Merge pull request #79 from CoinFabrik/78-fix-unprotected_update_curr…

…ent_contract_wasm-detector

Fix unprotected-update-current-contract-wasm detector

detectors/unprotected-update-current-contract-wasm/src/lib.rs

@@ -6,6 +6,8 @@ extern crate rustc_hir;
 extern crate rustc_middle;
 extern crate rustc_span;
 
+use std::collections::HashSet;
+
 use rustc_hir::{
     intravisit::{walk_expr, Visitor},
     Expr, ExprKind,
@@ -82,6 +84,7 @@ impl<'tcx> LateLintPass<'tcx> for UnprotectedUpdateCurrentContractWasm {
             BasicBlock::from_u32(0),
             false,
             &uuf_storage,
+            &mut HashSet::new(),
         );
 
         for span in spans {
@@ -97,11 +100,12 @@ impl<'tcx> LateLintPass<'tcx> for UnprotectedUpdateCurrentContractWasm {
             bb: BasicBlock,
             auth_checked: bool,
             uuf_storage: &UnprotectedUpdateFinder,
+            visited: &mut HashSet<BasicBlock>,
         ) -> Vec<Span> {
-            let mut ret_vec: Vec<Span> = Vec::<Span>::new();
-            if bbs[bb].terminator.is_none() {
-                return ret_vec;
+            if !visited.insert(bb) || bbs[bb].terminator.is_none() {
+                return Vec::new();
             }
+            let mut ret_vec: Vec<Span> = Vec::<Span>::new();
             let mut checked = auth_checked;
             match &bbs[bb].terminator().kind {
                 TerminatorKind::Call {
@@ -130,6 +134,7 @@ impl<'tcx> LateLintPass<'tcx> for UnprotectedUpdateCurrentContractWasm {
                             *utarget,
                             checked,
                             uuf_storage,
+                            visited,
                         ));
                     }
                 }
@@ -140,6 +145,7 @@ impl<'tcx> LateLintPass<'tcx> for UnprotectedUpdateCurrentContractWasm {
                             *target,
                             checked,
                             uuf_storage,
+                            visited,
                         ));
                     }
                 }
@@ -151,6 +157,7 @@ impl<'tcx> LateLintPass<'tcx> for UnprotectedUpdateCurrentContractWasm {
                         *target,
                         checked,
                         uuf_storage,
+                        visited,
                     ));
                 }
                 TerminatorKind::Yield { resume, .. } => {
@@ -159,6 +166,7 @@ impl<'tcx> LateLintPass<'tcx> for UnprotectedUpdateCurrentContractWasm {
                         *resume,
                         checked,
                         uuf_storage,
+                        visited,
                     ));
                 }
                 TerminatorKind::FalseEdge { real_target, .. }
@@ -168,6 +176,7 @@ impl<'tcx> LateLintPass<'tcx> for UnprotectedUpdateCurrentContractWasm {
                         *real_target,
                         checked,
                         uuf_storage,
+                        visited,
                     ));
                 }
                 TerminatorKind::InlineAsm { destination, .. } => {
@@ -177,6 +186,7 @@ impl<'tcx> LateLintPass<'tcx> for UnprotectedUpdateCurrentContractWasm {
                             *udestination,
                             checked,
                             uuf_storage,
+                            visited,
                         ));
                     }
                 }

test-cases/avoid-unsafe-block/avoid-unsafe-block-1/remediated-example/Cargo.toml

@@ -7,10 +7,10 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-soroban-sdk = { version = "20.0.0" }
+soroban-sdk = { version = "=20.0.0" }
 
 [dev_dependencies]
-soroban-sdk = { version = "20.0.0", features = ["testutils"] }
+soroban-sdk = { version = "=20.0.0", features = ["testutils"] }
 
 [features]
 testutils = ["soroban-sdk/testutils"]

test-cases/avoid-unsafe-block/avoid-unsafe-block-1/vulnerable-example/Cargo.toml

@@ -7,10 +7,10 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-soroban-sdk = { version = "20.0.0" }
+soroban-sdk = { version = "=20.0.0" }
 
 [dev_dependencies]
-soroban-sdk = { version = "20.0.0", features = ["testutils"] }
+soroban-sdk = { version = "=20.0.0", features = ["testutils"] }
 
 [features]
 testutils = ["soroban-sdk/testutils"]
@@ -27,4 +27,4 @@ lto = true
 
 [profile.release-with-logs]
 inherits = "release"
-debug-assertions = true
+debug-assertions = true

test-cases/dos-unbounded-operation/dos-unbounded-operation-1/remediated-example/Cargo.toml

@@ -7,10 +7,10 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-soroban-sdk = { version = "20.0.0" }
+soroban-sdk = { version = "=20.0.0" }
 
