{"id":21162335,"url":"https://github.com/webankblockchain/webase-solidity-security","last_synced_at":"2025-07-09T14:32:27.138Z","repository":{"id":56090059,"uuid":"245979377","full_name":"WeBankBlockchain/WeBASE-Solidity-Security","owner":"WeBankBlockchain","description":null,"archived":false,"fork":false,"pushed_at":"2020-11-26T00:58:56.000Z","size":2454,"stargazers_count":5,"open_issues_count":0,"forks_count":2,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-04-24T03:16:30.330Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"Java","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/WeBankBlockchain.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2020-03-09T08:19:56.000Z","updated_at":"2024-04-24T03:16:30.330Z","dependencies_parsed_at":"2022-08-15T13:00:30.856Z","dependency_job_id":null,"html_url":"https://github.com/WeBankBlockchain/WeBASE-Solidity-Security","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WeBankBlockchain%2FWeBASE-Solidity-Security","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WeBankBlockchain%2FWeBASE-Solidity-Security/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WeBankBlockchain%2FWeBASE-Solidity-Security/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/WeBankBlockchain%2FWeBASE-Solidity-Security/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/WeBankBlockchain","download_url":"https://codeload.github.com/WeBankBlockchain/WeBASE-Solidity-Security/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":225564056,"owners_count":17488945,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-20T13:25:42.691Z","updated_at":"2024-11-20T13:25:43.410Z","avatar_url":"https://github.com/WeBankBlockchain.png","language":"Java","funding_links":[],"categories":[],"sub_categories":[],"readme":"# WeBASE-Solidity-Security\n\n[![Code Lines](https://tokei.rs/b1/github/WeBankFinTech/WeBASE-Solidity-Security?category=code)](https://github.com/WeBankFinTech/WeBASE-Solidity-Security)\n\n## 1. 合约安全检测服务说明\n\n合约安全检测服务对外提供检测接口。\n\n此接口接收一个合约文件的zip压缩包Base64编码，然后内部解压分析后，返回给检测端一个检测结果。\n\n\n\n## 2. 合约安全检测接口\n\n### 2.1. 合约安全检测接口\n#### 接口描述\n\n调用此接口进行合约安全检测。\n\n输入：合约文件zip压缩包Base64编码（合约文件放在contracts文件夹下，每个合约的文件名要和合约名要一致，合约引用需使用“./xxx.sol”，将文件夹打包成zip文件，以业务编号appid命名，然后将zip文件转成Base64编码）。文件夹格式如下：\n\n```\n|- contracts\n| |- Evidence.sol\n| |- EvidenceFactory.sol\n|- docs\n| |- deploy.md\n```\n\n输出：合约安全检测信息（JSON格式)。\n\n#### 接口URL\n\nhttp://localhost:5007/WeBASE-Solidity-Security/scan\n\n#### 调用方法\n\nHTTP POST\n\n#### 请求参数\n\n**1）入参表**\n\n| 序号 | 输入参数       | 类型   | 可为空 | 备注                        |\n| ---- | -------------- | ------ | ------ | --------------------------- |\n| 1    | appid          | String | 否     | 业务编号，用来区分合约      |\n| 2    | contractSource | String | 否     | 合约文件zip压缩包Base64编码 |\n\n**2）数据格式**\n\n```\n{\n  \"appid\": \"appid001\",\n  \"contractSource\": \"UEsDBBQAAAAAACizbFAAAAAAAAAAAAAAAAAKAAAAY29udHJhY3RzL1BLAwQUAAAACAAIiGVQuSZqBJ0AAABvAQAAGAAAAGNvbnRyYWN0cy9IZWxsb1dvcmxkLnNvbIWOMQvCMBCF90L/w43tUiS4FXcnFwc3IbRnCCQXSa6CSP+7sakYpNo33r33vXf1UlkJwRnda77DedNsG9GWReeIvewY9miMOzlv+kdZQFRgr0kBSYttuuANieGIfIi3KvvXSwax5LgM1LF2BAq5qmN5YBkjHnnwFOZE/VqQNH/yFeMXKUTSuylPotWfsTQNSJpgO/qNE6s88R84PgFQSwMEFAAAAAAAE7NsUAAAAAAAAAAAAAAAAAUAAABkb2NzL1BLAwQKAAAAAADjgGxQ1Qj/mQkAAAAJAAAADgAAAGRvY3MvZGVwbG95Lm1kIyBEZXBsb3kKUEsBAj8AFAAAAAAAKLNsUAAAAAAAAAAAAAAAAAoAJAAAAAAAAAAQAAAAAAAAAGNvbnRyYWN0cy8KACAAAAAAAAEAGACqQxwMevjVAapDHAx6+NUBEu2Y9Xn41QFQSwECPwAUAAAACAAIiGVQuSZqBJ0AAABvAQAAGAAkAAAAAAAAACAAAAAoAAAAY29udHJhY3RzL0hlbGxvV29ybGQuc29sCgAgAAAAAAABABgAselMfMzy1QF9ieU0evjVAapDHAx6+NUBUEsBAj8AFAAAAAAAE7NsUAAAAAAAAAAAAAAAAAUAJAAAAAAAAAAQAAAA+wAAAGRvY3MvCgAgAAAAAAABABgAa0Sa9Xn41QFrRJr1efjVARPSmfV5+NUBUEsBAj8ACgAAAAAA44BsUNUI/5kJAAAACQAAAA4AJAAAAAAAAAAgAAAAHgEAAGRvY3MvZGVwbG95Lm1kCgAgAAAAAAABABgAIBTBN0X41QFrRJr1efjVAWtEmvV5+NUBUEsFBgAAAAAEAAQAfQEAAFMBAAAAAA==\"\n}\n```\n\n#### 