Merge pull request #209 from luongnt95/develop

Develop
enzymefinance · Oct 8, 2017 · d02bddd · d02bddd
2 parents a81196b + 7f61fbd
commit d02bddd
Show file tree

Hide file tree

Showing 7 changed files with 53 additions and 43 deletions.
diff --git a/oyente/analysis.py b/oyente/analysis.py
@@ -63,7 +63,10 @@ def check_reentrancy_bug(path_conditions_and_vars, stack, global_state):
                         new_path_condition.append(var == global_state["Ia"][storage_key])
     transfer_amount = stack[2]
     if isSymbolic(transfer_amount) and str(transfer_amount).startswith("Ia_store"):
-        storage_key = str(transfer_amount).split("-")[1]
+        try:
+            storage_key = str(transfer_amount).split("-")[1]
+        except:
+            storage_key = str(transfer_amount).split("Ia_store_")[1]
         try:
             if int(storage_key) in global_state["Ia"]:
                 new_path_condition.append(global_state["Ia"][int(storage_key)] != 0)

diff --git a/oyente/symExec.py b/oyente/symExec.py
@@ -755,7 +755,7 @@ def sym_exec_ins(params):
     elif instr_parts[0] == "ASSERTFAIL":
         if source_map:
             source_code = source_map.find_source_code(global_state["pc"])
-            if func_call == -1 and "assert" in source_code:
+            if "assert" in source_code:
                 global_problematic_pcs["assertion_failure"].append(Assertion(global_state["pc"], models[-1]))
             elif func_call != -1:
                 global_problematic_pcs["assertion_failure"].append(Assertion(func_call, models[-1]))
@@ -2051,16 +2051,16 @@ def detect_money_concurrency():
         for idx, pcs in enumerate(flows):
             pcs = validator.remove_false_positives(pcs)
             if global_params.WEB:
-                s += "flow " + str(idx + 1) + ":<br />"
+                s += "Flow " + str(idx + 1) + ":<br />"
             else:
-                s += "\nflow " + str(idx + 1) + ":"
+                s += "\nFlow " + str(idx + 1) + ":"
             for pc in pcs:
                 source_code = source_map.find_source_code(pc).split("\n", 1)[0]
                 if not source_code:
                     continue
                 location = source_map.get_location(pc)
                 if global_params.WEB:
-                    s += "%s:%s:%s: Money concurrency bug:<br />" % (source_map.cname.split(":", 1)[1], location['begin']['line'] + 1, location['begin']['column'] + 1)
+                    s += "%s:%s:%s:<br />" % (source_map.cname.split(":", 1)[1], location['begin']['line'] + 1, location['begin']['column'] + 1)
                     s += "<span style='margin-left: 20px'>%s</span><br />" % source_code
                     s += "<span style='margin-left: 20px'>^</span><br />"
                 else:
@@ -2069,6 +2069,7 @@ def detect_money_concurrency():
                     s += "^"
         if s:
             any_bug = True
+            s = "Money concurrency bug:<br />" + "<div style='margin-left: 20px'>" + s + "</div>"
             results["money_concurrency"] = s
         s = "\t  Money concurrency bug: True" + s if s else "\t  Money concurrency bug: False"
         log.info(s)

diff --git a/web/app/assets/javascripts/src/app/oyente-analyzer.js b/web/app/assets/javascripts/src/app/oyente-analyzer.js
@@ -73,7 +73,7 @@ function Analyzer () {
           var results = yo`<div>
             ${Object.keys(contracts).map(function(filename) {
               return yo`<div>
-                <div>${filename}</div>
+                <div style="font-weight: bold">${filename}</div>
                 <br />
                 ${contracts[filename].map(function (contract) {
                   if (contract.evm_code_coverage === "0/0") {

diff --git a/web/app/controllers/home_controller.rb b/web/app/controllers/home_controller.rb
@@ -4,7 +4,7 @@ def index
 
   def analyze
     @results = {}
-    @results[:filename] = oyente_params[:current_file]
+    @results[:current_file] = oyente_params[:current_file]
     unless check_params
       @results[:error] = "Invalid input"
     else
@@ -36,10 +36,11 @@ def analyze
             end
           end
         end
-        UserMailer.analyzer_result_notification(file.path, @results, oyente_params[:email]).deliver_later
+        UserMailer.analyzer_result_notification(dir_path, @results, oyente_params[:email]).deliver_later unless oyente_params[:email].nil?
       rescue
-        file.close
         @results[:error] = "Error"
+      ensure
+        file.close
       end
     end
   end

diff --git a/web/app/helpers/application_helper.rb b/web/app/helpers/application_helper.rb
@@ -1,9 +1,9 @@
 module ApplicationHelper
   def bug_exists? msg
-    if msg.empty?
-      return "<span style='color: green'>False</span>".html_safe
-    else
+    if msg
       return "<span style='color: red'>True</span>".html_safe
+    else
+      return "<span style='color: green'>False</span>".html_safe
     end
   end
 end
diff --git a/web/app/mailers/user_mailer.rb b/web/app/mailers/user_mailer.rb
@@ -1,10 +1,13 @@
 class UserMailer < ApplicationMailer
   helper ApplicationHelper
 
