Conversation
FIxed typo of solidity and conditions
…unctionality This commit significantly enhances the existing entry-points printer to provide comprehensive contract analysis by adding state variable information alongside function entry points. New Features: - Display full contract inheritance chain in headers (e.g., "TSwapPool is ERC20 is Context") - Show state variables table with types, storage slots, and inheritance information - Include constructors, receive, and fallback functions in addition to regular entry points - Visual distinction for special functions (purple color for constructor/receive/fallback) - Enhanced spacing and professional formatting with plural table headers - Accurate storage slot calculation using Slither's built-in storage layout analysis - Proper inheritance detection for both variables and functions Technical Improvements: - Use contract.storage_variables_ordered for accurate variable ordering - Use contract.compilation_unit.storage_layout_of() for correct storage slot calculation - Implement proper inheritance detection using variable.contract != contract - Refactored code structure with helper methods for better maintainability - Full pylint compliance (10.00/10 rating) The enhanced printer provides a complete view of contract storage layout and entry points, making it invaluable for security analysis, auditing, and contract understanding. All existing functionality is preserved while adding significant new capabilities. Files modified: - slither/printers/summary/entry_points.py: Enhanced implementation - README.md: Updated printer description Usage remains the same: slither contract.sol --print entry-points 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
Following feedback to focus on high-level contract analysis rather than low-level storage details. The storage slots information is better suited for the variable-order printer, while entry-points should provide a clean overview of contract structure. Changes: - Removed 'Storage Slots' column from variables table - Simplified variable info collection (no longer needs storage layout calculation) - Maintains variables in correct order using storage_variables_ordered - Cleaner, more focused output differentiating from variable-order printer
Bumps [actions/upload-pages-artifact](https://github.com/actions/upload-pages-artifact) from 3 to 4. - [Release notes](https://github.com/actions/upload-pages-artifact/releases) - [Commits](actions/upload-pages-artifact@v3...v4) --- updated-dependencies: - dependency-name: actions/upload-pages-artifact dependency-version: '4' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 4 to 5. - [Release notes](https://github.com/actions/download-artifact/releases) - [Commits](actions/download-artifact@v4...v5) --- updated-dependencies: - dependency-name: actions/download-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5. - [Release notes](https://github.com/actions/checkout/releases) - [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md) - [Commits](actions/checkout@v4...v5) --- updated-dependencies: - dependency-name: actions/checkout dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [sigstore/gh-action-sigstore-python](https://github.com/sigstore/gh-action-sigstore-python) from 3.0.0 to 3.0.1. - [Release notes](https://github.com/sigstore/gh-action-sigstore-python/releases) - [Changelog](https://github.com/sigstore/gh-action-sigstore-python/blob/main/CHANGELOG.md) - [Commits](sigstore/gh-action-sigstore-python@v3.0.0...v3.0.1) --- updated-dependencies: - dependency-name: sigstore/gh-action-sigstore-python dependency-version: 3.0.1 dependency-type: direct:production update-type: version-update:semver-patch ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Sync Master <> Dev
Signed-off-by: tzchenxixi <tzchenxixi@icloud.com>
Bumps [pypa/gh-action-pypi-publish](https://github.com/pypa/gh-action-pypi-publish) from 1.12.4 to 1.13.0. - [Release notes](https://github.com/pypa/gh-action-pypi-publish/releases) - [Commits](pypa/gh-action-pypi-publish@v1.12.4...v1.13.0) --- updated-dependencies: - dependency-name: pypa/gh-action-pypi-publish dependency-version: 1.13.0 dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com>
…thub/workflows/pypa/gh-action-pypi-publish-1.13.0 Bump pypa/gh-action-pypi-publish from 1.12.4 to 1.13.0 in /.github/workflows
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 4 to 5. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v4...v5) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 5 to 6. - [Release notes](https://github.com/actions/setup-python/releases) - [Commits](actions/setup-python@v5...v6) --- updated-dependencies: - dependency-name: actions/setup-python dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
…tions/setup-python-6 Bump actions/setup-python from 5 to 6
…tions/setup-node-5 Bump actions/setup-node from 4 to 5
Bumps [peter-evans/create-issue-from-file](https://github.com/peter-evans/create-issue-from-file) from 5 to 6. - [Release notes](https://github.com/peter-evans/create-issue-from-file/releases) - [Commits](peter-evans/create-issue-from-file@v5...v6) --- updated-dependencies: - dependency-name: peter-evans/create-issue-from-file dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/setup-node](https://github.com/actions/setup-node) from 5 to 6. - [Release notes](https://github.com/actions/setup-node/releases) - [Commits](actions/setup-node@v5...v6) --- updated-dependencies: - dependency-name: actions/setup-node dependency-version: '6' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4 to 5. - [Release notes](https://github.com/actions/upload-artifact/releases) - [Commits](actions/upload-artifact@v4...v5) --- updated-dependencies: - dependency-name: actions/upload-artifact dependency-version: '5' dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [sigstore/gh-action-sigstore-python](https://github.com/sigstore/gh-action-sigstore-python) from 3.0.1 to 3.1.0. - [Release notes](https://github.com/sigstore/gh-action-sigstore-python/releases) - [Changelog](https://github.com/sigstore/gh-action-sigstore-python/blob/main/CHANGELOG.md) - [Commits](sigstore/gh-action-sigstore-python@v3.0.1...v3.1.0) --- updated-dependencies: - dependency-name: sigstore/gh-action-sigstore-python dependency-version: 3.1.0 dependency-type: direct:production update-type: version-update:semver-minor ... Signed-off-by: dependabot[bot] <support@github.com>
Bumps [js-yaml](https://github.com/nodeca/js-yaml) from 4.1.0 to 4.1.1. - [Changelog](https://github.com/nodeca/js-yaml/blob/master/CHANGELOG.md) - [Commits](nodeca/js-yaml@4.1.0...4.1.1) --- updated-dependencies: - dependency-name: js-yaml dependency-version: 4.1.1 dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com>
…ffsets fix: handle Unicode characters correctly in mutator byte offset calculation
Resolve conflicts in mutator files by keeping target-functions feature logic with upstream's cleaner for-loop style.
