Skip to main content

Browse the archive

https://github.com/trailofbits/manticore
05 April 2024, 22:53:39 UTC
sort by:
Revision Author Date Message Commit Date
c82607e disconnect3d 12 September 2018, 22:32:10 UTC Fix in-place tainting 12 September 2018, 22:32:10 UTC
c2363dc disconnect3d 12 September 2018, 22:17:59 UTC Simplify taint_with 12 September 2018, 22:17:59 UTC
09e646d Mark Mossberg 12 September 2018, 15:09:08 UTC license phrasing uniformity (#1131) * Update README.md * Update README.md 12 September 2018, 15:09:08 UTC
5ddc34a Jay Little 08 September 2018, 16:16:12 UTC Fix typos in help (#1129) 08 September 2018, 16:16:12 UTC
21ef434 Disconnect3d 07 September 2018, 09:41:09 UTC Inform users they installed solc through snap (#1124) TLDR: If you install solc from snap universal Linux packages, it breaks Manticore API as it uses temporary files. Also Manticore won't work when fired on files in `/tmp` (because `solc` doesn't). Below you can see it in action for a file located in `/tmp`: ```bash ➜ manticore s.sol 2018-09-07 11:39:03,268: [19239] m.main:INFO: Beginning analysis 2018-09-07 11:39:03,269: [19239] m.ethereum:INFO: Starting symbolic create contract Traceback (most recent call last): File "/home/dc/projects/manticore/manticore/ethereum.py", line 1542, in _run_solc return json.loads(stdout.decode()), stderr.decode() File "/usr/lib/python3.6/json/__init__.py", line 354, in loads return _default_decoder.decode(s) File "/usr/lib/python3.6/json/decoder.py", line 339, in decode obj, end = self.raw_decode(s, idx=_w(s, 0).end()) File "/usr/lib/python3.6/json/decoder.py", line 357, in raw_decode raise JSONDecodeError("Expecting value", s, err.value) from None json.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0) During handling of the above exception, another exception occurred: Traceback (most recent call last): File "/home/dc/.venv/manticore/bin/manticore", line 11, in <module> load_entry_point('manticore', 'console_scripts', 'manticore')() File "/home/dc/projects/manticore/manticore/__main__.py", line 191, in main ethereum_cli(args) File "/home/dc/projects/manticore/manticore/__main__.py", line 173, in ethereum_cli m.multi_tx_analysis(args.argv[0], contract_name=args.contract, tx_limit=args.txlimit, tx_use_coverage=not args.txnocoverage, tx_send_ether=not args.txnoether, tx_account=args.txaccount) File "/home/dc/projects/manticore/manticore/ethereum.py", line 2125, in multi_tx_analysis contract_account = self.solidity_create_contract(f, contract_name=contract_name, owner=owner_account, args=args) File "/home/dc/projects/manticore/manticore/ethereum.py", line 1835, in solidity_create_contract compile_results = self._compile(source_code, contract_name_i, libraries=deps, solc_bin=solc_bin, solc_remaps=solc_remaps) File "/home/dc/projects/manticore/manticore/ethereum.py", line 1565, in _compile output, warnings = ManticoreEVM._run_solc(source_code, solc_bin, solc_remaps) File "/home/dc/projects/manticore/manticore/ethereum.py", line 1544, in _run_solc raise EthereumError('Solidity compilation error:\n\n{}'.format(stderr.decode())) manticore.ethereum.EthereumError: Solidity compilation error: ""s.sol"" is not found ``` And so that's how it looks in action after this commit: ``` ➜ manticore s.sol 2018-09-07 11:38:09,841: [18695] m.main:INFO: Beginning analysis 2018-09-07 11:38:09,842: [18695] m.ethereum:INFO: Starting symbolic create contract Traceback (most recent call last): File "/home/dc/.venv/manticore/bin/manticore", line 11, in <module> load_entry_point('manticore', 'console_scripts', 'manticore')() File "/home/dc/projects/manticore/manticore/__main__.py", line 191, in main ethereum_cli(args) File "/home/dc/projects/manticore/manticore/__main__.py", line 173, in ethereum_cli m.multi_tx_analysis(args.argv[0], contract_name=args.contract, tx_limit=args.txlimit, tx_use_coverage=not args.txnocoverage, tx_send_ether=not args.txnoether, tx_account=args.txaccount) File "/home/dc/projects/manticore/manticore/ethereum.py", line 2139, in multi_tx_analysis contract_account = self.solidity_create_contract(f, contract_name=contract_name, owner=owner_account, args=args) File "/home/dc/projects/manticore/manticore/ethereum.py", line 1849, in solidity_create_contract compile_results = self._compile(source_code, contract_name_i, libraries=deps, solc_bin=solc_bin, solc_remaps=solc_remaps) File "/home/dc/projects/manticore/manticore/ethereum.py", line 1579, in _compile output, warnings = ManticoreEVM._run_solc(source_code, solc_bin, solc_remaps) File "/home/dc/projects/manticore/manticore/ethereum.py", line 1552, in _run_solc "send us a PR so we could add it here!".format(stderr) manticore.ethereum.EthereumError: Solidity compilation failed with error: ""s.sol"" is not found Did you install solc from snap Linux universal packages? If so, the problem is likely due to snap's sandbox restricting access to /tmp Here are some potential solutions: 1) Remove solc from snap and install it different way 2) Reinstall solc from snap in developer mode, so there is no sandbox 3) Find a way to add /tmp to the solc's sandbox. If you do, send us a PR so we could add it here! ``` 07 September 2018, 09:41:09 UTC
