@snovon/solast 0.2.0

package/dist/detectors/unsafe-tx-origin.d.ts

@@ -0,0 +1,9 @@
+import type { ScanResult } from '../index';
+export declare class UnsafeTxOriginDetector {
+    readonly id = "unsafe-tx-origin";
+    readonly patternKey = "unsafe-tx-origin";
+    readonly supportedAstKinds: "parser"[];
+    scanAst(ast: any, file: string): ScanResult[];
+    private walk;
+    private addFinding;
+}

package/dist/detectors/unsafe-tx-origin.js

@@ -0,0 +1,179 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UnsafeTxOriginDetector = void 0;
+const RULE_ID = 'unsafe-tx-origin';
+const COMPARISON_OPERATORS = new Set(['==', '!=']);
+class UnsafeTxOriginDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    scanAst(ast, file) {
+        if (!ast || typeof ast !== 'object')
+            return [];
+        const findings = [];
+        const ctx = { contractName: '', functionName: '' };
+        this.walk(ast, ctx, file, findings);
+        return findings;
+    }
+    walk(node, ctx, file, findings) {
+        if (!node || typeof node !== 'object')
+            return;
+        if (isNode(node, 'EmitStatement'))
+            return;
+        const previousContract = ctx.contractName;
+        const previousFunction = ctx.functionName;
+        if (isNode(node, 'ContractDefinition')) {
+            ctx.contractName = getName(node) || '<anonymous>';
+            ctx.functionName = '';
+        }
+        if (isNode(node, 'FunctionDefinition') || isNode(node, 'ModifierDefinition')) {
+            ctx.functionName = functionDisplayName(node);
+        }
+        if (isRequireOrAssert(node)) {
+            const condition = getCallArguments(node)[0];
+            if (containsTxOrigin(condition)) {
+                this.addFinding(file, ctx, findTxOrigin(condition) || condition || node, findings);
+            }
+            for (const arg of getCallArguments(node).slice(1)) {
+                this.walk(arg, ctx, file, findings);
+            }
+        }
+        else if (isNode(node, 'IfStatement') && containsTxOrigin(node.condition)) {
+            this.addFinding(file, ctx, findTxOrigin(node.condition) || node.condition || node, findings);
+            if (node.trueBody)
+                this.walk(node.trueBody, ctx, file, findings);
+            if (node.falseBody)
+                this.walk(node.falseBody, ctx, file, findings);
+        }
+        else if (isComparisonWithTxOrigin(node)) {
+            this.addFinding(file, ctx, findTxOrigin(node) || node, findings);
+            for (const child of childrenOf(node)) {
+                if (!containsTxOrigin(child))
+                    this.walk(child, ctx, file, findings);
+            }
+        }
+        else {
+            for (const child of childrenOf(node))
+                this.walk(child, ctx, file, findings);
+        }
+        if (isNode(node, 'ContractDefinition')) {
+            ctx.contractName = previousContract;
+            ctx.functionName = previousFunction;
+        }
+        else if (isNode(node, 'FunctionDefinition') || isNode(node, 'ModifierDefinition')) {
+            ctx.functionName = previousFunction;
+        }
+    }
+    addFinding(file, ctx, node, findings) {
+        const loc = getLoc(node) || { line: 0, column: 0 };
+        findings.push({
+            file,
+            contract: ctx.contractName,
+            'function': ctx.functionName,
+            line: loc.line,
+            endLine: loc.line,
+            column: loc.column,
+            pattern: RULE_ID,
+            confidence: 'high',
+            ruleId: RULE_ID,
+            severity: 'low',
+            message: 'Unsafe authorization check uses tx.origin; use msg.sender or explicit role-based access control instead.',