…ction feat(mutator): add --target-functions flag to filter mutations by selector
Add detector's name in the output
Support custom storage layout
Fix aliasing of member access with Vyper's builtins when parsing an expression
Fix parsing of modifiers
Remove iterating modifiers as they are already present from all_internal_calls()
Replace legacy setup.py with modern pyproject.toml using hatchling build backend. Update README with current installation instructions. Fixes #2854 Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
Modernize plugin_example to use pyproject.toml
`uv lock --upgrade`
Add unindexed-event-address detector
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+26
to
+67
| name: Lint Code | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Checkout Code | ||
| uses: actions/checkout@v6 | ||
|
|
||
| - name: Run Ruff linter | ||
| uses: astral-sh/ruff-action@v3 | ||
| with: | ||
| version: "0.14.10" | ||
| args: "check slither/ tests/ scripts/" | ||
|
|
||
| # Formatting check disabled to avoid changes to existing code | ||
| - name: Run Ruff formatter check | ||
| run: | | ||
| echo "::group::Checking formatting with Ruff" | ||
| ruff format --check slither/ tests/ scripts/ || FORMAT_EXIT=$? | ||
| echo "::endgroup::" | ||
| if [ "${FORMAT_EXIT:-0}" -ne 0 ]; then | ||
| echo "❌ Formatting check failed. Run 'make reformat' or 'ruff format' locally to fix formatting." | ||
| exit $FORMAT_EXIT | ||
| fi | ||
| echo "✅ Formatting check passed" | ||
|
|
||
| - name: Install uv and Python for yamllint | ||
| uses: astral-sh/setup-uv@v7 | ||
| with: | ||
| python-version: "3.14" | ||
| activate-environment: true | ||
|
|
||
| - name: Install and run yamllint | ||
| run: | | ||
| uv tool install yamllint | ||
| echo "::group::Running yamllint" | ||
| uvx yamllint .github/ || YAML_EXIT=$? | ||
| echo "::endgroup::" | ||
| if [ "${YAML_EXIT:-0}" -ne 0 ]; then | ||
| echo "❌ YAML linting failed. Fix the YAML syntax errors shown above." | ||
| exit $YAML_EXIT | ||
| fi | ||
| echo "✅ YAML linting passed" |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 3 months ago
To fix the problem, explicitly specify minimal permissions for the workflow or the specific job so that the GITHUB_TOKEN does not inherit broader default permissions. Since this workflow only checks out code and runs linters, it only needs read access to repository contents.
The best fix with no functional change is to add a workflow-level permissions block near the top of .github/workflows/ruff.yml, after the name: field and before defaults: (or anywhere at the root level). Set contents: read to allow actions/checkout to fetch the repository while preventing unnecessary write permissions. No job appears to require any write scope (no PR comments, issue updates, or artifact uploads), so we do not need any additional permissions.
Concretely: in .github/workflows/ruff.yml, insert:
permissions:
contents: readas a root-level key after line 2 (name: Lint with Ruff). No imports or additional methods are required because this is a pure configuration change to the YAML workflow.
Suggested changeset
1
.github/workflows/ruff.yml
| @@ -1,6 +1,9 @@ | ||
| --- | ||
| name: Lint with Ruff | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| defaults: | ||
| run: | ||
| shell: bash |
Copilot is powered by AI and may make mistakes. Always verify output.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
11 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.