12b4c84 Disconnect3d 06 September 2018, 04:39:45 UTC Fixes missing is_return_symbolic value (#1125) Fixes the issue presented below: ``` ➜ cat manticore_ex.py from manticore.ethereum import ManticoreEVM, evm, Operators m = ManticoreEVM() source_code = ''' pragma solidity ^0.4.24; contract Foo { function foo() {} } ''' user_account = m.create_account(balance=1000, name='user_account') contract_account = m.solidity_create_contract(source_code, owner=user_account, name='contract_account') contract_account.foo(1) print("[+] Now the symbolic values") symbolic_data = m.make_symbolic_buffer(320) symbolic_value = m.make_symbolic_value(name="VALUE") symbolic_address = m.make_symbolic_value(name="ADDRESS") symbolic_caller = m.make_symbolic_value(name="CALLER") m.transaction( caller=symbolic_caller, address=symbolic_address, data=symbolic_data, value=symbolic_value ) m.finalize() print("[+] Look for results in %s " % m.workspace) ➜ python manticore_ex.py [+] Now the symbolic values Traceback (most recent call last): File "manticore_ex.py", line 30, in <module> m.finalize() File "/home/dc/projects/manticore/manticore/ethereum.py", line 2715, in finalize finalizer(-1) File "/home/dc/projects/manticore/manticore/ethereum.py", line 2702, in finalizer self._generate_testcase_callback(st, 'test', '') File "/home/dc/projects/manticore/manticore/ethereum.py", line 2635, in _generate_testcase_callback is_something_symbolic = is_calldata_symbolic or is_return_symbolic UnboundLocalError: local variable 'is_return_symbolic' referenced before assignment ``` 06 September 2018, 04:39:45 UTC
501da0d Jay Little 05 September 2018, 10:01:14 UTC python3 update to linux example makefile (#1122) Ubuntu 18.04 doesn't alias python to python3 05 September 2018, 10:01:14 UTC
fd09e72 Charlie Jung 04 September 2018, 21:05:34 UTC Changed instances of Concretice to Concretize (#1118) 04 September 2018, 21:05:34 UTC
41bad1e feliam 01 September 2018, 19:17:06 UTC manticore 0.2.1.1 (#1116) 01 September 2018, 19:17:06 UTC
70817fb feliam 01 September 2018, 19:11:07 UTC Manticore 0.2.1-b (#1115) 01 September 2018, 19:11:07 UTC
3c639b7 feliam 01 September 2018, 18:53:41 UTC Manticore 0.2.1-berlin (#1114) 01 September 2018, 18:53:41 UTC
53b3fce feliam 01 September 2018, 18:11:43 UTC Fix version number / release (#1113) 01 September 2018, 18:11:43 UTC
5005529 feliam 01 September 2018, 17:27:46 UTC Fix the versioning hell (#1112) 01 September 2018, 17:27:46 UTC
c07ada2 feliam 01 September 2018, 17:00:14 UTC Release 0.2.1c (#1111) 01 September 2018, 17:00:14 UTC
5160416 Mark Mossberg 01 September 2018, 15:28:22 UTC Manticore 0.2.1 (#1106) * Bump version num * changelog skeleton * Switch to agpl * readme license update * update * gas * Add dc * Date update * Add last minute contributions 01 September 2018, 15:28:22 UTC
a21150e redyoshi49q 01 September 2018, 13:50:24 UTC Updates to README.md relating to Python 3 migration and sudo within virtualenv setup (#1109) * updated README.md to use python3 commands * updated README.md to add sudo to system pip3 install commands Line 186 uses a path to the specific pip3 binary (as per https://stackoverflow.com/questions/41429988/inside-virtual-env-sudo-pip-links-to-the-global-python-pip ). 01 September 2018, 13:50:24 UTC
aa1ae09 feliam 01 September 2018, 13:37:38 UTC Detect the odd delegatecall instruction (#1108) * DAO detector + bugfixes * The actual benchmark tests * The actual benchmark tests * CC * Experiment reporting the finding at a JUMPI * Fix taint. Detect returned overflowded data * DAO -> Reentrancy * DAO -> reentrancy, C -> Benchmark * DAO -> reentrancy, C -> Benchmark * Allow function names to have numbers * Fix contract names in benchmark * Fix contract names in benchmark * Move default plugin registration * Better regexp * Fix minimal_bytecode example * Fix Array Slice and test * add tests * correct other bug * implement bytesM * BROKEN partial progress * need bytearray here * rm cmt * add basic tests for bytesM and bytes symbolic * correct bytes symbolic test * Refactor, clean bytesM handling * Add initial symbolic 'bytes' handling * refactor tests * Unify symbolic/concrete bytes handling in bytesM/bytes * Rm import * Rm debug assert * cc * Visitor/migrate/simplify fixes to make the seth refactor pass * Fix concolic? * Fix concolic? * CC * bytesM fix * Fix address and caller concretization on symb tx * Fix/refactor symbolic address/caller concretization * Fix caller concretization * Fix expression visiting * Fix account policy refactor * Accept numbers in function names abitypes * Simplify installation instructions to recommend install manticore only for the current user * Run some tests in parallel (#970) This PR splits the current test runner into three environments: 1. Linux examples 2. Ethereum tests 3. Remaining tests to faster complete each testing run. Ethereum tests include a number of integration tests that execute scripts to completion, which takes a while. We run them concurrently with other tests to save on execution time. The split is done by naming Ethereum tests differently (`eth_*.py` vs `test_*.py`) and updating what pattern unittest's `discover` uses. This change also updates the installation script and chooses to forego installing Keystone for EVM tests as it takes a while, and it adds a `setup.cfg` config file so that Nose finds the eth tests as well by default. * Be less verbose when testing * Fix slicing wrongly reference to proxyArray. Fix #912 * Only export human/external tx in the testcase (#972) * Make ManticoreEVM.make_symbolic_value size adjustable (#974) * Make size adjustable * Default to 256 * Dev evm yolo fix gas (#975) * Fix gas stipend on CALL