Merge 4f99c05 into 12f4336

Consensys · Mar 18, 2020 · 0fef70b · 0fef70b
2 parents 12f4336 + 4f99c05
commit 0fef70b
Show file tree

Hide file tree

Showing 3 changed files with 36 additions and 24 deletions.
diff --git a/docs/usage.rst b/docs/usage.rst
@@ -125,24 +125,25 @@ the number of false positive issues. The MythX CLI will try to infer the
 :code:`solc` version based on the pragma set in the source code. An explicit
 compiler version can be specified with the :code:`--solc-version` flag.
 
-By default, the MythX CLI submits an analysis request for each contract it
-encounters. Depending on the project layout, this can result in duplicate
-submission of source code (e.g. when all code is flattened in a single file).
-To avoid this issue, the :code:`--include` parameter can be passed multiple
-times to specify the contracts that are the target of this submission.
+By default, the MythX CLI will submit the bytecode of the target contract
+(if specified), and add the source code and AST information of its
+dependencies to the request.
+This can result in duplicate submission of source code (e.g. when all code
+is flattened in a single file). To avoid this issue, the :code:`--include`
+parameter can be passed multiple times to specify the contracts that are
+the target of this submission.
 
 .. code-block:: console
 
     $ mythx analyze --include EstateRegistry --include LANDRegistry --include LANDStorage
 
 
-This will effectively whitelist the specified contract names and exclude every
-other contract from submission. Please note that this option is case sensitive.
-If a contract name cannot be found in the project, an error is thrown.
+Please note that this option is case sensitive. If the contract's name cannot
+be found in the project, an error is thrown.
 
-Alternatively, if you are passing specific Solidity files as arguments to the
-:code:`analyze` subcommand, you can also specify the contract name to submit
-separated by a colon from the file path. E.g.
+Alternatively, if specific Solidity files are passed as arguments to the
+:code:`analyze` subcommand, the contract name to submit can also be specified
+by separating it with a colon from the source file path. E.g.
 
 .. code-block:: console
 

diff --git a/mythx_cli/cli.py b/mythx_cli/cli.py
@@ -5,7 +5,7 @@
 from glob import glob
 from os.path import abspath, commonpath
 from pathlib import Path
-from typing import Dict, List, Optional, Tuple, Union
+from typing import Dict, List, Optional, Tuple, Union, Any
 
 import click
 import htmlmin
@@ -332,7 +332,7 @@ def walk_solidity_files(
         sys.exit(0)
     LOGGER.debug("Found Solidity files to submit:\n{}".format("\n".join(files)))
     for file in files:
-        jobs.extend(generate_solidity_payload(file, solc_version, remappings))
+        jobs.append(generate_solidity_payload(file, solc_version, remappings))
     return jobs
 
 
@@ -452,7 +452,7 @@ def analyze(
         group_mw = GroupDataMiddleware(group_id=group_id, group_name=group_name)
         ctx["client"].handler.middlewares.append(group_mw)
 
-    jobs = []
+    jobs: List[Dict[str, Any]] = []
     include = list(include)
 
     if not target:
@@ -487,7 +487,7 @@ def analyze(
                 jobs.append(generate_bytecode_payload(element))
             elif Path(element).is_file() and Path(element).suffix == ".sol":
                 LOGGER.debug(f"Trying to interpret {element} as a solidity file")
-                jobs.extend(
+                jobs.append(
                     generate_solidity_payload(file=element, version=solc_version, contracts=suffix, remappings=remap_import)
                 )
             elif Path(element).is_dir():
@@ -498,7 +498,7 @@ def analyze(
                 else:
                     # recursively enumerate sol files if not a truffle project
                     jobs.extend(
-                        walk_solidity_files(ctx, solc_version, base_path=element)
+                        walk_solidity_files(ctx, solc_version, base_path=element, remappings=remap_import)
                     )
             else:
                 raise click.exceptions.UsageError(

diff --git a/mythx_cli/payload/solidity.py b/mythx_cli/payload/solidity.py
@@ -96,27 +96,38 @@ def generate_solidity_payload(
         new_result[new_key] = value
     result = new_result
 
-    for contract_name, contract_data in result.items():
-        if contracts and contract_name not in contracts:
-            continue
+    payload = {
+        "sources": {},
+        "solc_version": solc_version,
+    }
 
+    bytecode_max = 0
+    for contract_name, contract_data in result.items():
+        ast = contract_data["ast"]
+        source_path = str(Path(ast.get("attributes", {}).get("absolutePath")))
         creation_bytecode = contract_data["bin"]
         deployed_bytecode = contract_data["bin-runtime"]
         source_map = contract_data["srcmap"]
         deployed_source_map = contract_data["srcmap-runtime"]
-        ast = contract_data["ast"]
-        source_path = str(Path(ast.get("attributes", {}).get("absolutePath")))
         with open(source_path) as source_f:
             source = source_f.read()
 
-        yield {
+        # always add source and AST, even if dependency
+        payload["sources"][source_path] = {"source": source, "ast": ast}
+        if (contracts and contract_name not in contracts) or \
+           (not contracts and len(creation_bytecode) < bytecode_max):
+            continue
+
+        bytecode_max = len(creation_bytecode)
+        payload.update({
             "contract_name": contract_name,
             "main_source": source_path,
             "source_list": [source_path],
-            "sources": {source_path: {"source": source, "ast": ast}},
             "bytecode": patch_solc_bytecode(creation_bytecode),
             "source_map": zero_srcmap_indices(source_map),
             "deployed_source_map": zero_srcmap_indices(deployed_source_map),
             "deployed_bytecode": patch_solc_bytecode(deployed_bytecode),
             "solc_version": solc_version,
-        }
+        })
+
+    return payload