FunctionCall') {
+        if (isAllowCall(node))
+            ctx.hasAllowCall = true;
+        if (isRequireCall(node))
+            inspectCondition(node.arguments?.[0], ctx, fheAliases, localNonAliasFheNames);
+    }
+    if (node.type === 'IfStatement') {
+        inspectCondition(node.condition, ctx, fheAliases, localNonAliasFheNames);
+    }
+    for (const child of childNodes(node)) {
+        walkFunction(child, ctx, fheAliases, localNonAliasFheNames);
+    }
+}
+function recordVariableDeclaration(node, ctx, fheAliases, localNonAliasFheNames) {
+    const variables = node.variables || [];
+    const components = node.initialValue?.type === 'TupleExpression' ? node.initialValue.components || [] : null;
+    variables.forEach((variable, index) => {
+        if (!variable?.name)
+            return;
+        ctx.localTypes.set(variable.name, typeNameToString(variable.typeName));
+        const initialValue = components ? components[index] : node.initialValue;
+        if (initialValue && expressionHasDecrypt(initialValue)) {
+            ctx.decryptTaintedLocals.add(variable.name);
+        }
+        if (initialValue && isCiphertextExpression(initialValue, ctx, fheAliases, localNonAliasFheNames)) {
+            ctx.localTypes.set(variable.name, typeNameToString(variable.typeName) || inferredCipherType(initialValue, ctx) || '');
+        }
+    });
+}
+function recordAssignment(node, ctx, fheAliases, localNonAliasFheNames) {
+    const left = node.left;
+    const right = node.right;
+    if (!left || !right)
+        return;
+    if (left.type === 'Identifier') {
+        if (expressionHasDecrypt(right)) {
+            ctx.decryptTaintedLocals.add(left.name);
+        }
+        if (ctx.returnLocals.has(left.name) && isCiphertextExpression(right, ctx, fheAliases, localNonAliasFheNames)) {
+            ctx.localTypes.set(left.name, inferredCipherType(right, ctx) || ctx.localTypes.get(left.name) || '');
+            if (!ctx.ciphertextReturnAssignments.has(left.name)) {
+                ctx.ciphertextReturnAssignments.set(left.name, node);
+            }
+        }
+        const state = ctx.stateVars.get(left.name);
+        if (state && state.visibility !== 'private' && isDecryptFlow(right, ctx) && !ctx.hasAccessModifier) {
+            ctx.findings.push(makeFinding(ctx, left, DECRYPT_TO_STORAGE, `Decrypted FHE state flows into non-private storage '${left.name}' without an access-control modifier.`));
+        }
+    }
+}
+function inspectEmit(node, ctx) {
+    if (ctx.hasAccessModifier)
+        return;
+    const eventCall = node.eventCall || node.expression;
+    const args = eventCall?.arguments || [];
+    if (args.some((arg) => isDecryptFlow(arg, ctx))) {
+        ctx.findings.push(makeFinding(ctx, node, DECRYPT_TO_EVENT, 'Decrypted FHE state is emitted in an event without an access-control modifier.'));
+    }
+}
+function inspectCondition(condition, ctx, fheAliases, localNonAliasFheNames) {
+    if (!condition)
+        return;
+    let found = null;
+    walk(condition, current => {
+        if (found)
+            return;
+        if (current?.type === 'BinaryOperation' && ['==', '!=', '>', '>=', '<', '<='].includes(current.operator)) {
+            if (isCipherPlainCompare(current.left, current.right, ctx, fheAliases, localNonAliasFheNames) || isCipherPlainCompare(current.right, current.left, ctx, fheAliases, localNonAliasFheNames)) {
+                found = current;
+            }
+        }
+        if (current?.type === 'FunctionCall' && isFheComparisonCall(current)) {
+            const [first, second] = current.arguments || [];
+            if (isCipherPlainCompare(first, second, ctx, fheAliases, localNonAliasFheNames) || isCipherPlainCompare(second, first, ctx, fheAliases, localNonAliasFheNames)) {
+                found = current;
+            }
+        }
+    });
+    if (found) {
+        ctx.findings.push(makeFinding(ctx, found, CIPHERTEXT_PLAINTEXT_COMPARE, 'Ciphertext-typed state is compared against caller-supplied plaintext in an observable branch.'));
+    }
+}