and check dao * Add order dependence 1 * Going linter. Report/Detect that thing when code does not check returned value * cleaner example of fail * Update retval_crazy.sol * new solc for travis * CC * Remove duplicated ReentrancyDetector * POrt to py3 * POrt to py3 * P0rt to py3 * CC * Be mega forgiving on global expression usage - EVM * Tests doc * Refactor new_bitvector api * function id to binary * Fix neW_bool * CC * rename avoid_collisions collision * rename avoid_collisions collision * migrate on state.constraint too.. * Migration bugfixes * CC bugfixes * invalid assert removed * move rep code to method * unittets fixes and CC * CC * Refactor result_ref out in favor of change_last_result() * CC * reviewing the codes * CC * Change variable names * typo * Basic refactors and output enhancements * Some minid docstrings and a unittest * Some mini docstrings and a unittest * Add migration integration testion * Keep fuzz-refactoring it * CC * Bugfixfixfixfix * CC * re refactor mig algorithm * better cleaner stronger. (reviewing) * CC * Small refactor and Fix strange strcmp test. * CC * funtion selector abinary * bugfix.. waiting for migreation PR * convenient tx abi parsing func * convenient tx abi parsing func * convenient tx abi parsing func * convenient tx abi parsing func * re re refactor for readability * CC * rev * CC * forgoten var * CC * CC * Delete duplicated detector * WIP delegatecall. Lot of fixes. Recursion fix. * review * typo * CC * Sha3 random concre example when none. Concretize SIZE/OFFSET more. Initial calldata size management * remove debug print * Add check in constraints.add * review * Adding single example to sha3 trick when there are not know examples * CC * review * CC * about to merge sha3 * cleanups * make gas budget configurable by user * cleanups * cleanups * CC: * CC * Fix typo in tests * Fix import typo * pump some gas * typo in skipping slow/big test * skipping more test to make travis happy * skipping more test to make travis happy * debugging travis like a caveman * dbg * dbg * dbg * undbg * undbg * undbg * undbg * undbg and fixed * undbg and fixed * CC 01 September 2018, 13:37:38 UTC
1907968 feliam 31 August 2018, 20:42:02 UTC Sha3 rework and performance enhancements (#1031) * DAO detector + bugfixes * The actual benchmark tests * The actual benchmark tests * CC * Experiment reporting the finding at a JUMPI * Fix taint. Detect returned overflowded data * DAO -> Reentrancy * DAO -> reentrancy, C -> Benchmark * DAO -> reentrancy, C -> Benchmark * Allow function names to have numbers * Fix contract names in benchmark * Fix contract names in benchmark * Move default plugin registration * Better regexp * Fix minimal_bytecode example * Fix Array Slice and test * add tests * correct other bug * implement bytesM * BROKEN partial progress * need bytearray here * rm cmt * add basic tests for bytesM and bytes symbolic * correct bytes symbolic test * Refactor, clean bytesM handling * Add initial symbolic 'bytes' handling * refactor tests * Unify symbolic/concrete bytes handling in bytesM/bytes * Rm import * Rm debug assert * cc * Visitor/migrate/simplify fixes to make the seth refactor pass * Fix concolic? * Fix concolic? * CC * bytesM fix * Fix address and caller concretization on symb tx * Fix/refactor symbolic address/caller concretization * Fix caller concretization * Fix expression visiting * Fix account policy refactor * Accept numbers in function names abitypes * Simplify installation instructions to recommend install manticore only for the current user * Run some tests in parallel (#970) This PR splits the current test runner into three environments: 1. Linux examples 2. Ethereum tests 3. Remaining tests to faster complete each testing run. Ethereum tests include a number of integration tests that execute scripts to completion, which takes a while. We run them concurrently with other tests to save on execution time. The split is done by naming Ethereum tests differently (`eth_*.py` vs `test_*.py`) and updating what pattern unittest's `discover` uses. This change also updates the installation script and chooses to forego installing Keystone for EVM tests as it takes a while, and it adds a `setup.cfg` config file so that Nose finds the eth tests as well by default. * Be less verbose when testing * Fix slicing wrongly reference to proxyArray. Fix #912 * Only export human/external tx in the testcase (#972) * Make ManticoreEVM.make_symbolic_value size adjustable (#974) * Make size adjustable * Default to 256 * Dev evm yolo fix gas (#975) * Fix gas stipend on CALL and check dao * Add order dependence 1 * Going linter. Report/Detect that thing when code does not check returned value * cleaner example of fail * Update retval_crazy.sol * new solc for travis * CC * Remove duplicated ReentrancyDetector * POrt to py3 * POrt to py3 * P0rt to py3 * CC * Be mega forgiving on global expression usage - EVM * Tests doc * Refactor new_bitvector api * function id to binary * Fix neW_bool * CC * rename avoid_collisions collision * rename avoid_collisions collision * migrate on state.constraint too.. * Migration bugfixes * CC bugfixes * invalid assert removed * move rep code to method * unittets fixes and CC * CC * Refactor result_ref out in favor of change_last_result() * CC * reviewing the codes * CC * Change variable names * typo * Basic refactors and output enhancements * Some minid docstrings and a unittest * Some mini docstrings and a unittest * Add migration integration testion * Keep fuzz-refactoring it * CC * Bugfixfixfixfix * CC * re refactor mig algorithm * better cleaner stronger. (reviewing) * CC * Small refactor and Fix strange strcmp test. * CC * funtion selector abinary * bugfix.. waiting for migreation PR * convenient tx abi parsing func * convenient tx abi parsing func * convenient tx abi parsing func * convenient tx abi parsing func * re re refactor for readability * CC * rev * CC * forgoten var * CC * CC * review * typo * CC * review * Adding single example to sha3 trick when there are not know examples * CC * review * CC * Forgotten rollback * CC 31 August 2018, 20:42:02 UTC
