Build

.dockerignore

@@ -0,0 +1,19 @@
+.git
+
+.idea
+.git
+Dockerfile
+# slither build from source checks for README so we leave this disabled
+# *.md
+logo.png
+.make-release-support
+build
+CI
+.DS_Store
+test_1.txt
+sub.slither/
+src/
+build-scripts/
+.vscode
+.github/
+node_modules

.github/workflows/dockerimage.yml

@@ -0,0 +1,40 @@
+name: dockerimage
+
+on: push
+
+env:
+  # TODO: Change variable to your image's name.
+  IMAGE_NAME: contractshark/slither-vandel
+
+jobs:
+  # Push image to GitHub Packages.
+  # See also https://docs.docker.com/docker-hub/builds/
+  ghr_push:
+    runs-on: ubuntu-latest
+    if: github.event_name == 'push'
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Build contractshark/slither-vandel image
+        run: docker build . --file Dockerfile --tag $IMAGE_NAME
+
+      - name: Log into GitHub Container Registry
+      # Create a PAT with `read:packages` and `write:packages` scopes and save it as an Actions secret `CR_PAT`
+        run: echo "${{ secrets.CR_PAT }}" | docker login https://ghcr.io -u ${{ github.actor }} --password-stdin
+
+      - name: Push contractshark/slither-vandel image to GitHub Container Registry
+        run: |
+          IMAGE_ID=ghcr.io/${{ github.repository }}/$IMAGE_NAME
+          # Change all uppercase to lowercase
+          IMAGE_ID=$(echo $IMAGE_ID | tr '[A-Z]' '[a-z]')
+          # Strip git ref prefix from version
+          VERSION=$(echo "${{ github.ref }}" | sed -e 's,.*/\(.*\),\1,')
+          # Strip "v" prefix from tag name
+          [[ "${{ github.ref }}" == "refs/tags/"* ]] && VERSION=$(echo $VERSION | sed -e 's/^v//')
+          # Use Docker `latest` tag convention
+          [ "$VERSION" == "master" ] && VERSION=latest
+          echo IMAGE_ID=$IMAGE_ID
+          echo VERSION=$VERSION
+          docker tag $IMAGE_NAME $IMAGE_ID:$VERSION
+          docker push $IMAGE_ID:$VERSION

.make-release-support

@@ -0,0 +1,105 @@
+#!/bin/bash
+#
+#   Copyright 2015  Xebia Nederland B.V.
+#
+#   Licensed under the Apache License, Version 2.0 (the "License");
+#   you may not use this file except in compliance with the License.
+#   You may obtain a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#   Unless required by applicable law or agreed to in writing, software
+#   distributed under the License is distributed on an "AS IS" BASIS,
+#   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#   See the License for the specific language governing permissions and
+#   limitations under the License.
+#
+function hasChanges() {
+	test -n "$(git status -s .)"
+}
+
+function getRelease() {
+	awk -F= '/^release=/{print $2}' .release
+}
+
+function getBaseTag() {
+		sed -n -e "s/^tag=\(.*\)$(getRelease)\$/\1/p" .release
+}
+
+function getTag() {
+	if [ -z "$1" ] ; then
+		awk -F= '/^tag/{print $2}' .release
+	else
+		echo "$(getBaseTag)$1"
+	fi
+}
+
+function setRelease() {
+	if [ -n "$1" ] ; then
+		sed -i.x -e "s~^tag=.*~tag=$(getTag $1)~" .release
+		sed -i.x -e "s~^release=.*~release=$1~g" .release
+		rm -f .release.x
+		runPreTagCommand "$1"
+	else
+		echo "ERROR: missing release version parameter " >&2
+		return 1
+	fi
+}
+
+function runPreTagCommand() {
+	if [ -n "$1" ] ; then
+		COMMAND=$(sed -n -e "s/@@RELEASE@@/$1/g" -e 's/^pre_tag_command=\(.*\)/\1/p' .release)
+		if [ -n "$COMMAND" ] ; then
+			if ! OUTPUT=$(bash -c "$COMMAND" 2>&1) ; then echo $OUTPUT >&2 && exit 1 ; fi
+		fi
+	else
+		echo "ERROR: missing release version parameter " >&2
+		return 1
+	fi
+}
+
+function tagExists() {
+	tag=${1:-$(getTag)}
+	test -n "$tag" && test -n "$(git tag | grep "^$tag\$")"
+}
+
+function differsFromRelease() {
+	tag=$(getTag)
+	! tagExists $tag || test -n "$(git diff --shortstat -r $tag .)"
+}
+
+function getVersion() {
+	result=$(getRelease)
+
+	if differsFromRelease; then
+		result="$result-$(git log -n 1 --format=%h .)"
+	fi
+
+	if hasChanges ; then
+		result="$result-dirty"
+	fi
+	echo $result
+}
+
+function nextPatchLevel() {
+	version=${1:-$(getRelease)}
+	major_and_minor=$(echo $version | cut -d. -f1,2)
+	patch=$(echo $version | cut -d. -f3)
+	version=$(printf "%s.%d" $major_and_minor $(($patch + 1)))
+	echo $version
+}
+
+function nextMinorLevel() {
+	version=${1:-$(getRelease)}
+	major=$(echo $version | cut -d. -f1);
+	minor=$(echo $version | cut -d. -f2);
+	version=$(printf "%d.%d.0" $major $(($minor + 1))) ;
+	echo $version
+}
+
+function nextMajorLevel() {
+	version=${1:-$(getRelease)}
+	major=$(echo $version | cut -d. -f1);
+	version=$(printf "%d.0.0" $(($major + 1)))
+	echo $version
+}

