While trying to make slither work with pre-commit, I noticed slither expects a single file, or directory as CLI args, whereas (my) pre-commit-config.yaml provides slither with a list of space separated filenames.
After installing slither with: python3 -m pip install slither-analyzer one can use it like:
slither src
slither .
slither src/some_file.sol
slither src/anotherfile.sol
slither test
slither test/some_test_file
These all allow slither to run successfully.
However, The following pre-commit config:
- repo: local
hooks:
- id: slither
name: Slither analysis for smart contracts
entry: slither .
language: system
# folder: src
# files: src
# files: ^(src/)
# files: ^(src/DecentralisedInvestmentManager.sol)
yields output:
...
target can be:
- file.sol // a Solidity file
- project_directory // a project directory. See https://github.com/crytic/crytic-compile/#crytic-compile for the supported platforms
- 0x.. // a contract on mainnet
- NETWORK:0x.. // a contract on a different network. Supported networks: mainet,optim,goerli,sepolia,tobalaba,bsc,testnet.bsc,arbi,testnet.arbi,poly,mumbai,avax,testnet.avax,ftm,goerli.base,base,gno,polyzk,blast
slither: error: unrecognized arguments: .env.example src/DecentralisedInvestmentManager.sol .github/workflows/ci.yml book.toml test/unit/SaasPaymentProcessor.t.sol test/unit/Tier.t.sol
usage: slither target [flag]
target can be:
- file.sol // a Solidity file
- project_directory // a project directory. See https://github.com/crytic/crytic-compile/#crytic-compile for the supported platforms
- 0x.. // a contract on mainnet
- NETWORK:0x.. // a contract on a different network. Supported networks: mainet,optim,goerli,sepolia,tobalaba,bsc,testnet.bsc,arbi,testnet.arbi,poly,mumbai,avax,testnet.avax,ftm,goerli.base,base,gno,polyzk,blast
slither: error: unrecognized arguments: test/integration/MultipleInvestmentTest.sol test/unit/Tier_increaseMultiple_indirect.t.sol test/integration/partialReturn.t.sol branch_coverage .gitpod.yml test/unit/Tier_increaseMultiple_direct.t.sol
usage: slither target [flag]
target can be:
- file.sol // a Solidity file
- project_directory // a project directory. See https://github.com/crytic/crytic-compile/#crytic-compile for the supported platforms
- 0x.. // a contract on mainnet
- NETWORK:0x.. // a contract on a different network. Supported networks: mainet,optim,goerli,sepolia,tobalaba,bsc,testnet.bsc,arbi,testnet.arbi,poly,mumbai,avax,testnet.avax,ftm,goerli.base,base,gno,polyzk,blast
slither: error: unrecognized arguments: classDiagram.svg Images/laser_eyes_4.jpg test/unit/CounterOffer.test.sol test/unit/WorkerGetReward/AddWorkerReward.t.sol foundry.toml test/unit/CustomPaymentSplitter.t.sol
...
Because slither expects 1 file or a folder, not a list of files/folders.
The following config works on a single file:
- id: slither
name: Slither analysis for smart contracts
# entry: slither .
entry: slither
language: system
# folder: src
# files: src
# files: ^(src/)
files: ^(src/DecentralisedInvestmentManager.sol)
How can I change my pre-commit-config.yaml to call slither twice with a different folder src and test (or multiple times with one relative filepath per call {instead of a list of space separated relative filepaths})?
Based on this issue, I found a possible work-around by creating a bash command that runs the slither command for every incoming file. The following configuration worked:
- repo: local
hooks:
- id: solhint
name: Solidity style guide compliance.
entry: solhint
language: node
verbose: true
files: ^(contracts/|interfaces/|libraries/|src/|script/|test/)
args:
[
"--fix", # Automatically fix those issues that can be auto-fixed.
"--noPrompt", # Do not ask for backup before fix.
]
# Static code analyzer for solidity (Currently fails to resolve the dependency properly)
- id: slither
name: Slither analysis for smart
entry: bash -c 'for file in "$@"; do slither "$file"; done'
language: system
always_run: true
files: ^(src/|test/)
It does not win the prize for elegance. Also, it seems unlikely pre-commit will change to calling a hook more than once per run, based on this post, so it may be possible to change the slither CLI argument parser to handle this, moving forward, if there is a demand for that.