mythx-cli

============================ A PythX-driven CLI for MythX

.. image:: https://img.shields.io/pypi/v/mythx-cli.svg :alt: MythX CLI on PyPI :target: https://pypi.python.org/pypi/mythx-cli

.. image:: https://img.shields.io/github/license/dmuhs/mythx-cli :alt: MythX CLI License :target: https://github.com/dmuhs/mythx-cli/blob/master/LICENSE

.. image:: https://img.shields.io/travis/dmuhs/mythx-cli.svg :alt: MythX CLI Build Status :target: https://travis-ci.org/dmuhs/mythx-cli

.. image:: https://coveralls.io/repos/github/dmuhs/mythx-cli/badge.svg?branch=master :alt: MythX CLI Coverage Stats :target: https://coveralls.io/github/dmuhs/mythx-cli?branch=master

.. image:: https://readthedocs.org/projects/mythx-cli/badge/?version=latest :alt: Documentation Status :target: https://mythx-cli.readthedocs.io/

.. image:: https://img.shields.io/pypi/dm/mythx-cli :alt: PyPI - Downloads :target: https://pypi.python.org/pypi/mythx-cli

This package aims to provide a simple to use command line interface for the MythX <https://mythx.io/>_ smart contract security analysis API. It's main purpose is to demonstrate how advanced features can be implemented using the PythX <https://github.com/dmuhs/pythx/>_ Python language bindings for MythX to simplify API interaction.

What is MythX?

MythX is a security analysis API that allows anyone to create purpose-built security tools for smart contract developers. Tools built on MythX integrate seamlessly into the development environments and continuous integration pipelines used throughout the Ethereum ecosystem.

Usage

.. code-block:: console

$ mythx
Usage: mythx [OPTIONS] COMMAND [ARGS]...

  Your CLI for interacting with https://mythx.io/

Options:
  --debug                         Provide additional debug output
  --api-key TEXT                  Your MythX API key from the dashboard
  --username TEXT                 Your MythX account's username
  --password TEXT                 Your MythX account's password
  --format [simple|json|json-pretty|table]
                                  The format to display the results in
  --ci                            Return exit code 1 if high-severity issue is
                                  found

  -y, --yes                       Do not prompt for any confirmations
  -o, --output TEXT               Output file to write the results into
  -c, --config PATH               YAML config file for default parameters
  --stdout                        Force printing to stdout
  --table-sort-key [line|title|severity|description]
                                  The column to sort the default table output
                                  by

  --help                          Show this message and exit.

Commands:
  analysis  Get information on running and finished analyses.
  analyze   Analyze the given directory or arguments with MythX.
  group     Create, modify, and view analysis groups.
  render    Render an analysis job or group report as HTML.
  version   Display API version information.

Installation

The MythX CLI runs on Python 3.6+, including 3.8 and pypy3.

To get started, simply run

.. code-block:: console

$ pip3 install mythx-cli

Alternatively, clone the repository and run

.. code-block:: console

$ pip3 install .

Or directly through Python's :code:setuptools:

.. code-block:: console

$ python3 setup.py install

• Free software: MIT license
• Documentation: https://mythx-cli.readthedocs.io.

======= History

0.6.23 (2022-04-07)

• Add compatibility fix for Scribble compilation artifacts processing (prior :code:eth-scribble@0.3.5)

• Fix :code:MarkupSafe to 2.0.1 due to breaking changes (https://github.com/pallets/markupsafe/pull/261)

0.6.22 (2020-10-05)

• Catch AttributeError on faulty Truffle artifact schema

• Update :code:pytest to 6.1.1

• Update :code:isort to 5.5.4

0.6.21 (2020-09-18)

• Fix bug in render command analysis list pagination query

• Update :code:isort to 5.5.2

• Update :code:pytest to 6.0.2

• Update :codecoverage to 5.3

0.6.20 (2020-09-05)