.release

@@ -0,0 +1,2 @@
+release=0.0.0
+tag=contract-shark-dev-0.0.0

CI/Makefile

@@ -0,0 +1,26 @@
+.DEFAULT_GOAL := help
+
+scripts := $(shell grep -lr '\#!/usr/bin/env bash' . | grep -v Makefile)
+
+
+.PHONY: help
+## help | show help
+help:
+	@grep -E '^##' $(MAKEFILE_LIST) \
+		| sed -E 's,##\s*,,' \
+		| column -s '|' -t \
+		| sed -E "s,^([^ ]+),$(shell tput setaf 6)\1$(shell tput sgr0),"
+
+
+.PHONY: lint
+## lint | run shellcheck
+lint:
+	$(info $(shell tput setaf 6)--- $@$(shell tput sgr0))
+	shellcheck -x $(scripts)
+
+
+.PHONY: test
+## test | run test
+test:
+	$(info $(shell tput setaf 6)--- $@$(shell tput sgr0))
+	./run_tests.bash *.test.bash

CONTRIBUTING.md

@@ -0,0 +1,46 @@
+# Contributing to Slither
+First, thanks for your interest in contributing to Slither! We welcome and appreciate all contributions, including bug reports, feature suggestions, tutorials/blog posts, and code improvements.
+
+If you're unsure where to start, we recommend our [`good first issue`](https://github.com/crytic/slither/issues?q=is%3Aissue+is%3Aopen+label%3A%22good+first+issue%22) and [`help wanted`](https://github.com/crytic/slither/issues?q=is%3Aissue+is%3Aopen+label%3A%22help+wanted%22) issue labels.
+
+## Bug reports and feature suggestions
+Bug reports and feature suggestions can be submitted to our issue tracker. For bug reports, attaching the contract that caused the bug will help us in debugging and resolving the issue quickly. If you find a security vulnerability, do not open an issue; email opensource@trailofbits.com instead.
+
+## Questions
+Questions can be submitted to the issue tracker, but you may get a faster response if you ask in our [chat room](https://empireslacking.herokuapp.com/) (in the #ethereum channel).
+
+## Code
+Slither uses the pull request contribution model. Please make an account on Github, fork this repo, and submit code contributions via pull request. For more documentation, look [here](https://guides.github.com/activities/forking/).
+
+Some pull request guidelines:
+
+- Work from the [`dev`](https://github.com/crytic/slither/tree/dev) branch. We performed extensive tests prior to merging anything to `master`, working from `dev` will allow us to merge your work faster.
+- Minimize irrelevant changes (formatting, whitespace, etc) to code that would otherwise not be touched by this patch. Save formatting or style corrections for a separate pull request that does not make any semantic changes.
+- When possible, large changes should be split up into smaller focused pull requests.
+- Fill out the pull request description with a summary of what your patch does, key changes that have been made, and any further points of discussion, if applicable.
