Adding a detector - Building Secure Contracts (original) (raw)
Building Secure Contracts
Slither's plugin architecture lets you integrate new detectors that run from the command-line.
Detector Skeleton
The skeleton for a detector is:
from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification
class Skeleton(AbstractDetector):
"""
Documentation
"""
ARGUMENT = 'mydetector' # slither will launch the detector with slither.py --detect mydetector
HELP = 'Help printed by slither'
IMPACT = DetectorClassification.HIGH
CONFIDENCE = DetectorClassification.HIGH
WIKI = ''
WIKI_TITLE = ''
WIKI_DESCRIPTION = ''
WIKI_EXPLOIT_SCENARIO = ''
WIKI_RECOMMENDATION = ''
def _detect(self):
info = ['This is an example']
res = self.generate_result(info)
return [res]
ARGUMENTlets you run the detector from the command-lineHELPis the information printed from the command-lineIMPACTindicates the impact of the issue. Allowed values are:DetectorClassification.OPTIMIZATION: printed in greenDetectorClassification.INFORMATIONAL: printed in greenDetectorClassification.LOW: printed in greenDetectorClassification.MEDIUM: printed in yellowDetectorClassification.HIGH: printed in red
CONFIDENCEindicates your confidence in the analysis. Allowed values are:DetectorClassification.LOWDetectorClassification.MEDIUMDetectorClassification.HIGH
WIKIconstants are used to generate automatically the documentation.
_detect() needs to return a list of findings. A finding is an element generated with self.generate_result(info), where info is a list of text or contract's object (contract, function, node, ...)
An AbstractDetector object has the slither attribute, which returns the current Slither object.
Integration
You can integrate your detector into Slither by:
- Adding it in slither/detectors/all_detectors.py
- or, by creating a plugin package (see the skeleton example).
Test the detector
See CONTRIBUTING.md#development-environment
Example
backdoor.py will detect any function with backdoor in its name.