Skip to content

Commit

Permalink
Don't report uninitialized state variable when there is initializer
Browse files Browse the repository at this point in the history
… modifier (#771)
  • Loading branch information
TilakMaddy authored Oct 18, 2024
1 parent a19aa12 commit f0c14b5
Show file tree
Hide file tree
Showing 7 changed files with 147 additions and 143 deletions.
76 changes: 64 additions & 12 deletions aderyn_core/src/detect/high/unprotected_init_function.rs
Original file line number Diff line number Diff line change
Expand Up @@ -3,8 +3,15 @@ use std::{collections::BTreeMap, error::Error};
use crate::{
ast::NodeID,
capture,
context::{browser::ExtractIdentifiers, workspace_context::WorkspaceContext},
detect::detector::{IssueDetector, IssueDetectorNamePool, IssueSeverity},
context::{
browser::{ExtractIdentifiers, ExtractModifierInvocations, ExtractRevertStatements},
graph::{CallGraph, CallGraphDirection, CallGraphVisitor},
workspace_context::WorkspaceContext,
},
detect::{
detector::{IssueDetector, IssueDetectorNamePool, IssueSeverity},
helpers,
},
};
use eyre::Result;

Expand All @@ -17,15 +24,16 @@ pub struct UnprotectedInitializerDetector {

impl IssueDetector for UnprotectedInitializerDetector {
fn detect(&mut self, context: &WorkspaceContext) -> Result<bool, Box<dyn Error>> {
for function in context.function_definitions() {
if function.name.to_lowercase().contains("init") {
let has_modifiers = !function.modifiers.is_empty();
if !has_modifiers {
let identifiers = ExtractIdentifiers::from(function).extracted;
if !identifiers.iter().any(|x| x.name == "revert" || x.name == "require") {
capture!(self, context, function);
}
for func in helpers::get_implemented_external_and_public_functions(context) {
let callgraph = CallGraph::new(context, &[&func.into()], CallGraphDirection::Inward)?;
let mut tracker = UnprotectedInitializationTracker::default();
callgraph.accept(context, &mut tracker)?;

if func.name.starts_with("_init") || func.name.starts_with("init") {
if tracker.has_initializer_modifier || tracker.has_require_or_revert {
continue;
}
capture!(self, context, func);
}
}

Expand Down Expand Up @@ -53,6 +61,51 @@ impl IssueDetector for UnprotectedInitializerDetector {
}
}

#[derive(Default, Debug)]
struct UnprotectedInitializationTracker {
has_require_or_revert: bool,
has_initializer_modifier: bool, // devtooligan's suggestion
}

impl CallGraphVisitor for UnprotectedInitializationTracker {
fn visit_any(&mut self, node: &crate::ast::ASTNode) -> eyre::Result<()> {
// Check for revert(), require(), revert SomeError()
let has_req_or_revert_calls = ExtractIdentifiers::from(node)
.extracted
.into_iter()
.any(|x| x.name == "require" || x.name == "revert");

let has_revert_stmnts = !ExtractRevertStatements::from(node).extracted.is_empty();

if has_req_or_revert_calls || has_revert_stmnts {
self.has_require_or_revert = true;
}

// Check if modifier name is "initialized" and assume it works
// This is done becauase often times initialized comes from openzeppelin and it is out of
// scope when running aderyn due to it being a library

let modifier_invocations = ExtractModifierInvocations::from(node).extracted;

for inv in modifier_invocations {
match inv.modifier_name {
crate::ast::IdentifierOrIdentifierPath::Identifier(n) => {
if n.name == "initializer" {
self.has_initializer_modifier = true;
}
}
crate::ast::IdentifierOrIdentifierPath::IdentifierPath(n) => {
if n.name == "initializer" {
self.has_initializer_modifier = true;
}
}
}
}

Ok(())
}
}

#[cfg(test)]
mod unprotected_initializer {
use serial_test::serial;
Expand All @@ -69,8 +122,7 @@ mod unprotected_initializer {
);

let mut detector = UnprotectedInitializerDetector::default();
let found = detector.detect(&context).unwrap();
// assert that the detector found an abi encode packed
let found = detector.detect(&context).unwrap(); // assert that the detector found an abi encode packed
assert!(found);
// println!("{:?}", detector.instances());
assert_eq!(detector.instances().len(), 1);
Expand Down
42 changes: 3 additions & 39 deletions reports/ccip-functions-report.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

46 changes: 26 additions & 20 deletions reports/report.json

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

28 changes: 17 additions & 11 deletions reports/report.md

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

Loading

1 comment on commit f0c14b5

@TilakMaddy
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry for mistake in naming:

Commit message reads:

Don't report uninitialized state variable when there is initializer modifier

I meant

Don't report unprotected initialization function when there is initializer modifier

Please sign in to comment.