fix dockerfile issue

Author: shuo-young

Dockerfile

@@ -1,39 +1,34 @@
 ARG ETHEREUM_VERSION=alltools-v1.10.21
 ARG SOLC_VERSION=0.8.16
 
-FROM ethereum/client-go:${ETHEREUM_VERSION} as geth
-FROM ethereum/solc:${SOLC_VERSION} as solc
-
-FROM ubuntu:bionic as CLI
-
-ARG NODEREPO=node_8.x
-
-LABEL maintainer "Shuo Yang <https://github.com/shuo-young>"
-
-SHELL ["/bin/bash", "-c", "-l"]
-RUN apt-get update && apt-get -y upgrade
-RUN apt-get install -y wget unzip python-virtualenv git build-essential software-properties-common curl
-RUN curl -s 'https://deb.nodesource.com/gpgkey/nodesource.gpg.key' | apt-key add -
-RUN apt-add-repository "deb https://deb.nodesource.com/${NODEREPO} $(lsb_release -c -s) main"
-RUN curl -sS https://dl.yarnpkg.com/debian/pubkey.gpg | apt-key add -
-RUN echo "deb https://dl.yarnpkg.com/debian/ stable main" | tee /etc/apt/sources.list.d/yarn.list
-RUN apt-get update
-RUN apt-get install -y musl-dev golang-go python3 python3-pip python-pip \
-        bison zlib1g-dev libyaml-dev libssl-dev libgdbm-dev libreadline-dev \
-	zlib1g-dev libreadline-dev libyaml-dev libsqlite3-dev sqlite3 \
-        libxml2-dev libxslt1-dev libcurl4-openssl-dev libffi-dev nodejs yarn && \
-        apt-get clean
-
-# Instsall geth from official geth image
-COPY --from=geth /usr/local/bin/evm /usr/local/bin/evm
+FROM ethereum/client-go:${ETHEREUM_VERSION} AS geth
+FROM ethereum/solc:${SOLC_VERSION} AS solc
 
-# Install solc from official solc image
-COPY --from=solc /usr/bin/solc /usr/bin/solc
+FROM python:3.10-slim AS cli
+
+LABEL maintainer="Shuo Yang <https://github.com/shuo-young>"
 
-ENV PYTHONIOENCODING=utf-8 
+ENV PYTHONIOENCODING=utf-8
 
-COPY . /NFTGuard
-RUN cd /NFTGuard && pip3 install -r requirements.txt
+# Install build dependencies and runtime tools
+RUN apt-get update && apt-get install -y --no-install-recommends \
+    gcc \
+    libc6-dev \
+    ca-certificates \
+ && rm -rf /var/lib/apt/lists/*
+
+# Install geth evm and solc from official images
+COPY --from=geth /usr/local/bin/evm /usr/local/bin/evm
+COPY --from=solc /usr/bin/solc /usr/bin/solc
 
 WORKDIR /NFTGuard
-ENTRYPOINT ["python3", "/NFTGuard/tool.py"]
+
+# Leverage Docker layer caching for deps
+COPY requirements.txt ./
+RUN pip install --upgrade pip setuptools wheel && \
+    pip install -r requirements.txt
+
+# Copy source
+COPY . .
+
+ENTRYPOINT ["python3", "/NFTGuard/tool.py"]

config/config.py

@@ -37,10 +37,10 @@ class AnalysisConfig:
 
     # Paths and files
     source: Optional[str] = None
-    crawl_dir: str = \"./test/\"
+    crawl_dir: str = "./test/"
 
     # Contract metadata
-    contract_address: str = \"\"
+    contract_address: str = ""
     contract_count: int = 0
     storage_var_count: int = 0
     pub_fun_count: int = 0
@@ -51,7 +51,7 @@ class AnalysisConfig:
 
     @classmethod
     def from_args(cls, args) -> 'AnalysisConfig':
-        \"\"\"Create configuration from command line arguments.\"\"\"
+        """Create configuration from command line arguments."""
         config = cls()
 