+            rationale: 'tx.origin tracks the original externally owned account for the whole transaction, so relayed or nested calls can satisfy an authorization predicate unexpectedly.',
+            suggestedFix: 'Replace tx.origin authorization predicates with msg.sender checks or an explicit access-control modifier.',
+            contractName: ctx.contractName,
+            functionName: ctx.functionName,
+            sourceLocation: { line: loc.line, column: loc.column },
+            findingId: '',
+            contractHash: '',
+        });
+    }
+}
+exports.UnsafeTxOriginDetector = UnsafeTxOriginDetector;
+function isRequireOrAssert(node) {
+    if (!isNode(node, 'FunctionCall'))
+        return false;
+    const expression = unwrapCallOptions(node.expression);
+    return isNode(expression, 'Identifier') && (expression.name === 'require' || expression.name === 'assert');
+}
+function isComparisonWithTxOrigin(node) {
+    return isNode(node, 'BinaryOperation') &&
+        COMPARISON_OPERATORS.has(String(node.operator || '')) &&
+        (containsTxOrigin(node.left) || containsTxOrigin(node.right));
+}
+function containsTxOrigin(node) {
+    if (!node || typeof node !== 'object')
+        return false;
+    if (isTxOrigin(node))
+        return true;
+    return childrenOf(node).some(containsTxOrigin);
+}
+function findTxOrigin(node) {
+    if (!node || typeof node !== 'object')
+        return null;
+    if (isTxOrigin(node))
+        return node;
+    for (const child of childrenOf(node)) {
+        const found = findTxOrigin(child);
+        if (found)
+            return found;
+    }
+    return null;
+}
+function isTxOrigin(node) {
+    if (!isNode(node, 'MemberAccess'))
+        return false;
+    if (String(node.memberName || '') !== 'origin')
+        return false;
+    const expression = node.expression;
+    return isNode(expression, 'Identifier') && String(expression.name || '') === 'tx';
+}
+function getCallArguments(node) {
+    return Array.isArray(node?.arguments) ? node.arguments : [];
+}
+function childrenOf(node) {
+    if (!node || typeof node !== 'object')
+        return [];
+    const out = [];
+    for (const [key, value] of Object.entries(node)) {
+        if (key === 'loc' || key === 'src' || key === 'range' || key === 'typeDescriptions' || key === 'id')
+            continue;
+        if (Array.isArray(value)) {
+            for (const item of value)
+                if (item && typeof item === 'object')
+                    out.push(item);
+        }
+        else if (value && typeof value === 'object') {
+            out.push(value);
+        }
+    }
+    return out;
+}
+function unwrapCallOptions(expr) {
+    if (!expr || typeof expr !== 'object')
+        return expr;
+    if (isNode(expr, 'NameValueExpression') || isNode(expr, 'FunctionCallOptions'))
+        return expr.expression;
+    return expr;
+}
+function getLoc(node) {
+    if (node?.loc?.start)
+        return { line: node.loc.start.line || 0, column: node.loc.start.column || 0 };
+    return null;
+}
+function getName(node) {
+    return typeof node?.name === 'string' ? node.name : '';
+}
+function functionDisplayName(node) {
+    const kind = String(node?.kind || '').toLowerCase();
+    if (node?.isConstructor === true || kind === 'constructor')
+        return '<constructor>';
+    if (node?.isFallback === true || kind === 'fallback')
+        return '<fallback>';
+    if (node?.isReceiveEther === true || kind === 'receive')
+        return '<receive>';
+    return getName(node) || '<anonymous>';
+}
+function isNode(node, kind) {
+    return node?.type === kind || node?.nodeType === kind;
+}
+//# sourceMappingURL=unsafe-tx-origin.js.map

