Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ctb: Update slither config #5296

Merged
merged 7 commits into from
Apr 3, 2023
Merged

ctb: Update slither config #5296

merged 7 commits into from
Apr 3, 2023

Conversation

maurelian
Copy link
Contributor

@maurelian maurelian commented Mar 30, 2023
edited
Loading

Description

  • Excludes all findings except for high severity.
  • Also moves all slither config to the slither.config.json file.
  • I ran slither triage to re-check for all slither detectors and updated the slither db with findings to ignore.
  • The slither job is very slow in CI, so I've moved it to its own job and increased the resource class size.
  • CI will now fail on high severity slither findings.

@maurelian maurelian requested review from a team as code owners March 30, 2023 01:51
@changeset-bot
Copy link

changeset-bot bot commented Mar 30, 2023
edited
Loading

⚠️ No Changeset found

Latest commit: d5b6cd8

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

@netlify
Copy link

netlify bot commented Mar 30, 2023
edited
Loading

Deploy Preview for opstack-docs canceled.

Name Link
🔨 Latest commit d5b6cd8
🔍 Latest deploy log https://app.netlify.com/sites/opstack-docs/deploys/642b3508103c150008053d7d

@tynes
Copy link
Contributor

tynes commented Mar 30, 2023

The slither db has absolute paths to files on your filesystem which is kind of strange, meaning its not deterministic between running it on different machines. What is the slither db useful for? To make it deterministic, we would want to run it in a docker image

@maurelian
Copy link
Contributor Author

What is the slither db useful for?

The db is created when you run slither using --triage-mode.
In triage mode, slither will ask about each finding to determine if it should be shown for the next run. The results of this process are saved in slither.db.json.

The slither db has absolute paths to files on your filesystem which is kind of strange, meaning its not deterministic between running it on different machines.
To make it deterministic, we would want to run it in a docker image

I agree, that is weird and in my experience slither doesn't depend on those values anyways. I think it's fine because triage mode should only ever be run locally.
Rather than forcing people to use docker, I've added a new yarn command to run triage mode, and updated the script so that it will remove these absolute paths from the db. I've done this manually in the past, and slither doesn't seem to depend on having the filename_absolute property in the db anyways.

@trianglesphere
Copy link
Contributor

CI is failing.

@maurelian
ctb: Update slither config
c7ec69f 
Excludes all findings except for high severity.
Also moves all config to the config file.
@maurelian
ci: Error on slither findings
e56dc24
@maurelian maurelian force-pushed the jm/reactivate-slither branch 2 times, most recently from e6f8c98 to 2178b43 Compare March 31, 2023 19:30
@maurelian
Copy link
Contributor Author

looks like yarn slither is going to time out, not sure why, will need to investigate later.

@maurelian maurelian marked this pull request as draft March 31, 2023 19:45
@maurelian maurelian marked this pull request as ready for review April 3, 2023 15:39
trianglesphere
trianglesphere approved these changes Apr 3, 2023
View reviewed changes
Copy link
Contributor

@trianglesphere trianglesphere left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

lgtm. Was waiting for CI to go green.

@mergify
Copy link
Contributor

mergify bot commented Apr 3, 2023

This PR has been added to the merge queue, and will be merged soon.

@mergify
Copy link
Contributor

mergify bot commented Apr 3, 2023

This PR is next in line to be merged, and will be merged as soon as checks pass.

@mergify
Copy link
Contributor

mergify bot commented Apr 3, 2023

This PR is next in line to be merged, and will be merged as soon as checks pass.

@mergify mergify bot merged commit 025e157 into develop Apr 3, 2023
@mergify mergify bot deleted the jm/reactivate-slither branch April 3, 2023 20:38
@mergify mergify bot removed the on-merge-train label Apr 3, 2023
@seolaoh seolaoh mentioned this pull request May 10, 2023
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@trianglesphere trianglesphere trianglesphere approved these changes

@tynes tynes tynes approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@maurelian @tynes @trianglesphere