+function inspectViewReturn(fn, ctx, fheAliases, localNonAliasFheNames) {
+    if (!isPublicOrExternalView(fn))
+        return;
+    if (ctx.hasAllowCall)
+        return;
+    const returnsCipherType = (fn.returnParameters || []).some((param) => (0, fhe_1.isFheCipherType)(typeNameToString(param?.typeName), fheAliases, localNonAliasFheNames));
+    if (!returnsCipherType)
+        return;
+    let returnNode = null;
+    walk(fn.body, current => {
+        if (returnNode)
+            return;
+        if (current?.type === 'ReturnStatement') {
+            const expression = current.expression;
+            if (!expression || isCiphertextExpression(expression, ctx, fheAliases, localNonAliasFheNames)) {
+                returnNode = current;
+            }
+        }
+    });
+    if (!returnNode) {
+        for (const name of ctx.returnLocals) {
+            const assignment = ctx.ciphertextReturnAssignments.get(name);
+            if (assignment) {
+                returnNode = assignment;
+                break;
+            }
+        }
+        if (!returnNode)
+            return;
+    }
+    ctx.findings.push(makeFinding(ctx, returnNode, UNGUARDED_CIPHERTEXT_RETURN, 'Public or external view function returns an FHE ciphertype handle without TFHE.allow/FHE.allow gating.'));
+}
+function isPublicOrExternalView(fn) {
+    return (fn.visibility === 'public' || fn.visibility === 'external') && fn.stateMutability === 'view';
+}
+function isCipherPlainCompare(cipherExpr, plainExpr, ctx, fheAliases, localNonAliasFheNames) {
+    return isCiphertextStateExpression(cipherExpr, ctx, fheAliases, localNonAliasFheNames) && isAttackerPlaintextExpression(plainExpr, ctx);
+}
+function isCiphertextStateExpression(expr, ctx, fheAliases, localNonAliasFheNames) {
+    if (!expr)
+        return false;
+    if (expr.type === 'Identifier') {
+        const state = ctx.stateVars.get(expr.name);
+        return !!state && (0, fhe_1.isFheCipherType)(state.typeName, fheAliases, localNonAliasFheNames);
+    }
+    if (expr.type === 'MemberAccess' && expr.expression?.type === 'Identifier') {
+        const state = ctx.stateVars.get(expr.expression.name);
+        return !!state && (0, fhe_1.isFheCipherType)(state.typeName, fheAliases, localNonAliasFheNames);
+    }
+    if (expr.type === 'FunctionCall' && expr.expression?.type === 'MemberAccess') {
+        const receiver = expr.expression.expression;
+        if (receiver?.type === 'Identifier' && (0, fhe_1.isFheTypeName)(receiver.name) && ['wrap', 'unwrap'].includes(expr.expression.memberName)) {
+            return (expr.arguments || []).some((arg) => isCiphertextStateExpression(arg, ctx, fheAliases, localNonAliasFheNames));
+        }
+    }
+    return false;
+}
+function isCiphertextExpression(expr, ctx, fheAliases, localNonAliasFheNames) {
+    if (!expr)
+        return false;
+    if (isCiphertextStateExpression(expr, ctx, fheAliases, localNonAliasFheNames))
+        return true;
+    if (expr.type === 'Identifier')
+        return (0, fhe_1.isFheCipherType)(ctx.localTypes.get(expr.name) || '', fheAliases, localNonAliasFheNames);
+    return false;
+}
+function isAttackerPlaintextExpression(expr, ctx) {
+    if (!expr)
+        return false;
+    if (expr.type === 'Identifier')
+        return ctx.params.has(expr.name);
+    if (expr.type === 'FunctionCall' && expr.expression?.type === 'MemberAccess') {
+        const receiver = expr.expression.expression;
+        if (receiver?.type === 'Identifier' && (0, fhe_1.isFheTypeName)(receiver.name) && expr.expression.memberName === 'wrap') {
+            return (expr.arguments || []).some((arg) => isAttackerPlaintextExpression(arg, ctx));
+        }
+    }
+    return false;
+}
+function isDecryptFlow(expr, ctx) {
+    if (expressionHasDecrypt(expr))
+        return true;
+    return expr?.type === 'Identifier' && ctx.decryptTaintedLocals.has(expr.name);
+}
+function expressionHasDecrypt(expr) {
+    let found = false;
+    walk(expr, current => {
+        if (current?.type === 'FunctionCall' && (0, fhe_1.isFheDecryptCall)(current))
+            found = true;
+    });