• Add table sort key parameter

• Fix bug where payloads were unnecessarily duplicated before filtering

• Improve custom rendering documentation

• Improve HTML/MD default template styles

• Refactor and speed up template rendering routines

• Add file-indexed formatting/rendering data structures

• Add Scribble middleware to support Solidity and Truffle

• Add Scribble JSON support for Solidity jobs

• Refactor Solidity payload job

• Add truffle payload context generation

• Remove deprecated Sonarqube formatter

• Update :code:py-solc-x to 1.0.0

• Update :code:pytest to 6.0.1

• Update :code:pytest-cov to 2.10.1

• Update :code:coveralls to 2.1.2

• Update :code:coverage to 5.2.1

• Update :code:sphinx to 3.2.1

• Update :code:isort to 5.5.1

• Update :code:tox to 3.20.0

• Update :code:watchdog to 0.10.3

• Update :code:twine to 3.2.0

0.6.19 (2020-06-23)

• Add :code:--stdout flag to override YAML-defined :code:output

0.6.18 (2020-06-16)

• Update :code:pythx to 1.6.1 to fix validation errors

0.6.17 (2020-06-16)

• Add experimental Scribble integration for property validation
• Remove bytecode payload option due to lack of usage
• Require users to explicitly consent to analysis submission
• Add feature that allows users to force a certain analysis scenario
• Clean up code into payload-related job objects
• Fix issue where pypy7.1.1-beta0 doesn't support PathLike in os.chdir
• Slim down Solidity file walking logic
• Refresh payload documentation
• Refactor payload-related tests
• Update :code:py-solc-x to 0.9.0
• Update :code:sphinx to 3.1.1
• Update :code:pytest-cov to 2.10.0
• Update :code:tox to 3.15.2

0.6.16 (2020-05-15)

• Whitelist OSX solc installations in :code:py-solc-x
• Update :code:bumpversion to 0.6.0

0.6.15 (2020-05-12)

• Fix bug where payload path prefix trimming was incorrect
• Generate source list from Truffle artifact files
• Improve Solidity file walk performance
• Refactor payloads submodule
• Update :code:tox to 3.15.0
• Update :code:pytest to 5.4.2
• Update :code:py-solc-x to 0.8.2

0.6.14 (2020-04-30)

• Fix bug where location offsets were incorrectly displayed in reports
• Fix bug where whitespace was incorrectly rendered in HTML reports
• Clean up HTML report layout template code
• Update :code:click to 7.1.2

0.6.13 (2020-04-27)

• Add property verification flag docs
• Add property checking flag to analyze command
• Update :code:sphinx to 3.0.3

0.6.12 (2020-04-20)

• Fix bug where new line characters were incorrectly sent on Windows OS
• Fix bug where group creation from config was not triggered
• Update :code:sphinx to 3.0.2
• Update :code:coverage to 5.1
• Update :code:Jinja to 2.11.2

0.6.11 (2020-04-08)

• Use solc JSON stdin for compilation
• Update :code:sphinx to 3.0.0
• Update :code:coveralls to 2.0.0

0.6.10 (2020-04-03)

• Add :code:--api/--self version command switch
• Add explicit yaml config override feature
• Documentation updates
• Update :code:tox to 3.14.6
• Update :code:py-solc-x to 0.8.1

0.6.9 (2020-03-24)

Fix issue where request source list was malformed

0.6.8 (2020-03-23)

• Add support for :code:.mythx.yml config files
• Allow pwd definitions in solc import remappings
• Fix bug in Solidity file walking routine
• Add additional tox checks for documentation and formatting

0.6.7 (2020-03-19)

Fix issue where render templates were not correctly added to manifest.

