Spaces:
Sleeping
Sleeping
Updated
Browse files- CVE Search
- Integrated CVE Search in Mythril
- verifier.py +59 -12
verifier.py
CHANGED
|
@@ -2,6 +2,36 @@ import subprocess
|
|
| 2 |
import tempfile
|
| 3 |
import json
|
| 4 |
import os
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 5 |
|
| 6 |
def analyze_contract(code: str, language: str, tool: str, run_formal: bool = False):
|
| 7 |
"""
|
|
@@ -75,25 +105,42 @@ def analyze_with_slither(filepath):
|
|
| 75 |
def analyze_with_mythril(filepath):
|
| 76 |
try:
|
| 77 |
result = subprocess.run(
|
| 78 |
-
["myth", "analyze", filepath, "--solv", "0.8.0"],
|
| 79 |
capture_output=True,
|
| 80 |
text=True,
|
| 81 |
-
timeout=
|
| 82 |
)
|
| 83 |
-
raw_output = result.stdout or result.stderr
|
| 84 |
-
if not raw_output:
|
| 85 |
-
return ("No issues found.", "No issues were detected by Mythril.")
|
| 86 |
|
| 87 |
-
|
| 88 |
-
|
| 89 |
-
|
| 90 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 91 |
|
| 92 |
-
cve_report = "\n[Detailed CVE-style Report]\n\n"
|
| 93 |
for issue in issues:
|
| 94 |
-
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| 95 |
|
| 96 |
-
return summary, cve_report
|
| 97 |
except Exception as e:
|
| 98 |
return ("Mythril analysis failed.", f"Error: {str(e)}")
|
| 99 |
|
|
|
|
| 2 |
import tempfile
|
| 3 |
import json
|
| 4 |
import os
|
| 5 |
+
import requests
|
| 6 |
+
|
| 7 |
+
def search_cve_from_nvd(keyword: str) -> str:
|
| 8 |
+
"""
|
| 9 |
+
Search for a CVE from NVD API using a keyword.
|
| 10 |
+
"""
|
| 11 |
+
try:
|
| 12 |
+
url = "https://services.nvd.nist.gov/rest/json/cves/2.0"
|
| 13 |
+
params = {
|
| 14 |
+
"keywordSearch": keyword,
|
| 15 |
+
"resultsPerPage": 1
|
| 16 |
+
}
|
| 17 |
+
headers = {
|
| 18 |
+
"User-Agent": "SmartContractVerifier/1.0"
|
| 19 |
+
}
|
| 20 |
+
response = requests.get(url, params=params, headers=headers, timeout=10)
|
| 21 |
+
response.raise_for_status()
|
| 22 |
+
|
| 23 |
+
data = response.json()
|
| 24 |
+
items = data.get("vulnerabilities", [])
|
| 25 |
+
|
| 26 |
+
if not items:
|
| 27 |
+
return "No CVE found."
|
| 28 |
+
|
| 29 |
+
cve_id = items[0]["cve"]["id"]
|
| 30 |
+
cve_desc = items[0]["cve"]["descriptions"][0]["value"]
|
| 31 |
+
return f"{cve_id}: {cve_desc}"
|
| 32 |
+
|
| 33 |
+
except Exception as e:
|
| 34 |
+
return f"Error querying CVE DB: {str(e)}"
|
| 35 |
|
| 36 |
def analyze_contract(code: str, language: str, tool: str, run_formal: bool = False):
|
| 37 |
"""
|
|
|
|
| 105 |
def analyze_with_mythril(filepath):
|
| 106 |
try:
|
| 107 |
result = subprocess.run(
|
| 108 |
+
["myth", "analyze", filepath, "--solv", "0.8.0", "--execution-timeout", "60", "--output", "json"],
|
| 109 |
capture_output=True,
|
| 110 |
text=True,
|
| 111 |
+
timeout=90
|
| 112 |
)
|
|
|
|
|
|
|
|
|
|
| 113 |
|
| 114 |
+
if result.returncode != 0:
|
| 115 |
+
return ("Mythril analysis failed.", result.stderr)
|
| 116 |
+
|
| 117 |
+
data = json.loads(result.stdout)
|
| 118 |
+
issues = data.get("issues", [])
|
| 119 |
+
|
| 120 |
+
if not issues:
|
| 121 |
+
return ("No issues found.", "No vulnerabilities detected by Mythril.")
|
| 122 |
+
|
| 123 |
+
summary = "π‘οΈ Vulnerabilities detected by Mythril:\n"
|
| 124 |
+
cve_report = "\nπ [Detailed CVE-style Report]\n\n"
|
| 125 |
|
|
|
|
| 126 |
for issue in issues:
|
| 127 |
+
title = issue.get("title", "Unknown Issue")
|
| 128 |
+
description = issue.get("description", "")
|
| 129 |
+
function = issue.get("function", {}).get("name", "Unknown Function")
|
| 130 |
+
|
| 131 |
+
# Real-time CVE lookup
|
| 132 |
+
cve_info = search_cve_from_nvd(title)
|
| 133 |
+
|
| 134 |
+
summary += f"- {title} in {function}\n"
|
| 135 |
+
cve_report += (
|
| 136 |
+
f"πΈ Title: {title}\n"
|
| 137 |
+
f"π Function: {function}\n"
|
| 138 |
+
f"π Description: {description}\n"
|
| 139 |
+
f"π CVE: {cve_info}\n\n"
|
| 140 |
+
)
|
| 141 |
+
|
| 142 |
+
return summary.strip(), cve_report.strip()
|
| 143 |
|
|
|
|
| 144 |
except Exception as e:
|
| 145 |
return ("Mythril analysis failed.", f"Error: {str(e)}")
|
| 146 |
|