amarna
amarna copied to clipboard
crytic
Amarna is a static-analyzer and linter for the Cairo programming language.
All of our PyPI-packaged projects should use trusted publishing, rather than a manually configured API token. Example trusted publishing workflow: https://github.com/trailofbits/blight/blob/master/.github/workflows/release.yml Resources: * https://docs.pypi.org/trusted-publishers/ * https://packaging.python.org/en/latest/guides/publishing-package-distribution-releases-using-github-actions-ci-cd-workflows/
Bumps [pypa/gh-action-pip-audit](https://github.com/pypa/gh-action-pip-audit) from 1.0.7 to 1.0.8. Release notes Sourced from pypa/gh-action-pip-audit's releases. v1.0.8 What's Changed Remove pin on requests (fixes #41) by @Alexerson in pypa/gh-action-pip-audit#42 New Contributors @Alexerson made their...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Bumps [github/super-linter](https://github.com/github/super-linter) from 4.10.1 to 5.0.0. Release notes Sourced from github/super-linter's releases. v5.0.0 Changelog Bump scalameta/scalafmt from v3.6.1 to v3.7.3 @dependabot (#4040) Fix bad owner/group flags on node dependencies @ajkerr...
[must-check-caller-address] finds the calls to `get_caller_address` and warns the user about it. Ideally, this rule should NOT emit any warning if the user checks the return value. E.g.: ```cairo let...
When using a library/preset to import & re-export public methods, i.e. https://github.com/OpenZeppelin/cairo-contracts#use-a-basic-preset the import is unused in the code but it's meant to provide a user facing API.
Add a detector to check if a function marked with `@l1_handler` calls `get_caller_address` (either directly or indirectly). It will return 0x0 and can cause issues in some cases.
It would be awesome if there was a way how to disable a rule (or multiple at the same time) on a per line, per function and per file basis....
Add a rule here https://github.com/crytic/amarna/blob/2bb48690eae625737bb59b84e1961795528f7bc8/amarna/rules/post_process_rules/UnusedFunctionsRule.py#L30 to exclude, function under namespace in libraries, from being flagged with “unused function” warning.
Multiple detectors built with ImportGatherer does not solve correctly for recursive imports, as pointed out https://github.com/crytic/amarna/pull/16#issuecomment-1160767665 - Solution can mimic compiler behaviour, [ref](https://github.com/starkware-libs/cairo-lang/blob/b614d1867c64f3fb2cf4a4879348cfcf87c3a5a7/src/starkware/cairo/lang/compiler/import_loader.py#L14)