响应参数\n\n**1）出参表**\n\n| 序号 | 输出参数 | 类型   | 可为空 | 备注                       |\n| ---- | -------- | ------ | ------ | -------------------------- |\n| 1    | code     | Int    | 否     | 返回码，0：正常 其它：异常 |\n| 2    | message  | String | 是     | 错误信息                   |\n| 3    | data     | Json   | 是     | 检测结果                   |\n\n**2）数据格式**\n\na.检测正常返回结果示例\n```\n{\n  \"code\": 0,\n  \"message\": null,\n  \"data\": {\n    \"detectors\": [\n      {\n        \"elements\": [\n          {\n            \"source_mapping\": {\n              \"starting_column\": 1,\n              \"ending_column\": 24,\n              \"filename_used\": \"/WeBASE-Solidity-Security/dist/contracts/appid001/contracts/HelloWorld.sol\",\n              \"filename_relative\": \"contracts/HelloWorld.sol\",\n              \"start\": 0,\n              \"length\": 23,\n              \"filename_short\": \"contracts/HelloWorld.sol\",\n              \"is_dependency\": false,\n              \"lines\": [\n                1\n              ],\n              \"filename_absolute\": \"/WeBASE-Solidity-Security/dist/contracts/appid001/contracts/HelloWorld.sol\"\n            },\n            \"name\": \"^0.4.2\",\n            \"type\": \"pragma\",\n            \"type_specific_fields\": {\n              \"directive\": [\n                \"solidity\",\n                \"^\",\n                \"0.4\",\n                \".2\"\n              ]\n            }\n          }\n        ],\n        \"impact\": \"Informational\",\n        \"confidence\": \"High\",\n        \"markdown\": \"Pragma version[^0.4.2](contracts/HelloWorld.sol#L1) allows old versions\\n\",\n        \"description\": \"Pragma version^0.4.2 (contracts/HelloWorld.sol#1) allows old versions\\n\",\n        \"id\": \"b93b7ce0902076867f801a1b62ad7557d0305767e196372ed38c0d7076440c1e\",\n        \"check\": \"solc-version\"\n      }\n    ]\n  }\n}\n```\nb.检测异常返回结果示例\n```\n{\n  \"code\": 203003,\n  \"message\": \"Traceback (most recent call last):\\n  File \\\"/usr/local/lib/python3.6/dist-packages/crytic_compile/platform/solc.py\\\", line 309, in _run_solc\\n    ret = json.loads(stdout)\\n  File \\\"/usr/lib/python3.6/json/__init__.py\\\", line 354, in loads\\n    return _default_decoder.decode(s)\\n  File \\\"/usr/lib/python3.6/json/decoder.py\\\", line 339, in decode\\n    obj, end = self.raw_decode(s, idx=_w(s, 0).end())\\n  File \\\"/usr/lib/python3.6/json/decoder.py\\\", line 357, in raw_decode\\n    raise JSONDecodeError(\\\"Expecting value\\\", s, err.value) from None\\njson.decoder.JSONDecodeError: Expecting value: line 1 column 1 (char 0)\\n\\nDuring handling of the above exception, another exception occurred:\\n\\nTraceback (most recent call last):\\n  File \\\"/usr/local/lib/python3.6/dist-packages/slither/__main__.py\\\", line 578, in main_impl\\n    (slither_instances, results_detectors, results_printers, number_contracts) = process_all(filename, args, detector_classes, printer_classes)\\n  File \\\"/usr/local/lib/python3.6/dist-packages/slither/__main__.py\\\", line 60, in process_all\\n    compilations = compile_all(target, **vars(args))\\n  File \\\"/usr/local/lib/python3.6/dist-packages/crytic_compile/crytic_compile.py\\\", line 