3d937ae Mark Mossberg 31 August 2018, 19:38:03 UTC Add env instruction detector to cli (#1105) 31 August 2018, 19:38:03 UTC
cf72c12 Mark Mossberg 31 August 2018, 13:23:31 UTC eth: new/alternative reentrancy detector (#1082) * initial second one * update * polish * correct * Correctly check gas * Record gas constraint and save in finding * simplify logic * Check if destination is a contract * Revert "Check if destination is a contract" 901be37ce6e49bff455db52c71d5cf17c5b0a3d4 * better context key * Be lenient with Constants * Add new simpler/less input required reentrancy detector, use in the cli * Fix bad merge import * Fix import * Add final missing import 31 August 2018, 13:23:31 UTC
55c1ede feliam 30 August 2018, 20:37:53 UTC Detection of environmental and potentially manipulable instruction/data (#1096) * unittest * CC * import fix * typo * forgotten test 30 August 2018, 20:37:53 UTC
4fbf273 Mark Mossberg 29 August 2018, 22:58:59 UTC Add detector for plain external call (#1087) * initial refactor etherleak to also do general external call * refactor * Update users * Update tests * Update * Fix tests * Don't use signed operator, check != 0 * Record constraint * Record constraint * Use did_evm_execute So we don't falsely report if the CALL were to fail * Revert "Use did_evm_execute" 96a84f266d234667376ce6ad005d8190aba1a863 29 August 2018, 22:58:59 UTC
15b2257 Yan Ivnitskiy 28 August 2018, 18:56:44 UTC Update the README (#1064) <!-- Reviewable:start --> This change is [<img src="https://reviewable.io/review_button.svg" height="34" align="absmiddle" alt="Reviewable"/>](https://reviewable.io/reviews/trailofbits/manticore/1064) <!-- Reviewable:end --> 28 August 2018, 18:56:44 UTC
14815ac Mark Mossberg 28 August 2018, 17:01:39 UTC Add --no-testcases flag (#1083) 28 August 2018, 17:01:39 UTC
e64eda1 ggrieco-tob 28 August 2018, 14:57:55 UTC Improved printing of constructor call with decoded constructor arguments and transaction result (#1080) * added printing of decoded constructor arguments * Fixed test 28 August 2018, 14:57:55 UTC
1d806ba Mark Mossberg 24 August 2018, 22:44:43 UTC Fix rtd (#1086) * test * wrong number * sorry Popen :( * mocking * x * clean * better explain this arcane stuff * don't need io 24 August 2018, 22:44:43 UTC
6aaa8fd Mark Mossberg 24 August 2018, 21:16:58 UTC Create readthedocs.yml (#1085) 24 August 2018, 21:16:58 UTC
81296f9 Mark Mossberg 24 August 2018, 14:41:11 UTC eth: add ether leak detector (#1077) * Add initial ether leak detector * Initial test * correct * Add another neg * rm stray print * initial tests refactoring + ether leak tests * finding name * initial refactor * clean comment * correct this test * update tests * Add fp comment * add other test * remove unnecessary payable function * make LoopDepthLimiter configurable * Use real pc * cc * Add other test * Add cli interface 24 August 2018, 14:41:11 UTC
ece72fe ggrieco-tob 24 August 2018, 13:43:27 UTC Added --txnoether option to avoid sending ether to contracts (#1078) * added --txnoether option * Improved command line description 24 August 2018, 13:43:27 UTC
8142472 Mark Mossberg 23 August 2018, 19:04:41 UTC eth: add selfdestruct detector & misc bug fixes (#1068) * Don't keep selfdestruct states alive * Use avoid_collisions=True for internal uses of the .new_ methods * Better err msgs * Output pc in hex * Fix ignored workspace cli flag * hex pc * hex pc one last time * add selfdestruct detector * Add cli support * Add ok selfdestruct test * Add selfdestruct not ok - true positive * Add selfdestruct crazy - true negative * Reorganize plugin/detectors. Add LoopDepthLimiter plugin + cli flag * rename files * add another test * Add initial selfdestruct tests * Move integer overflow detector test into eth_detectors * cc * add missing import * add other missing import 23 August 2018, 19:04:41 UTC
3f305c4 Aleksandr Sobolev 23 August 2018, 12:57:35 UTC Fix typo mistake in multi-million word (#1073) 23 August 2018, 12:57:35 UTC
38ecc25 defunct 22 August 2018, 02:37:17 UTC Implements support for function overloading in ethereum (#1049) * implements `signature` kwarg for overloaded functions - resolves #810 22 August 2018, 02:37:17 UTC
8247dc6 ggrieco-tob 21 August 2018, 19:51:46 UTC Fix for #1008 (#1063) * Fix for #1008 * add test for funcall output 21 August 2018, 19:51:46 UTC
