Skip to content

Added PreSlitherValidator for contract syntax validation and fixes #106

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Sep 21, 2025
Merged

Added PreSlitherValidator for contract syntax validation and fixes #106

merged 1 commit into from
Sep 21, 2025

Conversation

suratkhan
Copy link
Collaborator

@suratkhan suratkhan commented Sep 19, 2025
edited by coderabbitai bot
Loading

  • Created Pre Slither Validator py file
  • Added and initiated contract syntax validation

Summary by CodeRabbit

  • New Features
    • Adds a pre-analysis validator that checks and can auto-fix Solidity contracts before security scanning.
    • Automatically creates a backup of the original file when fixes are applied.
    • Returns a clear outcome with fixed content or error details and a summary of applied fixes.
    • Enhances compatibility by standardizing SPDX headers, abstract/virtual declarations, deprecated value() usage, call return handling, and pragma versions.

@suratkhan suratkhan requested a review from aleskrin September 19, 2025 13:40
@coderabbitai coderabbitai
Copy link

coderabbitai bot commented Sep 19, 2025
edited
Loading

Caution

Review failed

The pull request is closed.

Walkthrough

Adds a new PreSlitherValidator module that reads a Solidity file, runs a pipeline of fixers (SPDX, abstract/virtual adjustments, .value() syntax, call return handling, pragma alignment), optionally backs up and overwrites the file when modifications occur, and returns (success, content_or_error, fixes).

Changes

Cohort / File(s) Summary
Pre-Slither validation module
Static_agent/Slither_agent/pre_slither_validator.py		 New module introducing PreSlitherValidator with __init__, validate_and_fix_contract, and _apply_all_fixes. Reads UTF-8 content, orchestrates fix pipeline (SPDX header, abstract contracts, virtual functions, deprecated .value() syntax, call return handling, pragma version alignment), creates <path>.pre_slither_backup before writing changes, and returns (bool, str, List[str]) with error handling.

Sequence Diagram(s)

sequenceDiagram
    actor Caller
    participant Validator as PreSlitherValidator
    participant FS as Filesystem

    Caller->>Validator: validate_and_fix_contract(file_path)
    Validator->>FS: Read file (UTF-8)
    Validator->>Validator: _apply_all_fixes(content, file_path)
    alt Changes detected
        Validator->>FS: Create backup (<path>.pre_slither_backup)
        Validator->>FS: Write updated content
        Validator-->>Caller: (True, updated_content, fixes)
    else No changes
        Validator-->>Caller: (True, original_content, fixes)
    end
    opt Error
        Validator-->>Caller: (False, error_message, fixes)
    end
Loading

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

Suggested reviewers

  • robaribas
  • aleskrin

Poem

A nibble of code, a twitch of ear,
I back up bytes so none disappear.
I tidy pragmas, make functions behave,
Patch .value() and calls with brave wave.
Before Slither sniffs, I hop in quick—pre-fix, my favorite trick. 🐇✨

Pre-merge checks and finishing touches

❌ Failed checks (1 warning)
Check name Status Explanation Resolution
Docstring Coverage ⚠️ Warning Docstring coverage is 66.67% which is insufficient. The required threshold is 80.00%. You can run @coderabbitai generate docstrings to improve docstring coverage.
✅ Passed checks (2 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title Check ✅ Passed The title accurately and concisely describes the primary change — adding a PreSlitherValidator to perform contract syntax validation and fixes — and directly maps to the new file, class, and methods introduced in the changeset and PR objectives.
📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between eed7784 and 5e8e6be.

📒 Files selected for processing (1)
  • Static_agent/Slither_agent/pre_slither_validator.py (1 hunks)

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Sep 19, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🧹 Nitpick comments (9)
Static_agent/Slither_agent/pre_slither_validator.py (9)

11-16: Prune unused imports.

os, subprocess, and Dict are unused. Keep datetime (used after backup change below).

-import os
-import re
-import shutil
-import subprocess
-from datetime import datetime
-from typing import Tuple, List, Dict
+import re
+import shutil
+from datetime import datetime
+from typing import Tuple, List

1-1: Shebang without execute bit.