-  def analyzer_result_notification filepath, results, email
+  def analyzer_result_notification dir_path, results, email
     @results = results
 
-    attachments[@results[:filename]] = File.read(filepath)
+    @results[:contracts].each do |filename, result|
+      filepath = "#{dir_path}/#{filename}"
+      attachments[filename] = File.read(filepath)
+    end
 
     mail to: email, subject: "Analysis results by Oyente"
   end

diff --git a/web/app/views/user_mailer/analyzer_result_notification.html.erb b/web/app/views/user_mailer/analyzer_result_notification.html.erb
@@ -1,35 +1,37 @@
 <h1 style="text-align: center">Oyente analysis result</h1>
 <div class="result">
-  <div><%= @results[:filename] %></div>
-  <br />
-  <% if @results.key?(:error) %>
-    <div><%= @results[:error] %></div>
-  <% else %>
-    <% @results[:contracts].each do |contract| %>
-      <div>
-        <div>======= contract <%= contract[:cname] %> =======</div>
-        <% if contract[:evm_code_coverage] == "0/0" %>
-          <div>EVM code coverage: <%= contract[:evm_code_coverage] %></div>
-        <% else %>
-          <div>EVM code coverage: <%= contract[:evm_code_coverage] %>%</div>
-        <% end %>
-        <div>Callstack bug: <%= bug_exists?(contract[:callstack]) %></div>
-        <div>Money concurrency bug: <%= bug_exists?(contract[:concurrency]) %></div>
-        <div>Time dependency bug: <%= bug_exists?(contract[:time_dependency]) %></div>
-        <div>Reentrancy bug: <%= bug_exists?(contract[:reentrancy]) %></div>
-        <div>Assertion failure: <%= bug_exists?(contract[:assertion_failure]) %></div>
-        <% if contract[:callstack].present? || contract[:concurrency].present? \
-          || contract[:time_dependency].present? || contract[:reentrancy].present? || contract[:assertion_failure].present? %>
+  <% @results[:contracts].each do |filename, results| %>
+    <div style="font-weight: bold"><%= filename %></div>
+    <br />
+    <% results.each do |contract| %>
+      <% if contract.key?(:error) %>
+        <div><%= contract[:error] %></div>
+      <% else %>
+        <div>
+          <div>======= contract <%= contract[:cname] %> =======</div>
+          <% if contract[:evm_code_coverage] == "0/0" %>
+            <div>EVM code coverage: <%= contract[:evm_code_coverage] %></div>
+          <% else %>
+            <div>EVM code coverage: <%= contract[:evm_code_coverage] %>%</div>
+          <% end %>
+          <div>Callstack bug: <%= bug_exists?(contract[:callstack]) %></div>
+          <div>Money concurrency bug: <%= bug_exists?(contract[:money_concurrency]) %></div>
+          <div>Time dependency bug: <%= bug_exists?(contract[:time_dependency]) %></div>
+          <div>Reentrancy bug: <%= bug_exists?(contract[:reentrancy]) %></div>
+          <div>Assertion failure: <%= bug_exists?(contract[:assertion_failure]) %></div>
+          <% if contract[:callstack].present? || contract[:money_concurrency].present? \
+            || contract[:time_dependency].present? || contract[:reentrancy].present? || contract[:assertion_failure].present? %>
+            <br />
+          <% end %>
+          <div><%= contract[:callstack].html_safe if contract[:callstack] %></div>
+          <div><%= contract[:money_concurrency].html_safe if contract[:money_concurrency] %></div>
+          <div><%= contract[:time_dependency].html_safe if contract[:time_dependency] %></div>
+          <div><%= contract[:reentrancy].html_safe if contract[:reentrancy] %></div>
+          <div><%= contract[:assertion_failure].html_safe if contract[:assertion_failure] %></div>
+          <div>======= Analysis Completed =======</div>
           <br />
-        <% end %>
-        <div><%= contract[:callstack].html_safe %></div>
-        <div><%= contract[:concurrency].html_safe %></div>
-        <div><%= contract[:time_dependency].html_safe %></div>
-        <div><%= contract[:reentrancy].html_safe %></div>
-        <div><%= contract[:assertion_failure].html_safe %></div>
-        <div>======= Analysis Completed =======</div>
-        <br />
-      </div>
+        </div>
+      <% end %>
     <% end %>
   <% end %>
 </div>