Slither fails to execute in latest docker tag

[schemar]

I cannot run slither with the latest docker tag of eth-security-toolbox. After #8 was fixed, it now seems slither was "not compiled correctly".
This time, I have no idea how to provide a workaround.

• Steps to reproduce:
  1. start eth-security-toolbox with mounted project
     docker run -it -d -v /path/to/project:/share trailofbits/eth-security-toolbox
  2. cd into project repository (cd /share)
  3. run slither .
• Expected output:
  • Slither code analysis.
• Actual output:

ERROR:Slither:Invalid compilation
ERROR:Slither:Solidity version not found ['']

Docker image:

Using default tag: latest
latest: Pulling from trailofbits/eth-security-toolbox
Digest: sha256:38cde2135b8446a8e98d719543ff6647765352937f042d6608d50b88d3bf44b9
Status: Image is up to date for trailofbits/eth-security-toolbox:latest

[montyly]

Thank you @schemar for reporting the issue.

It looks like an issue with npx: custom versions of truffle are not working

$ docker run -it  trailofbits/eth-security-toolbox
$ npx truffle@5.0.10 version
Error: EACCES: permission denied, mkdir '/home/ethsec/.npm/_npx'
TypeError: Cannot read property 'get' of undefined
    at errorHandler (/usr/local/lib/node_modules/npm/lib/utils/error-handler.js:205:18)
    at /usr/local/lib/node_modules/npm/bin/npm-cli.js:78:20
    at cb (/usr/local/lib/node_modules/npm/lib/npm.js:228:22)
    at /usr/local/lib/node_modules/npm/lib/npm.js:266:24
    at /usr/local/lib/node_modules/npm/lib/config/core.js:83:7
    at Array.forEach (<anonymous>)
    at /usr/local/lib/node_modules/npm/lib/config/core.js:82:13
    at f (/usr/local/lib/node_modules/npm/node_modules/once/once.js:25:25)
    at afterExtras (/usr/local/lib/node_modules/npm/lib/config/core.js:173:20)
    at /usr/local/lib/node_modules/npm/node_modules/mkdirp/index.js:35:29
/usr/local/lib/node_modules/npm/lib/utils/error-handler.js:205
  if (npm.config.get('json')) {
                 ^

TypeError: Cannot read property 'get' of undefined
    at process.errorHandler (/usr/local/lib/node_modules/npm/lib/utils/error-handler.js:205:18)
    at process.emit (events.js:189:13)
    at process._fatalException (internal/bootstrap/node.js:496:27)
Install for truffle@5.0.10 failed with code 7

[schemar]

Thanks @montyly !

Unfortunately my understanding of the eth-security-toolbox is not sufficient to understand what the consequences of your comment are 😅
Do I need to use a specific truffle version for it to work?

[montyly]

I am not sure what is the root of the issue, but likely it's an error with the npx configuration in eth-security-toolbox, we are going to investigate how to fix it.

In the meantime, you can either remove truffle from package.json or call slither with:

slither . --truffle-version truffle

which will trick npx to call the locally installed version of truffle.

I tested on https://github.com/OpenST/openst-contracts, it works. Note that openst-contracts uses truffle 5.0.10, and eth-security-toolbox uses 5.0.14 by default (I don't know if there is any compatibility issue between those versions)

[schemar]

Ok, thank you! I'll wait for a fix, then 😊

[disconnect3d]

Closing as it seems to work after #11.