+    return found;
+}
+function isAllowCall(node) {
+    return (0, fhe_1.isFheAllowCall)(node);
+}
+function isFheComparisonCall(node) {
+    if (node?.type !== 'FunctionCall')
+        return false;
+    const expression = node.expression;
+    return expression?.type === 'MemberAccess'
+        && expression.expression?.type === 'Identifier'
+        && (0, fhe_1.isFheNamespaceCall)(node)
+        && COMPARE_MEMBERS.has(expression.memberName);
+}
+function isRequireCall(node) {
+    return node?.type === 'FunctionCall' && node.expression?.type === 'Identifier' && node.expression.name === 'require';
+}
+function containsFheNamespaceCall(ast) {
+    let found = false;
+    walk(ast, current => {
+        if ((0, fhe_1.isFheNamespaceCall)(current))
+            found = true;
+    });
+    return found;
+}
+function inferredCipherType(expr, ctx) {
+    if (expr?.type === 'Identifier') {
+        return ctx.stateVars.get(expr.name)?.typeName || ctx.localTypes.get(expr.name) || null;
+    }
+    return null;
+}
+function typeNameToString(typeName) {
+    if (!typeName)
+        return '';
+    if (typeName.type === 'ElementaryTypeName')
+        return typeName.name || '';
+    if (typeName.type === 'UserDefinedTypeName')
+        return typeName.namePath || '';
+    if (typeName.type === 'ArrayTypeName')
+        return `${typeNameToString(typeName.baseTypeName)}[]`;
+    if (typeName.type === 'Mapping')
+        return `mapping(${typeNameToString(typeName.keyType)}=>${typeNameToString(typeName.valueType)})`;
+    return '';
+}
+function makeFinding(ctx, node, pattern, message) {
+    const loc = locOf(node);
+    return {
+        file: ctx.file,
+        contract: ctx.contractName,
+        function: ctx.functionName,
+        contractName: ctx.contractName,
+        functionName: ctx.functionName,
+        line: loc.line,
+        column: loc.column,
+        sourceLocation: loc,
+        ruleId: RULE_ID,
+        pattern,
+        severity: SEVERITY,
+        confidence: 'medium',
+        category: 'vulnerability',
+        message,
+        findingId: '',
+        contractHash: '',
+    };
+}
+function locOf(node) {
+    const { line, column } = (0, ast_1.assertLoc)(node);
+    return { line, column };
+}
+function walk(node, visit) {
+    if (!node || typeof node !== 'object')
+        return;
+    visit(node);
+    for (const child of childNodes(node)) {
+        walk(child, visit);
+    }
+}
+function childNodes(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    const children = [];
+    for (const [key, value] of Object.entries(node)) {
+        if (key === 'loc' || key === 'range')
+            continue;
+        if (Array.isArray(value)) {
+            for (const item of value) {
+                if (item && typeof item === 'object')
+                    children.push(item);
+            }
+        }
+        else if (value && typeof value === 'object') {
+            children.push(value);
+        }
+    }
+    return children;
+}
+//# sourceMappingURL=fhe-state-leakage.js.map

package/dist/detectors/fi-bridges.d.ts

@@ -0,0 +1,33 @@
+import type { ScanResult } from '../index';
+export declare class FiBridgesDetector {
+    readonly id = "fi-bridges";
+    readonly patternKey = "fi-bridges";
+    readonly supportedAstKinds: "parser"[];
+    private currentFile;
+    private functions;
+    scanAst(ast: any, file: string): ScanResult[];
+    private collectFunctions;
+    private analyzeNode;
+    private trackVariableDeclarations;
+    private trackValidationGate;
+    private lowLevelCall;
+    private selectorOrigin;
+    private isTargetChecked;
+    private isSelectorChecked;
+    private containsTainted;
+    private hasSafeBoundary;
+    private containsAccessRequire;
+    private isBridgeEntrypoint;
+    private isExternallyCallable;
+    private exprKey;
+    private directCallName;
+    private getCalleeName;
+    private expressionName;
+    private flattenNames;
+    private identifierName;
+    private nodeName;
+    private args;
+    private isEmptyCallData;
+    private walk;
+    private childNodes;
+}