package/dist/detectors/unsigned-validity-window.d.ts

@@ -0,0 +1,20 @@
+import type { ScanResult } from '../index';
+export declare class UnsignedValidityWindowDetector {
+    readonly id = "unsigned-validity-window";
+    readonly patternKey = "unsigned-validity-window";
+    readonly supportedAstKinds: "parser"[];
+    scanAst(ast: any, file: string): ScanResult[];
+    private analyzeFunction;
+    private collectFunctionFacts;
+    private bodyBlocks;
+    private collectTemporalIdentifiersFromCheck;
+    private findRecoverDigestExpressions;
+    private collectResolvedIdentifiers;
+    private containsTimestamp;
+    private identifiersIn;
+    private directCallName;
+    private walk;
+    private childNodes;
+    private locOf;
+    private makeFinding;
+}

package/dist/detectors/unsigned-validity-window.js

@@ -0,0 +1,220 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.UnsignedValidityWindowDetector = void 0;
+const ast_1 = require("./_common/ast");
+const RULE_ID = 'unsigned-validity-window';
+const PATTERN = `${RULE_ID}/missing-temporal-binding`;
+const TEMPORAL_NAME = /^(deadline|validAfter|validUntil|validFrom|notBefore|notAfter|expiresAt|expiry|epochEnd)$/i;
+const SIGNATURE_RECOVER_FUNCTIONS = new Set(['recover', 'ecrecover']);
+class UnsignedValidityWindowDetector {
+    id = RULE_ID;
+    patternKey = RULE_ID;
+    supportedAstKinds = ['parser'];
+    scanAst(ast, file) {
+        const findings = [];
+        if (!ast || ast.type !== 'SourceUnit')
+            return findings;
+        for (const child of ast.children || []) {
+            if (child?.type !== 'ContractDefinition')
+                continue;
+            if (child.kind === 'interface' || child.kind === 'library')
+                continue;
+            for (const sub of child.subNodes || []) {
+                if (sub?.type !== 'FunctionDefinition' || !sub.body)
+                    continue;
+                const finding = this.analyzeFunction(child, sub, file);
+                if (finding)
+                    findings.push(finding);
+            }
+        }
+        return findings;
+    }
+    analyzeFunction(contract, fn, file) {
+        const temporalChecks = new Map();
+        const initializers = new Map();
+        this.collectFunctionFacts(fn.body, temporalChecks, initializers);
+        if (temporalChecks.size === 0)
+            return null;
+        const recoverDigests = this.findRecoverDigestExpressions(fn.body);
+        if (recoverDigests.length === 0)
+            return null;
+        for (const digest of recoverDigests) {
+            const signedIdentifiers = this.collectResolvedIdentifiers(digest, initializers, new Set());
+            for (const [name, loc] of temporalChecks) {
+                if (!signedIdentifiers.has(name)) {
+                    return this.makeFinding(contract, fn, file, name, loc);
+                }
+            }
+        }
+        return null;
+    }
+    collectFunctionFacts(node, temporalChecks, initializers) {
+        if (!node || typeof node !== 'object')
+            return;
+        if (node.type === 'VariableDeclarationStatement') {
+            const initialValue = node.initialValue;
+            for (const variable of node.variables || []) {
+                if (variable?.name && initialValue)
+                    initializers.set(variable.name, initialValue);
+            }
+        }
+        if (node.type === 'FunctionCall' && this.directCallName(node.expression) === 'require') {
+            this.collectTemporalIdentifiersFromCheck(node.arguments?.[0], temporalChecks);
+        }
+        if (node.type === 'IfStatement' && this.containsTimestamp(node.condition) && this.bodyBlocks(node)) {
+            this.collectTemporalIdentifiersFromCheck(node.condition, temporalChecks);
+        }
+        for (const child of this.childNodes(node)) {
+            this.collectFunctionFacts(child, temporalChecks, initializers);
+        }
+    }
+    bodyBlocks(node) {
+        const body = node.trueBody || node.falseBody;
+        if (!body)
+            return false;
+        let blocks = false;
+        this.walk(body, current => {
+            if (current?.type === 'RevertStatement')
+                blocks = true;
+            if (current?.type === 'ReturnStatement')
+                blocks = true;
+            if (current?.type === 'Throw' || current?.type === 'ThrowStatement')
+                blocks = true;
+            if (current?.type === 'FunctionCall' && this.directCallName(current.expression) === 'revert') {
+                blocks = true;
+            }
+        });
+        return blocks;
+    }
+    collectTemporalIdentifiersFromCheck(expr, temporalChecks) {
+        if (!expr || typeof expr !== 'object')
+            return;
+        if (!this.containsTimestamp(expr))
+            return;
+        for (const identifier of this.identifiersIn(expr)) {
+            if (TEMPORAL_NAME.test(identifier.name) && !temporalChecks.has(identifier.name)) {
+                temporalChecks.set(identifier.name, this.locOf(identifier));
+            }
+        }
+    }
+    findRecoverDigestExpressions(node) {
+        const digests = [];
+        this.walk(node, current => {
+            if (current?.type !== 'FunctionCall')
+                return;
+            const expression = current.expression;