ec28281 feliam 17 August 2018, 16:47:44 UTC evm: aggressively check & migrate expressions into current ConstraintSet in case they are global/external (#1009) * Be mega forgiving on global expression usage - EVM * Refactor new_bitvector api * Fix neW_bool * CC * rename avoid_collisions collision * rename avoid_collisions collision * migrate on state.constraint too.. * Migration bugfixes * CC bugfixes * invalid assert removed * move rep code to method * reviewing the codes * CC * Change variable names * typo * Some mini docstrings and a unittest * Add migration integration testion * Keep fuzz-refactoring it * CC * Bugfixfixfixfix * CC * re refactor mig algorithm * better cleaner stronger. (reviewing) * CC * Small refactor and Fix strange strcmp test. * CC * re re refactor for readability * CC * rev * forgoten var 17 August 2018, 16:47:44 UTC
1119814 defunct 17 August 2018, 13:34:45 UTC Serialization cleanup (#1048) * refactor serialization / recursion limit handling 17 August 2018, 13:34:45 UTC
5684bdd defunct 15 August 2018, 20:49:40 UTC Code cleanup and coverage (#1035) * dead code elimination, __init__ cleanup * `binary.Elf` bugfix, add `binary` package tests 15 August 2018, 20:49:40 UTC
e6833ab defunct 15 August 2018, 17:26:08 UTC Fix missing profiling data (#1057) * fix missing profiling data - resolves #982 * unit test 15 August 2018, 17:26:08 UTC
e53b499 Yan Ivnitskiy 13 August 2018, 18:41:30 UTC Add logo to readme (#1046) * add logo to README 13 August 2018, 18:41:30 UTC
0ad15c7 Mark Mossberg 10 August 2018, 20:07:39 UTC Manticore 0.2.0 (#1043) * Bump version * Initial changelog changes * Bump version in setup.py * Add skeleton and externals * Fill in 0.2.0 readme * Updates 10 August 2018, 20:07:39 UTC
a0c2f76 defunct 10 August 2018, 19:28:41 UTC Port remaining examples to py3 (#1042) * port use_def * port some scripts, cleanup * ported `scripts/gdb.py` - untested * misc 10 August 2018, 19:28:41 UTC
399a2ef Mark Mossberg 10 August 2018, 19:03:02 UTC Emphasize new python requirement (#1041) * Emphasize new python requirement * Consistent formatting 10 August 2018, 19:03:02 UTC
7b66bec Dan Guido 10 August 2018, 17:57:50 UTC Readme updates (#1037) * add some more heft to the Ethereum section * no longer needed * Integrate requirements into installation * Update README.md * Update README.md * Update README.md * Update README.md * Duplicate commands for docker quick start * Rm --process-dependency-links note, moved into the faq on the wiki * Small tweaks * pedantic formatting 10 August 2018, 17:57:50 UTC
9f73308 Mark Mossberg 09 August 2018, 22:27:34 UTC Fix gast (#1039) 09 August 2018, 22:27:34 UTC
5710716 Catena cyber 09 August 2018, 18:47:57 UTC Test manticore on MacOS (#1032) * Test manticore on MacOS like test_binaries.py for path to binary to test * MacOS compatibility achieved Replacement of /bin/ls in tests Use of basename in test_load_maps 09 August 2018, 18:47:57 UTC
a16c508 Yan Ivnitskiy 09 August 2018, 15:27:45 UTC ignore resource warnings (e.g. unclosed files) (#1038) 09 August 2018, 15:27:45 UTC
a266c0b Dan Guido 08 August 2018, 22:11:21 UTC Update README.md 08 August 2018, 22:11:21 UTC
682004e Evan 08 August 2018, 21:14:17 UTC readme Ethereum update issue #1003 (#1034) * readme ethereum update issue #1003 * simplify 08 August 2018, 21:14:17 UTC
1f74f0f defunct 07 August 2018, 23:54:44 UTC fix sys_write logger output (#1024) * fix sys_write logger output - resolves #1020 * write/writev/read fixes * openat((int32)dirfd, ...) resolves #940, syscall logging * disable E701, interferes with PEP484/526 07 August 2018, 23:54:44 UTC
78e2ddf defunct 07 August 2018, 19:17:27 UTC resolves #992 (#1033) * resolves #992 07 August 2018, 19:17:27 UTC
b0a9ae9 defunct 07 August 2018, 14:01:53 UTC Merge pull request #1028 from trailofbits/binja_cleanup binja cleanup 07 August 2018, 14:01:53 UTC
41a3cff defunct 06 August 2018, 23:38:05 UTC missed one 06 August 2018, 23:38:05 UTC
635f99b defunct 06 August 2018, 22:28:39 UTC remove stray comment 06 August 2018, 22:28:39 UTC
be9d54c defunct 06 August 2018, 21:58:25 UTC review changes 06 August 2018, 21:58:25 UTC
6f56dc0 defunct 06 August 2018, 21:51:57 UTC Merge pull request #1030 from trailofbits/bugfix_991 fixes docker - resolves #991 06 August 2018, 21:51:57 UTC
a2a05c0 defunct 06 August 2018, 21:04:52 UTC Merge branch 'master' into binja_cleanup 06 August 2018, 21:04:52 UTC
82f6713 defunct 06 August 2018, 21:03:04 UTC Merge pull request #1019 from trailofbits/bugfix_1018 File mode fix - resolves #1018 06 August 2018, 21:03:04 UTC
47d827a defunct 06 August 2018, 21:01:57 UTC Merge pull request #1017 from defunctio/bugfix_1016 Addresses performance issues; 06 August 2018, 21:01:57 UTC
5dbb19e feliam 06 August 2018, 21:01:41 UTC Dev yolo retvalthing (#1001) * DAO detector + bugfixes * The actual benchmark tests * The actual benchmark tests * CC * Experiment reporting the finding at a JUMPI * Fix taint. Detect returned overflowded data * DAO -> Reentrancy * DAO -> reentrancy, C -> Benchmark * DAO -> reentrancy, C -> Benchmark * Allow function names to have numbers * Fix contract names in benchmark * Fix contract names in benchmark * Move default plugin registration * Better regexp * Fix minimal_bytecode example * Fix Array Slice and test * add tests * correct other bug * implement bytesM * BROKEN partial progress * need bytearray here * rm cmt * add basic tests for bytesM and bytes symbolic * correct bytes symbolic test * Refactor, clean bytesM handling * Add initial symbolic 'bytes' handling * refactor tests * Unify symbolic/concrete bytes handling in bytesM/bytes * Rm import * Rm debug assert * cc * Visitor/migrate/simplify fixes to make the seth refactor pass * Fix concolic? * Fix concolic? * CC * bytesM fix * Fix address and caller concretization on symb tx * Fix/refactor symbolic address/caller concretization * Fix caller concretization * Fix expression visiting * Fix account policy refactor * Accept numbers in function names abitypes * Simplify installation instructions to recommend install manticore only for the current user * Run some tests in parallel (#970) This PR splits the current test runner into three environments: 1. Linux examples 2. Ethereum tests 3. Remaining tests to faster complete each testing run. Ethereum tests include a number of integration tests that execute scripts to completion, which takes a while. We run them concurrently with other tests to save on execution time. The split is done by naming Ethereum tests differently (`eth_*.py` vs `test_*.py`) and updating what pattern unittest's `discover` uses. This change also updates the installation script and chooses to forego installing Keystone for EVM tests as it takes a while, and it adds a `setup.cfg` config file so that Nose finds the eth tests as well by default. * Be less verbose when testing * Fix slicing wrongly reference to proxyArray. Fix #912 * Only export human/external tx in the testcase (#972) * Make ManticoreEVM.make_symbolic_value size adjustable (#974) * Make size adjustable * Default to 256 * Dev evm yolo fix gas (#975) * Fix gas stipend on CALL and check dao * Add order dependence 1 * Going linter. Report/Detect that thing when code does not check returned value * cleaner example of fail * Update retval_crazy.sol * new solc for travis * CC * Remove duplicated ReentrancyDetector * POrt to py3 * POrt to py3 * P0rt to py3 * CC * Tests doc * CC 06 August 2018, 21:01:41 UTC
b41c73a defunct 06 August 2018, 20:49:42 UTC fixes docker - resolves #991 06 August 2018, 20:49:42 UTC
351f6f1 defunct 04 August 2018, 00:51:16 UTC binja cleanup 06 August 2018, 19:49:20 UTC
b6275e0 defunct 06 August 2018, 17:54:19 UTC Merge branch 'master' into bugfix_1018 06 August 2018, 17:54:19 UTC
85b94b6 Catena cyber 06 August 2018, 17:04:57 UTC Use capstone 3.0.5 and no longer rc2 (#1026) 06 August 2018, 17:04:57 UTC
b58eb6f Yan Ivnitskiy 03 August 2018, 21:38:56 UTC Change how we query for version (#1023) Fixes #1021 This also should decrease how many times we invoke z3. (The instance used to query version should stick around) 03 August 2018, 21:38:56 UTC
220e8ae defunct 03 August 2018, 20:06:45 UTC Merge branch 'master' into bugfix_1018 03 August 2018, 20:06:45 UTC
24cb4bd Mark Mossberg 03 August 2018, 20:05:54 UTC Add unit test for 954 (#1022) 03 August 2018, 20:05:54 UTC
111a467 devtty1er 03 August 2018, 18:40:19 UTC Fixes closed file serialization (#955) Fixes trailofbits/manticore#954 03 August 2018, 18:40:19 UTC
424cc4e defunct 02 August 2018, 22:18:08 UTC File mode fix - resolves #1018 02 August 2018, 22:18:08 UTC
f977a67 defunct 02 August 2018, 19:48:29 UTC Addresses performance issues; * reimplement caching for `arithmetic_simplifier` and `constant_folder` * optimize `ArithmeticSimplifier.visit_ArraySelect` 02 August 2018, 19:48:29 UTC
0d84345 defunct 02 August 2018, 14:35:35 UTC Merge pull request #990 from defunctio/py3-optimization-pass Python 3; optimization / stylization pass 02 August 2018, 14:35:35 UTC
08751c5 defunct 01 August 2018, 21:23:45 UTC resolves #1008 (#1014) 01 August 2018, 21:23:45 UTC
822cc88 defunct 01 August 2018, 21:19:59 UTC cleanup examples (#1010) 01 August 2018, 21:19:59 UTC
90fdbb8 defunct 01 August 2018, 14:35:46 UTC re-enable and fix eth regression 808 (#1011) 01 August 2018, 14:35:46 UTC
cfedea7 Yan Ivnitskiy 31 July 2018, 18:04:57 UTC Fix CC coverage (#1007) This fix does two things: 1. Ignores non-manticore files from the coverage report to limit what can fail. 2. Changes how travis runs s3 sync on completion. (Fixes #1006) 31 July 2018, 18:39:57 UTC
99f158a Yan Ivnitskiy 30 July 2018, 23:36:34 UTC Report test coverage to CodeClimate (#1004) This PR enables the reporting of test coverage of all the test jobs (`eth` and `tests`) to CodeClimate. This uses S3 to temporarily store results between jobs and later upload them to CC. Fixes #1000 31 July 2018, 18:39:57 UTC
b1a09d2 Yan Ivnitskiy 31 July 2018, 18:04:57 UTC Fix CC coverage (#1007) This fix does two things: 1. Ignores non-manticore files from the coverage report to limit what can fail. 2. Changes how travis runs s3 sync on completion. (Fixes #1006) 31 July 2018, 18:04:57 UTC
4e73bc3 defunct 31 July 2018, 13:44:03 UTC codeclimate - bump similar-code thresh; false positive 31 July 2018, 13:44:03 UTC
b0e0a1b defunct 30 July 2018, 14:19:07 UTC codeclimate 31 July 2018, 13:42:28 UTC
59a5ff0 Yan Ivnitskiy 30 July 2018, 23:36:34 UTC Report test coverage to CodeClimate (#1004) This PR enables the reporting of test coverage of all the test jobs (`eth` and `tests`) to CodeClimate. This uses S3 to temporarily store results between jobs and later upload them to CC. Fixes #1000 30 July 2018, 23:36:34 UTC
c798584 defunct 28 July 2018, 02:19:37 UTC remove/update deprecated 28 July 2018, 02:19:37 UTC
e1b6f1a defunct 27 July 2018, 23:59:06 UTC super() 27 July 2018, 23:59:06 UTC
7dfcbcd defunct 27 July 2018, 23:39:44 UTC numbers.Integral 27 July 2018, 23:39:44 UTC
66d8581 defunct 27 July 2018, 23:37:59 UTC cleanup 27 July 2018, 23:37:59 UTC
bff9bfa defunct 27 July 2018, 23:27:47 UTC merge master 27 July 2018, 23:27:47 UTC