         # Update from args if provided
@@ -95,7 +95,7 @@ def from_args(cls, args) -> 'AnalysisConfig':
         return config
 
     def to_dict(self) -> dict:
-        \"\"\"Convert configuration to dictionary.\"\"\"
+        """Convert configuration to dictionary."""
         return {
             'timeout': self.timeout,
             'global_timeout': self.global_timeout,
@@ -122,20 +122,20 @@ def to_dict(self) -> dict:
 
 
 def get_config() -> AnalysisConfig:
-    \"\"\"Get the global configuration instance.\"\"\"
+    """Get the global configuration instance."""
     global _global_config
     if _global_config is None:
         _global_config = AnalysisConfig()
     return _global_config
 
 
 def set_config(config: AnalysisConfig) -> None:
-    \"\"\"Set the global configuration instance.\"\"\"
+    """Set the global configuration instance."""
     global _global_config
     _global_config = config
 
 
 def reset_config() -> None:
-    \"\"\"Reset the global configuration to defaults.\"\"\"
+    """Reset the global configuration to defaults."""
     global _global_config
     _global_config = AnalysisConfig()

crawler/crawl.py

@@ -2,18 +2,13 @@
 import json
 import os
 from time import sleep
+import logging
 
 import requests as rq
 
 
 def make_dir(path):
-    folders = []
-    while not os.path.isdir(path):
-        path, suffix = os.path.split(path)
-        folders.append(suffix)
-    for folder in folders[::-1]:
-        path = os.path.join(path, folder)
-        os.mkdir(path)
+    os.makedirs(path, exist_ok=True)
 
 
 def is_json(myjson):
@@ -36,14 +31,13 @@ def crawl_contract(rootdir, c_address):
     root = rootdir
     contract_address = c_address
     # contract_name = row[2]
-    curl_link = (
-        "https://api.etherscan.io/api?module=contract&action=getsourcecode&address="
-        + c_address
-        + "&apikey=HPB1MEZ5YEJ7GZJF7ASQDJ4MPU7YEUTIUT"
-    )
-    print(curl_link)
-
-    output = rq.get(curl_link, headers=send_headers)
+    api_key = os.getenv("ETHERSCAN_API_KEY")
+    params = {"module": "contract", "action": "getsourcecode", "address": c_address}
+    if api_key:
+        params["apikey"] = api_key
+    else:
+        logging.warning("ETHERSCAN_API_KEY not set; proceeding without API key")
+    output = rq.get("https://api.etherscan.io/api", headers=send_headers, params=params)
 
     # sleep to avoid ban
     sleep(2)
@@ -54,34 +48,27 @@ def crawl_contract(rootdir, c_address):
         if is_json(source_code):
             res = json.loads(source_code)
             for key in res:
-                print(key)
-                sol_file = open(
-                    root + contract_address + "/" + key, "w", encoding="UTF-8"
-                )
-                sol_file.write(res[key]["content"])
-                sol_file.close()
+                logging.debug(key)
+                with open(root + contract_address + "/" + key, "w", encoding="UTF-8") as sol_file:
+                    sol_file.write(res[key]["content"])
         elif source_code[0] == source_code[1] == "{":
             new_code = source_code[1:-1]
             res = json.loads(new_code)
             sources = res["sources"]
             for name in sources:
-                print(name)
+                logging.debug(name)
                 _dir, _file = os.path.split(root + contract_address + "/" + name)
-                print(_dir)
+                logging.debug(_dir)
                 make_dir(_dir)
-                sol_file = open(
-                    root + contract_address + "/" + name, "w", encoding="UTF-8"
-                )
-                sol_file.write(sources[name]["content"])
-                sol_file.close()
+                with open(root + contract_address + "/" + name, "w", encoding="UTF-8") as sol_file:
+                    sol_file.write(sources[name]["content"])
         else:
-            sol_file = open(
+            with open(
                 root + contract_address + "/" + contract_address + ".sol",
                 "w",
                 encoding="UTF-8",
-            )
-            sol_file.write(source_code)
-            sol_file.close()
+            ) as sol_file:
+                sol_file.write(source_code)
 
 
 if __name__ == "__main__":

feature_detector/semantic_analysis.py

@@ -1,4 +1,5 @@
 import logging
+import math
 
 import global_params
 from cfg_builder.opcodes import *
@@ -152,7 +153,7 @@ def semantic_analysis(
                     global_state["approve"]["MSTORE_1"] = True
                 elif value in g_slot_map.owner_index:
                     global_state["approve"]["MSTORE_owner"] = True
-                elif value in g_slot_map.owner_index:
+                elif value in g_slot_map.approval_index:
                     global_state["approve"]["MSTORE_2"] = True
 