+- Title your pull request with a brief description of what it's changing. "Fixes #123" is a good comment to add to the description, but makes for an unclear title on its own.
+
+## Development Environment
+Instructions for installing a development version of Slither can be found in our [wiki](https://github.com/crytic/slither/wiki/Developer-installation).
+
+## Linters
+
+Several linters and security checkers are run on the PRs.
+
+To run them locally:
+
+- `pylint slither --rconfig pyproject.toml`
+- `black slither --config pyproject.toml`
+
+## Detectors regression tests
+
+For each new detector, at least one regression tests must be present.
+To generate the following scripts, you must have [`solc-select`](https://github.com/crytic/solc-select) installed.
+
+- Create a test in `tests`
+- Update `script/ci_test_detectors_[solc_version].sh`, and add `generate_expected_json tests/YOUR_FILENAME.sol "DETECTOR_NAME"`. Be sure that all the other lines are commented (otherwise you will regenerate the tests for all the detectores)
+- Run `./script/ci_test_detectors_[solc_version].sh`. This will generate the json artifacts in `tests/expected_json`. Add the generated files to git.
+- Update `scripts/ci_test_detectors_[solc_version].sh` with your new tests.
+- Run `scripts/ci_test_detectors_[solc_version].sh` and check that everything worked.
+
+

Dockerfile

@@ -0,0 +1,37 @@
+
+# vim:set ft=dockerfile:
+
+FROM cimg/python:3.7.9
+
+SHELL ["/bin/bash", "-c"]
+
+# RUN 
+
+# Dockerfile will pull the latest LTS release from cimg-node.
+RUN curl -sSL "https://raw.githubusercontent.com/CircleCI-Public/cimg-node/master/ALIASES" -o nodeAliases.txt && \
+	NODE_VERSION=$(grep "lts" ./nodeAliases.txt | cut -d "=" -f 2-) && \
+	curl -L -o node.tar.xz "https://nodejs.org/dist/v${NODE_VERSION}/node-v${NODE_VERSION}-linux-x64.tar.xz" && \
+	sudo tar -xJf node.tar.xz -C /usr/local --strip-components=1 && \
+	rm node.tar.xz nodeAliases.txt && \
+	sudo ln -s /usr/local/bin/node /usr/local/bin/nodejs
+
+ENV YARN_VERSION 1.22.4
+RUN curl -L -o yarn.tar.gz "https://yarnpkg.com/downloads/${YARN_VERSION}/yarn-v${YARN_VERSION}.tar.gz" && \
+	sudo tar -xzf yarn.tar.gz -C /opt/ && \
+	rm yarn.tar.gz && \
+	sudo ln -s /opt/yarn-v${YARN_VERSION}/bin/yarn /usr/local/bin/yarn && \
+	sudo ln -s /opt/yarn-v${YARN_VERSION}/bin/yarnpkg /usr/local/bin/yarnpkg
+
+RUN wget https://github.com/ethereum/solidity/releases/download/v0.5.17/solc-static-linux \
+ && chmod +x solc-static-linux \
+ && sudo mv solc-static-linux /usr/bin/solc
+
+RUN sudo useradd -m slither
+USER slither
+
+COPY --chown=slither:slither . /home/slither/slither
+WORKDIR /home/slither/slither
+
+RUN python3 setup.py install --user
+ENV PATH="/home/slither/.local/bin:${PATH}"
+CMD /bin/bash