+            if (expression?.type === 'Identifier' && SIGNATURE_RECOVER_FUNCTIONS.has(expression.name)) {
+                if (current.arguments?.[0])
+                    digests.push(current.arguments[0]);
+                return;
+            }
+            if (expression?.type === 'MemberAccess' && SIGNATURE_RECOVER_FUNCTIONS.has(expression.memberName)) {
+                const digestNode = (current.arguments?.length ?? 0) >= 2
+                    ? current.arguments[0]
+                    : expression.expression;
+                if (digestNode)
+                    digests.push(digestNode);
+            }
+        });
+        return digests;
+    }
+    collectResolvedIdentifiers(node, initializers, seen) {
+        const names = new Set();
+        this.walk(node, current => {
+            if (current?.type !== 'Identifier')
+                return;
+            names.add(current.name);
+            if (initializers.has(current.name) && !seen.has(current.name)) {
+                seen.add(current.name);
+                for (const nested of this.collectResolvedIdentifiers(initializers.get(current.name), initializers, seen)) {
+                    names.add(nested);
+                }
+            }
+        });
+        return names;
+    }
+    containsTimestamp(node) {
+        let found = false;
+        this.walk(node, current => {
+            if (current?.type === 'Identifier' && current.name === 'now')
+                found = true;
+            if (current?.type === 'MemberAccess' &&
+                current.memberName === 'timestamp' &&
+                current.expression?.type === 'Identifier' &&
+                current.expression.name === 'block') {
+                found = true;
+            }
+        });
+        return found;
+    }
+    identifiersIn(node) {
+        const identifiers = [];
+        this.walk(node, current => {
+            if (current?.type === 'Identifier')
+                identifiers.push(current);
+        });
+        return identifiers;
+    }
+    directCallName(expr) {
+        if (expr?.type === 'Identifier')
+            return expr.name;
+        if (expr?.type === 'MemberAccess')
+            return expr.memberName;
+        return null;
+    }
+    walk(node, visit) {
+        if (!node || typeof node !== 'object')
+            return;
+        visit(node);
+        for (const child of this.childNodes(node))
+            this.walk(child, visit);
+    }
+    childNodes(node) {
+        if (!node || typeof node !== 'object')
+            return [];
+        const children = [];
+        for (const [key, value] of Object.entries(node)) {
+            if (key === 'loc' || key === 'range')
+                continue;
+            if (Array.isArray(value)) {
+                for (const item of value) {
+                    if (item && typeof item === 'object')
+                        children.push(item);
+                }
+            }
+            else if (value && typeof value === 'object') {
+                children.push(value);
+            }
+        }
+        return children;
+    }
+    locOf(node) {
+        const { line, column } = (0, ast_1.assertLoc)(node);
+        return { line, column };
+    }
+    makeFinding(contract, fn, file, missingName, loc) {
+        const contractName = contract.name || '<anonymous>';
+        const functionName = fn.name || (fn.isConstructor ? '<constructor>' : '<anonymous>');
+        return {
+            file,
+            contract: contractName,
+            'function': functionName,
+            line: loc.line,
+            column: loc.column,
+            pattern: PATTERN,
+            confidence: 'high',
+            ruleId: RULE_ID,
+            severity: 'medium',
+            message: `Temporal validity parameter '${missingName}' is checked for signature authorization but is not bound into the recovered digest.`,
+            contractName,
+            functionName,
+            sourceLocation: loc,
+            findingId: '',
+            contractHash: '',
+            rationale: 'Checked validity window metadata can be replayed or forged when it is omitted from the signed digest.',
+            suggestedFix: `Include '${missingName}' in the abi.encode/abi.encodePacked inputs that feed the signed digest.`,
+        };
+    }
+}
+exports.UnsignedValidityWindowDetector = UnsignedValidityWindowDetector;
+//# sourceMappingURL=unsigned-validity-window.js.map

package/dist/detectors/unvalidated-interface-address.d.ts

@@ -0,0 +1,25 @@
+import type { ScanResult } from '../index';
+export declare class UnvalidatedInterfaceAddressDetector {
+    readonly id = "unvalidated-interface-address";
+    readonly patternKey = "unvalidated-interface-address";
+    readonly supportedAstKinds: "parser"[];
+    readonly descriptor: {
+        id: string;
+        shortDescription: string;
+        helpUri: string;
+        defaultSeverity: "low";
+        help: string;
+    };
+    private currentFile;
+    private findings;
+    private contract;
+    private userDefinedTypes;
+    setFile(file: string): void;
+    getFindings(): ScanResult[];
+    SourceUnit(node: any): void;
+    ContractDefinition(node: any): void;
+    ContractDefinition_post(_node: any): void;
+    ['ContractDefinition:exit'](node: any): void;
+    FunctionDefinition(node: any): void;
+    private applyModifierValidations;
+}