             if global_state["burn"]["trigger"] is True:
@@ -176,10 +177,11 @@ def semantic_analysis(
         # *Risky Mutable Proxy DEFECT
         if g_src_map:
             if stored_address in g_slot_map.proxy_index and current_func_name:
+                name_upper = current_func_name.upper()
                 if (
-                    "ACTIVE" not in current_func_name.upper()
-                    and "START" not in current_func_name.upper()
-                    and "SETPROXY" in current_func_name.upper()
+                    "ACTIVE" not in name_upper
+                    and "START" not in name_upper
+                    and "SETPROXY" in name_upper
                 ):
                     solver = Solver()
                     solver.set("timeout", global_params.TIMEOUT)
@@ -348,10 +350,9 @@ def semantic_analysis(
                 for var in list_vars:
                     if str(var) == str(global_state["sender_address"]):
                         check = True
-            if check == False:
+            if not check:
                 global_problematic_pcs["burn_defect"].append(global_state["burn"]["pc"])
     elif opcode.startswith("PUSH", 0):
-        position = int(opcode[4:], 10)
         source_code = g_src_map.get_source_code(global_state["pc"])
         if source_code.strip().startswith("_safeMint"):
             # find 4 pc count before to find the exit of the for loop to judge the end of the function (for _safeMint)
@@ -473,7 +474,7 @@ def check_reentrancy_bug(g_src_map, global_state, stack, mem):
     # *Read memory from 160 to 224/mem_64 => 160, 164 + mem_mem_64 => 224
     # *The values should be the shift-lefted value of OnERC721Received selector
     start_data_input = stack[3]
-    size_data_input = stack[4]
+    _ = stack[4]
     if (
         str(start_data_input) == "mem_64"
         or mem[start_data_input] == global_params.ONERC721RECEIVED_SELECTOR_SHL

inputter/slot_map.py

@@ -1,4 +1,5 @@
 import re
+import logging
 
 from inputter.ast.ast_helper import AstHelper
 
@@ -110,7 +111,7 @@ def calculate_extracted_slot(self):
                     simpler_slot_map[slots[id]].append({key: type})
                 else:
                     simpler_slot_map[slots[id]] = [key]
-        print(simpler_slot_map)
+        logging.debug(simpler_slot_map)
         return id_to_state_vars, simpler_slot_map, name_to_type
 
     def calculate_slot(self):

inputter/solc_version_switcher.py

@@ -1,5 +1,6 @@
 import re
 import subprocess
+import logging
 
 
 def install_and_use_solc_version(version_info):
@@ -8,16 +9,16 @@ def install_and_use_solc_version(version_info):
     ).decode()
 
     if version_info in installed_versions_output:
-        print(f"Version {version_info} is already installed.")
+        logging.info(f"Version {version_info} is already installed.")
     else:
-        print(f"Installing version {version_info}...")
+        logging.info(f"Installing version {version_info}...")
         subprocess.run(["solc-select", "install", version_info], check=True)
-        print(f"Version {version_info} installed successfully.")
+        logging.info(f"Version {version_info} installed successfully.")
     # else:
     #     raise ValueError(f"Version {version_info} is not available for installation.")
 
     subprocess.run(["solc-select", "use", version_info], check=True)
-    print(f"Switched to version {version_info}.")
+    logging.info(f"Switched to version {version_info}.")
 
 
 class SolidityVersionSwitcher:
@@ -41,9 +42,9 @@ def extract_solidity_version(self, solidity_code):
     def switch_solc_version(self, version_info):
         try:
             subprocess.run(["solc-select", "use", version_info], check=True)
-            print(f"Successfully switched to Solidity version {version_info}.")
+            logging.info(f"Successfully switched to Solidity version {version_info}.")
         except subprocess.CalledProcessError as e:
-            print(f"Failed to switch to Solidity version {version_info}. Error: {e}")
+            logging.error(f"Failed to switch to Solidity version {version_info}. Error: {e}")
 
     def run(self):
         solidity_code = self.load_solidity_code()

inputter/source_map.py

@@ -1,5 +1,6 @@
 import ast
 import json
+import logging
 
 import six
 
@@ -197,7 +198,7 @@ def _load_position_groups(cls, remap):
             cls.parent_filename,
             " ".join(remap),
         )
-        print(cmd)
+        logging.debug(cmd)
         out = run_command(cmd)
         out = json.loads(out)
         return out["contracts"]