Either make the file executable or drop the shebang since this is a module.

-#!/usr/bin/env python3

60-63: Anchor SPDX check to file start and accept block comments.

Current regex matches anywhere and only the // form. Solidity accepts // or /* */, and the identifier should be at the file start.

-        if not re.search(r'//\s*SPDX-License-Identifier:', content):
+        if not re.match(r'^\s*(?://|/\*)\s*SPDX-License-Identifier:', content):
             content = '// SPDX-License-Identifier: MIT\n' + content
             fixes.append("Added SPDX license identifier")

41-49: Avoid overwriting backups across runs; add a timestamp suffix.

Current backup path is constant and will be overwritten on repeated validations.

-            if content != original_content:
-                backup_path = f"{file_path}.pre_slither_backup"
+            if content != original_content:
+                ts = datetime.utcnow().strftime("%Y%m%dT%H%M%SZ")
+                backup_path = f"{file_path}.pre_slither_backup.{ts}"
                 shutil.copy2(file_path, backup_path)

52-53: Avoid blind except Exception; narrow to expected errors and improve message.

Catching all exceptions hides programmer errors in fixers.

-        except Exception as e:
-            return False, str(e), fixes
+        except (OSError, UnicodeError, ValueError) as e:
+            return False, f"{e.__class__.__name__}: {e}", fixes

50-53: Optional: move success return to a try/else for clarity (ruff TRY300).

Not functional, just style.

-            return True, content, fixes
-
-        except (OSError, UnicodeError, ValueError) as e:
-            return False, f"{e.__class__.__name__}: {e}", fixes
+        except (OSError, UnicodeError, ValueError) as e:
+            return False, f"{e.__class__.__name__}: {e}", fixes
+        else:
+            return True, content, fixes

55-55: Silence ARG002 by marking unused parameter.

file_path is not used inside _apply_all_fixes. Keep the arg for future use but mark it unused.

-    def _apply_all_fixes(self, content: str, file_path: str) -> Tuple[str, List[str]]:
+    def _apply_all_fixes(self, content: str, _file_path: str) -> Tuple[str, List[str]]:

18-21: self.fixes_applied is never used; either remove it or aggregate per-run fixes.

If you want cumulative visibility across files, extend it.

     def __init__(self):
-        self.fixes_applied = []
+        self.fixes_applied = []
@@
-            content, file_fixes = self._apply_all_fixes(content, file_path)
-            fixes.extend(file_fixes)
+            content, file_fixes = self._apply_all_fixes(content, file_path)
+            fixes.extend(file_fixes)
+            self.fixes_applied.extend(file_fixes)

Also applies to: 36-39

31-33: Optional: handle UTF‑8 BOM on read.

Some Solidity files include a BOM; using utf-8-sig avoids injecting the SPDX line ahead of stray \ufeff.

-            with open(file_path, 'r', encoding='utf-8') as f:
+            with open(file_path, 'r', encoding='utf-8-sig') as f:
                 content = f.read()
📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 64bb43a and eed7784.

📒 Files selected for processing (1)
  • Static_agent/Slither_agent/pre_slither_validator.py (1 hunks)
🧰 Additional context used
🪛 Ruff (0.12.2)
Static_agent/Slither_agent/pre_slither_validator.py

1-1: Shebang is present but file is not executable

(EXE001)

50-50: Consider moving this statement to an else block

(TRY300)

52-52: Do not catch blind exception: Exception

(BLE001)

55-55: Unused method argument: file_path

(ARG002)

@suratkhan suratkhan force-pushed the feature/stag-slither-validator-start branch from eed7784 to 5e8e6be Compare September 21, 2025 05:54
@aleskrin aleskrin merged commit 16cd3d9 into main Sep 21, 2025
1 check was pending
This was referenced Sep 23, 2025
Merged
Merged
@robaribas robaribas deleted the feature/stag-slither-validator-start branch October 2, 2025 11:28
@coderabbitai coderabbitai bot mentioned this pull request Oct 2, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

@aleskrin aleskrin aleskrin approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@suratkhan @aleskrin