442ad0b feliam 27 July 2018, 22:21:36 UTC Yolo dev evm fix address concretization (#1002) * DAO detector + bugfixes * The actual benchmark tests * The actual benchmark tests * CC * Experiment reporting the finding at a JUMPI * Fix taint. Detect returned overflowded data * DAO -> Reentrancy * DAO -> reentrancy, C -> Benchmark * DAO -> reentrancy, C -> Benchmark * Allow function names to have numbers * Fix contract names in benchmark * Fix contract names in benchmark * Move default plugin registration * Better regexp * Fix minimal_bytecode example * Fix Array Slice and test * add tests * correct other bug * implement bytesM * BROKEN partial progress * need bytearray here * rm cmt * add basic tests for bytesM and bytes symbolic * correct bytes symbolic test * Refactor, clean bytesM handling * Add initial symbolic 'bytes' handling * refactor tests * Unify symbolic/concrete bytes handling in bytesM/bytes * Rm import * Rm debug assert * cc * Visitor/migrate/simplify fixes to make the seth refactor pass * Fix concolic? * Fix concolic? * CC * bytesM fix * Fix address and caller concretization on symb tx * Fix account policy refactor * CC 27 July 2018, 22:21:36 UTC
0b60f9a ian klatzco 27 July 2018, 21:32:10 UTC rm make_evm (#978) 27 July 2018, 21:32:10 UTC
f32db4b feliam 27 July 2018, 21:31:33 UTC Experiment reporting the finding at a JUMPI (#949) * Experiment reporting the finding at a JUMPI * Fix taint. Detect returned overflowded data * Fix contract names in benchmark * Move default plugin registration * merge 27 July 2018, 21:31:33 UTC
e18016a defunct 27 July 2018, 18:12:09 UTC py3 yolo_master (feature / bugfixes) (#994) * DAO detector + bugfixes * The actual benchmark tests * The actual benchmark tests * CC * Experiment reporting the finding at a JUMPI * Fix taint. Detect returned overflowded data * DAO -> Reentrancy * DAO -> reentrancy, C -> Benchmark * DAO -> reentrancy, C -> Benchmark * Allow function names to have numbers * Fix contract names in benchmark * Fix contract names in benchmark * Move default plugin registration * Better regexp * Fix minimal_bytecode example * Fix Array Slice and test * add tests * correct other bug * implement bytesM * BROKEN partial progress * need bytearray here * rm cmt * add basic tests for bytesM and bytes symbolic * correct bytes symbolic test * Refactor, clean bytesM handling * Add initial symbolic 'bytes' handling * refactor tests * Unify symbolic/concrete bytes handling in bytesM/bytes * Rm import * Rm debug assert * cc * Visitor/migrate/simplify fixes to make the seth refactor pass * Fix concolic? * Fix concolic? * CC * bytesM fix * Fix address and caller concretization on symb tx * Fix/refactor symbolic address/caller concretization * Fix caller concretization * Fix expression visiting * Fix account policy refactor * Accept numbers in function names abitypes * Simplify installation instructions to recommend install manticore only for the current user * Run some tests in parallel (#970) This PR splits the current test runner into three environments: 1. Linux examples 2. Ethereum tests 3. Remaining tests to faster complete each testing run. Ethereum tests include a number of integration tests that execute scripts to completion, which takes a while. We run them concurrently with other tests to save on execution time. The split is done by naming Ethereum tests differently (`eth_*.py` vs `test_*.py`) and updating what pattern unittest's `discover` uses. This change also updates the installation script and chooses to forego installing Keystone for EVM tests as it takes a while, and it adds a `setup.cfg` config file so that Nose finds the eth tests as well by default. * Be less verbose when testing * Fix slicing wrongly reference to proxyArray. Fix #912 * Only export human/external tx in the testcase (#972) * Make ManticoreEVM.make_symbolic_value size adjustable (#974) * Make size adjustable * Default to 256 * Dev evm yolo fix gas (#975) * Fix gas stipend on CALL and check dao * Add order dependence 1 * missing files * 985 * formatting fixes; codeclimate * review changes 27 July 2018, 18:12:09 UTC
9122230 defunct 25 July 2018, 16:43:38 UTC Python 3; optimization / stylization pass * cleanup list() from automation tools * style; use dict comprehensions * style; use set literals 25 July 2018, 16:58:37 UTC
664e53b defunct 25 July 2018, 14:10:44 UTC Python 3 (#968) * Initial commit for Python3 branch that targets porting the following; * Core manticore functionality * x86/x64/arm architectures * linux platform * functioning unit tests for the above * WIP ethereum support notes: * eth unit tests passing * decree disabled * ManticoreEVM.__init__ procs=1 * no iterpickle; see eth tests for setting stack size/recursion * EVMAccount; add __hash__ remove redefinition of __eq__ port/update EVM examples * update stacksize / recursion limit * pyevmasm dep updates, port linux examples * update docs, tox/travis configs, port missing x86 unit test * disable decree tests * update example, update pyevmasm dep_links * disable testArgumentsAssertions to speed up tests * py35/36 json.loads compat fix * fix summary output encoding * disable eth binary test 808 * PEP479 - Python 3.7 support * travisci; fix code coverage reporting * port decree and tests * codeclimate * review changes; * cleanup * reset version * remove EVMAccount.__hash__, fix EVMWorld.get_balance() * switch to official pyevmasm * z3 version check - py3.5 fix * pyevmasm; remove version requirement * review changes; * remove redundant locking * shutdown executor manager on deletion * review changes; * cleanup PY3FIX comments * _run_solc version ascii to utf encoding * save_summary - use filter instead of comprehension * comments * __get_related - set literal mistake * review changes; * remove redundant [] * cleanup unused code, params, vars, imports * additional comments * review changes; * fix symbolic const instruction decoding and add unit test * misc cleanup * fix verbose logging output * Update manticore defaults / requirements; * Changes docs for 18.04 * Python >= 3.6 * minor review changes * minor review changes, codeclimate 25 July 2018, 14:10:44 UTC