0.6.6 (2020-03-19)

• Refactor commands into dedicated packages
• Fix bug where click commands were not picked up by autodoc
• Fix bug where :code:render command log cluttered report stdout
• Add support for upper case targets in :code:render command
• Add more verbose debug logging across package

0.6.5 (2020-03-17)

• Add optional contract name specification for Solidity files
• Revise usage and advanced usage docs for solc compilation
• Add :code:--remap-import parameter for solc import remappings
• Update :code:coverage to 5.0.4

0.6.4 (2020-03-15)

• Add :code:--include flag to :code:analyze subcommand
• Fix minor bug in package description content type definition
• Update :code:tox to 3.14.5
• Update :code:sphinx to 2.4.4
• Update :code:py-solc-x to 0.8.0
• Update :code:click to 7.1.1
• Update :code:pytest 5.4.1

0.6.3 (2020-02-15)

• Update :code:sphinx to 2.4.1
• Improved Usage Guide documentation
• Added more verbose descriptions in Advanced Usage guide
• Add improved Python docstrings, enforce formatting
• Add more precise type hints across the code base
• Fix bug where Solidity payloads were truncated
• Add :code:mythx render --markdown parameter for md reports
• Add :code:rglob blacklist to exclude :code:node_modules during .sol directory walks

0.6.2 (2020-02-08)

• Update :code:pytest to 5.3.5
• Add :code:mythx render subcommand for HTML report rendering
• Various HTML template improvements
• Add :code:Jinja2 and :code:htmlmin dependencies
• Add documentation for custom template creation
• Add filtering of Solidity payloads without compiled code (e.g. interfaces)

0.6.0 & 0.6.1 (2020-01-29)

• Add unified reports (e.g. :code:json output of multiple reports in a single JSON object)
• Add SWC ID whitelist parameter to report filter
• Integrate report filters with :code:--ci flag
• Add advanced usage guide to documentation
• Improved messaging across CLI
• Update :code:pytest to 5.3.4
• Improve test suite assertion diff display

0.5.3 (2020-01-16)

• Bump :code:py-solc-x to 0.7.0

0.5.2 (2020-01-16)

• Fix merge release mistake (yeah, sorry.)

0.5.1 (2020-01-16)

• Add support for new modes (quick, standard, deep)
• Fix issue where Truffle address placeholders resulted in invalid bytecode

0.5.0 (2020-01-14)

• Add :code:--create-group flag to analyze subcommand
• Add privacy feature to truncate paths in submission
• Support Truffle projects as target directories
• Add SonarQube output format option
• Revamp usage documentation
• Update coverage to 5.0.3
• Update package details

0.4.1 (2020-01-03)

• Add batch directory submission feature
• Add a :code:--yes flag to skip confirmation messages

0.4.0 (2020-01-02)

• Add :code:--output flag to print to file
• Refactor test suite
• Update coverage to 5.0.1
• Update Sphinx to 2.3.1
• Update tox to 3.14.3

0.3.0 (2019-12-16)

• Add links to MythX dashboard in formatters
• Add support for analysis groups
• Split up logic in subcommands (analysis and group)
• Add CI flag to return 1 on high-severity issues
• Add parameter to blacklist SWC IDs
• Fix bug where :code:--solc-version parameter did not work
• Refactor test suite
• Update pytest to 5.3.1
• Update Sphinx to 2.3.0

0.2.1 (2019-10-04)

• Update PythX to 1.3.2

0.2.0 (2019-10-04)

• Update PythX to 1.3.1
• Add tabular format option as new pretty default
• Update pytest to 5.2.0
• Various bugfixes

0.1.8 (2019-09-16)

• Update dependencies to account for new submodules

0.1.7 (2019-09-16)

• Update pythx from 1.2.4 to 1.2.5
• Clean stale imports, fix formatting issues

0.1.6 (2019-09-15)

• Improve CLI docstrings
• Add more formatter-related documentation

0.1.5 (2019-09-15)

• Add autodoc to Sphinx setup
• Add middleware for tool name field
• Enable pypy3 support
• Add more verbose documentation
• Allow username/password login

0.1.4 (2019-09-13)

• Fix Atom's automatic Python import sorting (broke docs)

0.1.3 (2019-09-13)

• Fix faulty version generated by bumpversion

0.1.2 (2019-09-13)

• Fix bumpversion regex issue

0.1.1 (2019-09-13)

• Initial implementation
• Integrated Travis, PyUp, PyPI upload

0.1.0 (2019-08-31)

• First release on PyPI.