1023, in compile_all\\n    compilations.append(CryticCompile(filename, **kwargs))\\n  File \\\"/usr/local/lib/python3.6/dist-packages/crytic_compile/crytic_compile.py\\\", line 142, in __init__\\n    self._compile(target, **kwargs)\\n  File \\\"/usr/local/lib/python3.6/dist-packages/crytic_compile/crytic_compile.py\\\", line 915, in _compile\\n    self._platform.compile(self, target, **kwargs)\\n  File \\\"/usr/local/lib/python3.6/dist-packages/crytic_compile/platform/solc.py\\\", line 90, in compile\\n    working_dir=solc_working_dir,\\n  File \\\"/usr/local/lib/python3.6/dist-packages/crytic_compile/platform/solc.py\\\", line 312, in _run_solc\\n    raise InvalidCompilation(f\\\"Invalid solc compilation {stderr}\\\")\\ncrytic_compile.platform.exceptions.InvalidCompilation: Invalid solc compilation /WeBASE-Solidity-Security/dist/contracts/appid003/contracts/HelloWorld.sol:6:16: Error: Expected ';' but got '('\\n    functio get()constant returns(string){\\r\\n               ^\\ncontracts/HelloWorld.sol:6:16: Error: Expected ';' but got '('\\n    functio get()constant returns(string){\\r\\n               ^\\n\\n\",\n  \"data\": null\n}\n```\n\n**3）返回码信息**\n\n| Codze  | message                                      | 描述                        |\n| ------ | -------------------------------------------- | --------------------------- |\n| 0      | success                                      | 正常                        |\n| 103001 | system error                                 | 系统异常                    |\n| 103002 | param valid fail                             | 参数错误                    |\n| 203001 | There is no sol files under contracts folder | contracts文件夹下不存在合约 |\n| 203002 | shell execute error                          | shell执行错误               |\n| 203003 | contracts abnormal                           | 合约检测异常                |\n\n## 3. 服务安装\n\n### 3.1 前提条件\n\n| 软件名称 | 版本           |\n| -------- | -------------- |\n| Java     | JDK8或以上版本 |\n| Python   | 3.6+           |\n| solc     | 0.4.25         |\n| slither  |                |\n\n#### 安装slither\n\n从pip安装slither\n\n``` bash\npip install slither-analyzer\n```\n\n根据需要检测的不同的合约版本，部署合约编译器 solc。此处以0.4.25合约为例，下载后放入PATH目录中。\n\n``` bash\ncurl -LO https://github.com/FISCO-BCOS/solidity/releases/download/v0.4.25/solc-linux.tar.gz\n```\n解压后，将可执行文件copy到/bin目录\n安装成功可用命令检查\n\n```\nslither --version\n```\n\n### 3.2 WeBASE-Solidity-Security服务安装\n\n#### 3.2.1 拉取代码\n执行命令：\n```\ngit clone https://github.com/WeBankFinTech/WeBASE-Solidity-Security.git\n```\n\n进入目录：\n\n```\ncd WeBASE-Solidity-Security\n```\n\n####  3.2.1 编译代码\n\n使用以下方式编译构建：\n\n方式一：如果服务器已安装Gradle，且版本为Gradle-4.10或以上\n\n```shell\ngradle build -x test\n```\n\n方式二：如果服务器未安装Gradle，或者版本不是Gradle-4.10或以上，使用gradlew编译\n\n```shell\nchmod +x ./gradlew \u0026\u0026 ./gradlew build -x test\n```\n\n构建完成后，会在根目录WeBASE-Solidity-Security下生成已编译的代码目录dist。\n\n#### 3.2.2 服务启停\n\n返回到dist目录执行：\n```shell\n启动: bash start.sh\n停止: bash stop.sh\n检查: bash status.sh\n```\n**备注**：服务进程起来后，需通过日志确认是否正常启动，出现以下内容表示正常；如果服务出现异常，确认修改配置后，重启提示服务进程在运行，则先执行stop.sh，再执行start.sh。\n\n```\n...\n\tApplication() - main run success...\n```\n\n#### 3.2.3 查看日志\n\n在dist目录查看：\n\n```\n服务日志：tail -f log/WeBASE-Solidity-Security.log\n```\n\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwebankblockchain%2Fwebase-solidity-security","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fwebankblockchain%2Fwebase-solidity-security","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fwebankblockchain%2Fwebase-solidity-security/lists"}