61270a2 Evan Sultanik 29 June 2018, 20:07:38 UTC Merge pull request #958 from trailofbits/dev-query-blockhash Moved block hash calculation to EVMWorld and genericized it 29 June 2018, 20:07:38 UTC
82487ab Evan Sultanik 29 June 2018, 12:15:17 UTC Fixes to satisfy Code Climate 29 June 2018, 12:15:17 UTC
82eb2f1 Evan Sultanik 29 June 2018, 12:03:35 UTC Moved block hash calculation to EVMWorld and genericized it (#957) 29 June 2018, 12:03:35 UTC
1ae5059 Mark Mossberg 28 June 2018, 21:21:29 UTC Add some unit tests, rm dead code (#956) * test init * rm dead code * test symbolic argv envp 28 June 2018, 21:21:29 UTC
dda1d6d ggrieco-tob 27 June 2018, 12:18:36 UTC Allow function identifiers on smart contract to have numbers on them (#953) 27 June 2018, 12:18:36 UTC
24e4688 James Wang 26 June 2018, 17:38:36 UTC Allow users to specify path to solc and solc import remappings (#945) * Allow users to specify path to solc and solc import remappings 26 June 2018, 17:38:36 UTC
66afb1f feliam 26 June 2018, 01:31:02 UTC Fix #947 (#948) * Fix #947 * Fixed code climate 26 June 2018, 01:31:02 UTC
63ac45c Mark Mossberg 22 June 2018, 23:10:41 UTC Manticore 0.1.10 (#941) * Bump version number * Add changelog skeleton * Add changelog * Add missing detect-all flag * Don't forget --avoid-constant 22 June 2018, 23:10:41 UTC
e2f2583 feliam 22 June 2018, 23:09:09 UTC Change EVMAsm offset by pc (#938) * Change offte by pc * EVMASM offset -> pc * Keep refactoreing offset -> pc (evmasm) * The forgotten offset 1 * New format() 22 June 2018, 23:09:09 UTC
5c14e47 feliam 22 June 2018, 23:08:44 UTC Better temporary expression handling (#944) * Rearrange Detectors closer to ethereum. Fix Detector reporting for each state. * codeclimate * codeclimate * Move detectors back to __main__. Commandline argument added * Codeclimate * Findings and global_findings for each detectot. Move global findings to its own file on reports * Codeclimate * Better commandline arguments. Better report on failing constructors * Codeclimate. All assertion bench done * Convenience evm stack function. Doc improvements * Explicit reference in ded_evm_execute_instruction * Assembler to solidity line number fixed * Better variable names * CC * CC * Regression tests * Better int overflow detector (expensive) * Added a few more IO reg tests * CC * CC * CC * Fix io tests. Remove dead code. Improve Transaction.set_result * Account names, New ABI, user level constraining, state persistence * merge bugfix * Merge fix fix * fix docstr * Better type checks * Fix minimal.py example * CC and symbolic address * CC * CC * CC * CC * Add bytearray-Array concatenation/ Fix ABI tests * CC * CC * This fixes EVERYTHING! * Fixing truly everything, maybe * Review 1/10 * A few extra ABI serialization tests * Better default arguments for constructor in multitx * CC * CC * Exception EthereumError * review * Improve normal/contract_account filters. Move some ABI stuff to auxiliary funcs(CC) * CC * ABI.serialize smallfixes * Catch parsing exceptions (review) * Add comment to BitVec.cast() * manticore/platforms/evm.py Bugfixes and review * manticore/platforms/evm.py Bugfixes and review * CC * cs.migrate and bette temporary handling * CC * typo * A Bugfix(tm) 22 June 2018, 23:08:44 UTC
e0f5bce feliam 22 June 2018, 20:58:49 UTC Account names, ABI, and state persistence... (#926) * Rearrange Detectors closer to ethereum. Fix Detector reporting for each state. * codeclimate * codeclimate * Move detectors back to __main__. Commandline argument added * Codeclimate * Findings and global_findings for each detectot. Move global findings to its own file on reports * Codeclimate * Better commandline arguments. Better report on failing constructors * Codeclimate. All assertion bench done * Convenience evm stack function. Doc improvements * Explicit reference in ded_evm_execute_instruction * Assembler to solidity line number fixed * Better variable names * CC * CC * Regression tests * Better int overflow detector (expensive) * Added a few more IO reg tests * CC * CC * CC * Fix io tests. Remove dead code. Improve Transaction.set_result * Account names, New ABI, user level constraining, state persistence * merge bugfix * Merge fix fix * fix docstr * Better type checks * Fix minimal.py example * CC and symbolic address * CC * CC * CC * CC * Add bytearray-Array concatenation/ Fix ABI tests * CC * CC * This fixes EVERYTHING! * Fixing truly everything, maybe * Review 1/10 * A few extra ABI serialization tests * Better default arguments for constructor in multitx * CC * CC * Exception EthereumError * review * Improve normal/contract_account filters. Move some ABI stuff to auxiliary funcs(CC) * CC * ABI.serialize smallfixes * Catch parsing exceptions (review) * Add comment to BitVec.cast() * manticore/platforms/evm.py Bugfixes and review * manticore/platforms/evm.py Bugfixes and review * CC 22 June 2018, 20:58:49 UTC
back to top