A powerful static analysis tool for Solana smart contracts written in Rust. Detect vulnerabilities, security issues, and code quality problems in your Solana/Anchor projects.
git clone https://github.com/0xRustPro/solana-static-analyzer.git
cd solana-static-analyzer
cargo build --release# Analyze a Solana project with debug logging
RUST_LOG=debug cargo run -- --path test-securty-solana/programs/test-securty-solana/src --analyze --output report.md
# Analyze without debug logging
cargo run -- --path /path/to/your/project --analyze
# Show AST output for debugging
cargo run -- --path src/lib.rs --ast
# Analyze specific files
cargo run -- --path src/lib.rs --analyze --output my-report.mdcargo run -- [OPTIONS]
Options:
--path <PATH> Path to Solana project or Rust files to analyze
--analyze Run vulnerability analysis
--ast Show AST output for debugging
--output <FILE> Output report to file (default: stdout)
--ignore <PATTERNS> Ignore files matching patterns
-h, --help Print help information
Environment Variables:
RUST_LOG=debug Enable debug logging
RUST_LOG=info Enable info logging
rust-solana-analyzer/
├── src/
│ ├── main.rs ................................. CLI
│ ├── ast/ .................................... Modular AST Parser
│ │ ├── mod.rs
│ │ └── parser.rs
│ └── analyzer/
│ ├── mod.rs .............................. Core types (Finding, Severity)
│ ├── engine.rs ........................... Rule Engine
│ ├── span_utils.rs ....................... Precise location system
│ ├── report.rs ........................... Markdown report generator
│ ├── dsl/ ................................ Expressive DSL
│ │ ├── mod.rs
│ │ ├── query.rs ........................ Generic helpers
│ │ └── builders.rs ..................... RuleBuilder fluent API
│ └── rules/solana/ ....................... Modular rules by severity
│ ├── mod.rs
│ ├── high/ ........................... HIGH severity
│ │ ├── unsafe_code/
│ │ │ ├── mod.rs .................. Rule implementation
│ │ │ └── filters.rs .............. Specific filters
│ │ └── missing_signer_check/
│ │ ├── mod.rs
│ │ └── filters.rs
│ ├── medium/ ......................... MEDIUM severity
│ │ ├── division_by_zero/
│ │ ├── duplicate_mutable_accounts/
│ │ └── owner_check/
│ └── low/ ............................ LOW severity
│ ├── anchor_instructions/
│ └── missing_error_handling/
├── Cargo.toml .................................. Complete dependencies
├── DSL_DOCUMENTATION.md ........................ Updated documentation
└── ARCHITECTURE.md ............................. Technical architecture
Our DSL makes it easy to write custom vulnerability detectors:
pub fn create_rule() -> Arc<dyn Rule> {
RuleBuilder::new()
.id("my-custom-rule")
.severity(Severity::Medium)
.title("Custom Vulnerability Pattern")
.description("Detects a specific vulnerability pattern")
.dsl_query(|ast, _file_path, _span_extractor| {
AstQuery::new(ast)
.functions() // Find all functions
.public_functions() // Filter public only
.calls_to("dangerous_function") // That call dangerous_function
})
.build()
}Generic Filters:
.functions()- All functions.structs()- All structs.public_functions()- Public functions only.derives_accounts()- Structs deriving Accounts.calls_to("name")- Functions calling specific function.uses_unsafe()- Code using unsafe blocks.with_name("name")- Items with specific name
Custom Filters: Each rule can implement custom filters for specific vulnerability patterns.
We welcome contributions! Please see our Contributing Guide for details.
- Create a new directory under
src/analyzer/rules/solana/{severity}/ - Implement
mod.rswith the rule configuration - Add specific filters in
filters.rsif needed - Register the rule in the parent module
- Add tests and documentation
git clone https://github.com/0xRustPro/solana-static-analyzer.git
cd solana-static-analyzer
cargo build
cargo test
This project is licensed under the GNU Affero General Public License v3.0 (AGPL-3.0-only). See the LICENSE file for details.