cannot specify what file to run slither with foundry

[antoncoding]

I'm trying to add this action to my foundry project with the following structure:

src/
   - core/ 
      - {..contracts} 
   - {..contracts}
foundry.toml
slither.config.json

Usually if i want to run slither on my project, i usually run:

slither src/core

But in the action config, the target seems to be the "root" that it looks for foundry.toml.

If I do the following: (without target), the action failed because no valid file is specified:

jobs:
  analyze:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        
      - name: Run Slither
        uses: crytic/slither-action@main
        with:
          slither-config: "slither.config.json"

Error: (it seems to find the foundry config correctly), but got the same error is i run slither . locally.

[-] Installing dependencies from foundry.toml
[-] Slither config provided: slither.config.json
'forge build --extra-output abi --extra-output userdoc --extra-output devdoc --extra-output evm.methodIdentifiers --force' running
installing solc version "0.8.13"
Successfully installed solc 0.8.13
Compiling 62 files with 0.8.13
Solc 0.8.13 finished in 25.20s
Compiler run successful
Traceback (most recent call last):
  File "/opt/slither/lib/python3.9/site-packages/slither/__main__.py", line 744, in main_impl
    ) = process_all(filename, args, detector_classes, printer_classes)
  File "/opt/slither/lib/python3.9/site-packages/slither/__main__.py", line 76, in process_all
    compilations = compile_all(target, **vars(args))
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/crytic_compile.py", line 637, in compile_all
    compilations.append(CryticCompile(target, **kwargs))
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/crytic_compile.py", line 117, in __init__
    self._compile(**kwargs)
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/crytic_compile.py", line 548, in _compile
    self._platform.compile(self, **kwargs)
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/platform/foundry.py", line 143, in compile
    compilation_unit.srcmaps_init[contract_name] = target_loaded["bytecode"][
KeyError: 'sourceMap'
None
Error in .
Traceback (most recent call last):
  File "/opt/slither/lib/python3.9/site-packages/slither/__main__.py", line 744, in main_impl
    ) = process_all(filename, args, detector_classes, printer_classes)
  File "/opt/slither/lib/python3.9/site-packages/slither/__main__.py", line 76, in process_all
    compilations = compile_all(target, **vars(args))
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/crytic_compile.py", line 637, in compile_all
    compilations.append(CryticCompile(target, **kwargs))
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/crytic_compile.py", line 117, in __init__
    self._compile(**kwargs)
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/crytic_compile.py", line 548, in _compile
    self._platform.compile(self, **kwargs)
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/platform/foundry.py", line [143](https://github.com/antoncoding/grappa/runs/7164911134?check_suite_focus=true#step:4:144), in compile
    compilation_unit.srcmaps_init[contract_name] = target_loaded["bytecode"][
KeyError: 'sourceMap'

If I do the following: (with target)

jobs:
  analyze:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
        
      - name: Run Slither
        uses: crytic/slither-action@main
        with:
          target: "src/core"
          slither-config: "slither.config.json"

I get an error that seems farther off:

