Scaffold repo scripts, add Slither (#3)

* WIP: scripts

* Added inquirer and multiple output types

* Update .gitignore

Co-authored-by: Lucas <[email protected]>

* added option for CI and other PR feedback

* Update scripts/slither.ts

* Update scripts/slither.ts

* Add ts-node, add slither script

* Remove await

* Blankline

Co-authored-by: Lucas Janon <[email protected]>

.gitignore

@@ -20,3 +20,8 @@ tsconfig.tsbuildinfo
 # Misc
 .env
 .DS_Store
+
+# Slither
+scripts/slither-results/*
+!scripts/slither-results/.gitkeep
+

package.json

@@ -16,10 +16,11 @@
     "crosschain"
   ],
   "scripts": {
-    "compile": "yarn workspaces foreach -pv run compile",
     "clean": "yarn workspaces foreach -pv run clean",
-    "lint": "npx eslint . --ext .js,.ts",
+    "compile": "yarn workspaces foreach -pv run compile",
     "lint:fix": "npx eslint . --ext .js,.ts --fix",
+    "lint": "npx eslint . --ext .js,.ts",
+    "slither": "npx ts-node ./scripts/slither.ts",
     "test": "yarn workspaces foreach -ptv run test"
   },
   "devDependencies": {
@@ -29,6 +30,7 @@
     "@typechain/ethers-v5": "^10.0.0",
     "@typechain/hardhat": "^6.0.0",
     "@types/chai": "^4.3.1",
+    "@types/inquirer": "^8.2.1",
     "@types/mocha": "^9.1.1",
     "@types/node": "^17.0.25",
     "@typescript-eslint/eslint-plugin": "^5.20.0",
@@ -49,8 +51,10 @@
     "ethereumjs-utils": "^5.2.5",
     "ethers": "5.6.8",
     "hardhat": "2.9.7",
+    "inquirer": "^8.2.4",
     "mocha": "^9.2.2",
     "ts-mocha": "^9.0.2",
+    "ts-node": "10.8.1",
     "typechain": "^8.0.0",
     "typescript": "^4.6.3"
   },

scripts/slither.ts

@@ -0,0 +1,75 @@
+import fs from "fs";
+import inquirer from "inquirer";
+import { execSync } from "node:child_process";
+import path from "node:path";
+
+const projectRoot = path.join(__dirname, "../");
+const solcVersion = "0.8.9";
+const timestamp = Date.now();
+const packageNames = ["protocol-contracts", "example-contracts"];
+
+async function getPackageName() {
+  let packageName;
+
+  if (process.env.CI) {
+    packageName = process.argv[2];
+
+    if (!packageNames.includes(packageName)) {
+      console.error(`${packageName} is not a valid package name.`);
+      console.error(`Valid package names are: ${packageNames.join(", ")}`);
+      process.exit(1);
+    }
+
+    return packageName;
+  } else {
+    packageName = await inquirer.prompt([
+      {
+        type: "list",
+        message: "Which set of contracts would you like to test?",
+        name: "contracts",
+        choices: packageNames,
+      },
+    ]);
+
+    return packageName.contracts;
+  }
+}
+
+const run = async (command: string) => {
+  try {
+    console.log("Starting -- This may take a few minutes...");
+
+    execSync(command, {
+      encoding: "utf-8",
+      stdio: "inherit",
+    });
+
+    console.log("Results output to the console and saved to slither-output/ in Markdown, JSON, and SARIF formats.");
+  } catch (error: any) {
+    console.error("Error: Docker Failed To Run");
+    console.error(`${error}`);
+  }
+};
+
+function runSlither(packageName: string) {
+  const dockerCommand = `cd /home/trufflecon/packages/${packageName} && \
+  solc-select use ${solcVersion} && \
+  slither --json ../../scripts/slither-results/${packageName}-${timestamp}.json \
+  --sarif ../../scripts/slither-results/${packageName}-${timestamp}.sarif \
+  --checklist  ./ | tee ../../scripts/slither-results/${packageName}-${timestamp}.md`;
+
+  run(`docker run -v "${projectRoot}":/home/trufflecon trailofbits/eth-security-toolbox  -c "${dockerCommand}"`);
+}
+
+async function main() {
+  const packageName = await getPackageName();
+
+  runSlither(packageName);
+}
+
+main()
+  .then(() => process.exit(0))
+  .catch((error) => {
+    console.error(error);
+    process.exit(1);
+  });