MythX plugin #1999
MythX plugin #1999
Conversation
|
@aquiladev what are the steps to get run an analysis? I started your remix branch and compiled a couple of contracts, but the MythX tab keeps showing the message "You need to compile your contract first!". Not sure if I'm doing it wrong.
|
|
@b-mueller Yeah, there is an issue with throwing events on the local environment. I'm figuring out it.
|
|
@aquiladev works pretty nicely! Some feedback on the reporting:
E.g.
|
|
looks good to me. @aquiladev are you planning implement more features from mythx? |
|
@b-mueller I'll take a look. There is an issue with SWC link, coz the plugin is rendered in an iframe I think. |
|
@aquiladev I think feature-wise this is pretty complete. What is still missing is some tool tips and explanation what the analysis actually does and how to obtain the API credentials. Probably also a hint that the analysis takes around 2 minutes to complete. Not sure where to best put all of this design-wise. I'll also look over the texts in the Remix-plugin repo. |
|
@aquiladev One feature that would be nice to have would be a possibility to view full issue descriptions (which are returned by the API in the 'tail' field), or even view/export a detailed report that contains the full descriptions. We are currently also working on returning call traces that show how a particular issue/exception is triggered which will be help users to determine the cause of an issue, so some space in the UI will be needed to display that additional info. We are planning to offer a reports dashboard on the MythX website itself, but this is still a few months away :( |
src/remixAppManager.js
Outdated
| @@ -110,11 +110,20 @@ export class RemixAppManager extends AppManagerApi { | |||
| icon: 'data:image/svg+xml;base64,PD94bWwgdmVyc2lvbj0iMS4wIiA/PjxzdmcgaGVpZ2h0PSIxMDI0IiB3aWR0aD0iMTAyNCIgeG1sbnM9Imh0dHA6Ly93d3cudzMub3JnLzIwMDAvc3ZnIj48cGF0aCBkPSJNOTUwLjE1NCAxOTJINzMuODQ2QzMzLjEyNyAxOTIgMCAyMjUuMTI2OTk5OTk5OTk5OTUgMCAyNjUuODQ2djQ5Mi4zMDhDMCA3OTguODc1IDMzLjEyNyA4MzIgNzMuODQ2IDgzMmg4NzYuMzA4YzQwLjcyMSAwIDczLjg0Ni0zMy4xMjUgNzMuODQ2LTczLjg0NlYyNjUuODQ2QzEwMjQgMjI1LjEyNjk5OTk5OTk5OTk1IDk5MC44NzUgMTkyIDk1MC4xNTQgMTkyek01NzYgNzAzLjg3NUw0NDggNzA0VjUxMmwtOTYgMTIzLjA3N0wyNTYgNTEydjE5MkgxMjhWMzIwaDEyOGw5NiAxMjggOTYtMTI4IDEyOC0wLjEyNVY3MDMuODc1ek03NjcuMDkxIDczNS44NzVMNjA4IDUxMmg5NlYzMjBoMTI4djE5Mmg5Nkw3NjcuMDkxIDczNS44NzV6Ii8+PC9zdmc+', | |||
| location: 'sidePanel' | |||
| } | |||
| var mythx = { | |||
| name: 'remythx', | |||
| displayName: 'MythX', | |||
There was a problem hiding this comment.
Change to:
displayName: 'MythX Security Verification (Beta)'
description: 'Perform Static and Dynamic Security Analysis using the MythX Cloud Service'
|
I've added info tooltips |
|
I tested the plugin pretty extensively and it's quite awesome. The only real drawback from the user's view is that there's no option to view a full security report that also contains the detailed descriptions and the soon-to-be-added call traces. In some cases this will mean that the results are not particularly useful (for example when we detect a reachable exception but don't output the transaction sequence / inputs that trigger it). This is also a question for @yann300 - is it possible to to add a pop/overlay that displays a full report on request? Possibly we can set up an additional bounty for this. Also tagging @Gtonizuka @aquiladev |
@b-mueller |
|
btw you can also provide a |
|
@yann300 if |
|
yes I suppose that should be fine for the moment |
Repo: https://github.com/aquiladev/remix-mythx-plugin
Issue: https://github.com/ethereum/remix-ide/issues/1951