[-] Did not find a foundry.toml, proceeding without installing Foundry dependencies.
[-] Slither config provided: slither.config.json
Traceback (most recent call last):
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/platform/solc.py", line 544, in _run_solc
    ret: Dict = json.loads(stdout)
  File "/usr/local/lib/python3.9/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)
  File "/usr/local/lib/python3.9/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/local/lib/python3.9/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/opt/slither/lib/python3.9/site-packages/slither/__main__.py", line 744, in main_impl
    ) = process_all(filename, args, detector_classes, printer_classes)
  File "/opt/slither/lib/python3.9/site-packages/slither/__main__.py", line 76, in process_all
    compilations = compile_all(target, **vars(args))
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/crytic_compile.py", line 658, in compile_all
    compilations.append(CryticCompile(filename, **kwargs))
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/crytic_compile.py", line 117, in __init__
    self._compile(**kwargs)
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/crytic_compile.py", line 548, in _compile
    self._platform.compile(self, **kwargs)
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/platform/solc.py", line 154, in compile
    targets_json = _get_targets_json(compilation_unit, self._target, **kwargs)
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/platform/solc.py", line 276, in _get_targets_json
    return _run_solc(
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/platform/solc.py", line 548, in _run_solc
    raise InvalidCompilation(f"Invalid solc compilation {stderr}")
crytic_compile.platform.exceptions.InvalidCompilation: Invalid solc compilation 
None
Error in src/core
Traceback (most recent call last):
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/platform/solc.py", line 544, in _run_solc
    ret: Dict = json.loads(stdout)
  File "/usr/local/lib/python3.9/json/__init__.py", line 346, in loads
    return _default_decoder.decode(s)
  File "/usr/local/lib/python3.9/json/decoder.py", line 337, in decode
    obj, end = self.raw_decode(s, idx=_w(s, 0).end())
  File "/usr/local/lib/python3.9/json/decoder.py", line 355, in raw_decode
    raise JSONDecodeError("Expecting value", s, err.value) from None
json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
  File "/opt/slither/lib/python3.9/site-packages/slither/__main__.py", line 744, in main_impl
    ) = process_all(filename, args, detector_classes, printer_classes)
  File "/opt/slither/lib/python3.9/site-packages/slither/__main__.py", line 76, in process_all
    compilations = compile_all(target, **vars(args))
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/crytic_compile.py", line 658, in compile_all
    compilations.append(CryticCompile(filename, **kwargs))
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/crytic_compile.py", line [117](https://github.com/antoncoding/grappa/runs/7164933011?check_suite_focus=true#step:4:118), in __init__
    self._compile(**kwargs)
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/crytic_compile.py", line 548, in _compile
    self._platform.compile(self, **kwargs)
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/platform/solc.py", line 154, in compile
    targets_json = _get_targets_json(compilation_unit, self._target, **kwargs)
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/platform/solc.py", line 276, in _get_targets_json
    return _run_solc(
  File "/opt/slither/lib/python3.9/site-packages/crytic_compile/platform/solc.py", line 548, in _run_solc
    raise InvalidCompilation(f"Invalid solc compilation {stderr}")
crytic_compile.platform.exceptions.InvalidCompilation: Invalid solc compilation

My guess is that the action is trying to run slither ., but i might be wrong. Any help will be appreciated!

[elopez]

Hi @antoncoding, thanks for the report! If you intend to use the foundry integration in slither, then the first invocation is the correct one; target should point to the folder containing foundry.toml. Apparently there are still some issues when using top level objects in files that have no contracts in them (possibly related to foundry-rs/foundry#1646); I see the artifacts generated have no sourceMap on them when the files only contain top-level definitions (eg src/config/{constants.sol,enums.sol,errors.sol,types.sol} on your project). I've filled crytic/crytic-compile#275 to track this problem.

You can work around this problem by adding dummy contracts to the files (eg contract C {}) (see crytic/crytic-compile#271) but after that, you'll likely stumble upon crytic/crytic-compile#270.

As for your second approach, that will not use the Foundry integration; Slither will treat your folder as standalone solidity files. This means you'll need to take care of all the requirements so that solc on its own can build the files. I see you already added remappings for imports, but you're missing two small things for it to work: installing the dependencies and fixing the broken SOLC_VERSION definition on your workflow env.

For the first bit, it should suffice to add something like this to your workflow before the Slither action:

      - name: Install Foundry
        uses: foundry-rs/foundry-toolchain@v1
        with:
          version: nightly

      - name: Install deps
        run: forge install

As for the SOLC_VERSION definition, I'd opt for removing it in favor of adding solc-version: 0.8.13 to the Slither action. If you want to keep it, make sure to fix it so it only has the solc version (ie. SOLC_VERSION: "0.8.13", note there's no v before the version.). I've filled #19 to make the action a bit more resilient against potentially misconfigured, externally-defined environment variables.

[antoncoding]

thanks @elopez! I made it work with your suggestion on the second approach! really appreciate the fast response.
it was indeed a bit hard for me to tell that the wrong env variable was the culprit, hope this issue can help other people as well.