A Python library for the MythX platform
Project description
PythX
PythX is a library for the MythX smart contract security analysis platform.
What is MythX?
MythX is a security analysis API that allows anyone to create purpose-built security tools for smart contract developers. Tools built on MythX integrate seamlessly into the development environments and continuous integration pipelines used throughout the Ethereum ecosystem.
Installation
PythX runs on Python 3.5+.
To get started, simply run
$ pip3 install pythxAlternatively, clone the repository and run
$ pip3 install .Or directly through Python’s setuptools:
$ python3 setup.py installExample
PythX aims to provide an easy-to-use interface to the official MythX API. Its goal is to turbocharge tool development and make it easy to deal with even complex use cases.
from pythx import Client
# login as free trial user
c = Client(eth_address="0x0000000000000000000000000000000000000000", password="trial")
# submit bytecode, source files, their AST and more!
resp = c.analyze(bytecode="0xfe")
# wait for the analysis to finish
while not c.analysis_ready(resp.uuid):
time.sleep(1)
# have all your security report data at your fingertips
for issue in c.report(resp.uuid):
print(issue.swc_title or "Undefined", "-", issue.description_short)
# Output:
# Assert Violation - A reachable exception has been detected.
# Undefined - MythX API trial mode.The PythX CLI
The PythX CLI aims to be a simple example implementation to show developers on a practical example how PythX can be used in action. It provides a simple (and pretty!) interface to list analyses, submit new ones, check the status of a job, and get report data on the found issues.
$ pythx
Usage: pythx [OPTIONS] COMMAND [ARGS]...
PythX is a CLI/library for the MythX smart contract security analysis API.
Options:
--help Show this message and exit.
Commands:
check Submit a new analysis job based on source code, byte code, or...
login Login to your MythX account
logout Log out of your MythX account
openapi Get the OpenAPI spec in HTML or YAML format
ps Get a greppable overview of submitted analyses
refresh Refresh your MythX API token
report Check the detected issues of a finished analysis job
status Get the status of an analysis by its UUID
top Display the most recent analysis jobs and their status
truffle Submit a Truffle project to MythX
version Print version information of PythX and the APIBy default, PythX comes with a pre-enabled trial user. To get started right away, simply login with the default values:
$ pythx login
Please enter your Ethereum address [0x0000000000000000000000000000000000000000]:
Please enter your MythX password [trial]:
Successfully logged in as 0x0000000000000000000000000000000000000000If you already have an account on MythX, simply login with your Ethereum address and the API password you have set on the website.
Submit an Solidity source file for analysis:
$ pythx check -sf test.sol
Analysis submitted as job df137587-7fc1-466a-a4b2-d63392099682Check the status of your analysis job:
$ pythx status df137587-7fc1-466a-a4b2-d63392099682
╒════════════════╤══════════════════════════════════════╕
│ uuid │ df137587-7fc1-466a-a4b2-d63392099682 │
├────────────────┼──────────────────────────────────────┤
│ apiVersion │ v1.4.3 │
├────────────────┼──────────────────────────────────────┤
│ mythrilVersion │ 0.20.0 │
├────────────────┼──────────────────────────────────────┤
│ harveyVersion │ 0.0.13 │
├────────────────┼──────────────────────────────────────┤
│ maruVersion │ 0.3.4 │
├────────────────┼──────────────────────────────────────┤
│ queueTime │ 0 │
├────────────────┼──────────────────────────────────────┤
│ runTime │ 0 │
├────────────────┼──────────────────────────────────────┤
│ status │ Finished │
├────────────────┼──────────────────────────────────────┤
│ submittedAt │ 2019-03-05T10:24:05.071Z │
├────────────────┼──────────────────────────────────────┤
│ submittedBy │ 123456789012345678901234 │
╘════════════════╧══════════════════════════════════════╛Get the analysis report. Pinpointing the line and column locations is still a bit buggy, sorry. :)
$ pythx report df137587-7fc1-466a-a4b2-d63392099682
Report for Unknown
╒════════╤══════════════════╤════════════╤═══════════════════════════════════╕
│ Line │ SWC Title │ Severity │ Short Description │
╞════════╪══════════════════╪════════════╪═══════════════════════════════════╡
│ 0 │ Reentrancy │ High │ persistent state read after call │
├────────┼──────────────────┼────────────┼───────────────────────────────────┤
│ 0 │ Reentrancy │ High │ persistent state write after call │
├────────┼──────────────────┼────────────┼───────────────────────────────────┤
│ 0 │ Assert Violation │ Medium │ assertion violation │
╘════════╧══════════════════╧════════════╧═══════════════════════════════════╛History
1.2.2 [2019-08-30]
Update mythx-models to 1.3.1
1.2.1 [2019-08-29]
Update mythx-models to 1.3.0
1.2.0 [2019-08-26]
Add mythx-models integration
1.1.8 [2019-06-05]
Add debug flag to CLI
Add support for the clientToolName response field
Add support for the new source list format validation
Update the bumpversion expression to support black formatting
1.1.7 [2019-04-20]
Add main docstring description
1.1.6 [2019-04-19]
Add
mainSourcesupport to CLIFix bug where submission object was malformed (“AST” -> “ast”)
Upgrade pytest dependency
1.1.5 [2019-04-16]
Add middleware to disable analysis cache
Add CLI support to analyze compiled Truffle projects
Fix bug where reports were not completely shown
Update the authentication data format
Add support for the mainSource field
Add shortcut to inject middlewares in Client
1.1.4 [2019-03-28]
Fix issue in schema detection
Upgrade Sphinx dependency
1.1.3 [2019-03-25]
Initial release!
100% branch coverage achieved
100% doc coverage achieved
Examples provided in repo readme
Automatic PyPI deployment on version tag change
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
File details
Details for the file pythx-1.2.3.tar.gz.
File metadata
- Download URL: pythx-1.2.3.tar.gz
- Upload date:
- Size: 184.0 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.35.0 CPython/3.6.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
899ba8b571d5e18ba85f0a8c13e4c0d90ea5fdbea2b1a7221bada742dcd49e9b
|
|
| MD5 |
f88423a9dfa6cae35a79c3aa7ae47caa
|
|
| BLAKE2b-256 |
7ccfba96e86e7a51159af23d1a5d9e8b212ce1e1a493a28a7534338ce120445b
|
File details
Details for the file pythx-1.2.3-py2.py3-none-any.whl.
File metadata
- Download URL: pythx-1.2.3-py2.py3-none-any.whl
- Upload date:
- Size: 34.7 kB
- Tags: Python 2, Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/1.13.0 pkginfo/1.5.0.1 requests/2.22.0 setuptools/41.2.0 requests-toolbelt/0.9.1 tqdm/4.35.0 CPython/3.6.7
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3d98c4f2f0b28b5c5a6942faabd2b08c23bd01e1189b8d0c534e213cf3f0a4c6
|
|
| MD5 |
3fbc56e5013ecc70375871986c607dda
|
|
| BLAKE2b-256 |
4398f040e8ca8113cd3434afcc5d9e30ccbc40c95779385625a7fc377a15a6ea
|