 [dev_dependencies]
-soroban-sdk = { version = "20.0.0", features = ["testutils"] }
+soroban-sdk = { version = "=20.0.0", features = ["testutils"] }
 
 [features]
 testutils = ["soroban-sdk/testutils"]

test-cases/dos-unbounded-operation/dos-unbounded-operation-1/vulnerable-example/Cargo.toml

@@ -7,10 +7,10 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-soroban-sdk = { version = "20.0.0" }
+soroban-sdk = { version = "=20.0.0" }
 
 [dev_dependencies]
-soroban-sdk = { version = "20.0.0", features = ["testutils"] }
+soroban-sdk = { version = "=20.0.0", features = ["testutils"] }
 
 [features]
 testutils = ["soroban-sdk/testutils"]

test-cases/dos-unbounded-operation/dos-unbounded-operation-2/remediated-example/Cargo.toml

@@ -7,10 +7,10 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-soroban-sdk = { version = "20.0.0" }
+soroban-sdk = { version = "=20.0.0" }
 
 [dev_dependencies]
-soroban-sdk = { version = "20.0.0", features = ["testutils"] }
+soroban-sdk = { version = "=20.0.0", features = ["testutils"] }
 
 [features]
 testutils = ["soroban-sdk/testutils"]

test-cases/dos-unbounded-operation/dos-unbounded-operation-2/vulnerable-example/Cargo.toml

@@ -7,10 +7,10 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-soroban-sdk = { version = "20.0.0" }
+soroban-sdk = { version = "=20.0.0" }
 
 [dev_dependencies]
-soroban-sdk = { version = "20.0.0", features = ["testutils"] }
+soroban-sdk = { version = "=20.0.0", features = ["testutils"] }
 
 [features]
 testutils = ["soroban-sdk/testutils"]

test-cases/dos-unbounded-operation/dos-unbounded-operation-3/remediated-example/Cargo.toml

@@ -7,10 +7,10 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-soroban-sdk = { version = "20.0.0" }
+soroban-sdk = { version = "=20.0.0" }
 
 [dev_dependencies]
-soroban-sdk = { version = "20.0.0", features = ["testutils"] }
+soroban-sdk = { version = "=20.0.0", features = ["testutils"] }
 
 [features]
 testutils = ["soroban-sdk/testutils"]

test-cases/dos-unbounded-operation/dos-unbounded-operation-3/vulnerable-example/Cargo.toml

@@ -7,10 +7,10 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-soroban-sdk = { version = "20.0.0" }
+soroban-sdk = { version = "=20.0.0" }
 
 [dev_dependencies]
-soroban-sdk = { version = "20.0.0", features = ["testutils"] }
+soroban-sdk = { version = "=20.0.0", features = ["testutils"] }
 
 [features]
 testutils = ["soroban-sdk/testutils"]

test-cases/insufficiently-random-values/insufficiently-random-values-1/remediated-example/Cargo.toml

@@ -8,7 +8,7 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-soroban-sdk = "20.0.0-rc2"
+soroban-sdk = "=20.0.0"
 
 [dev_dependencies]
 soroban-sdk = { version = "=20.0.0", features = ["testutils"] }

test-cases/insufficiently-random-values/insufficiently-random-values-1/vulnerable-example/Cargo.toml

@@ -8,7 +8,7 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-soroban-sdk = "20.0.0-rc2"
+soroban-sdk = "=20.0.0"
 
 [dev_dependencies]
 soroban-sdk = { version = "=20.0.0", features = ["testutils"] }

test-cases/overflow-check/overflow-check-1/remediated-example/Cargo.toml

@@ -8,7 +8,7 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-soroban-sdk = "20.0.0-rc2"
+soroban-sdk = "=20.0.0"
 
 [dev_dependencies]
 soroban-sdk = { version = "=20.0.0", features = ["testutils"] }

test-cases/overflow-check/overflow-check-1/vulnerable-example/Cargo.toml

@@ -8,7 +8,7 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-soroban-sdk = "20.0.0-rc2"
+soroban-sdk = "=20.0.0"
 
 [dev_dependencies]
 soroban-sdk = { version = "=20.0.0", features = ["testutils"] }

test-cases/soroban-version/soroban-version-1/remediated-example/Cargo.toml

@@ -7,10 +7,10 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-soroban-sdk = { version = "=20.0.3" }
+soroban-sdk = { version = "=20.3.2" }
 
 [dev_dependencies]
-soroban-sdk = { version = "=20.0.3", features = ["testutils"] }
+soroban-sdk = { version = "=20.3.2", features = ["testutils"] }
 
 [features]
 testutils = ["soroban-sdk/testutils"]

test-cases/unprotected-update-current-contract-wasm/unprotected-update-current-contract-wasm-1/remediated-example/Cargo.toml

@@ -8,7 +8,7 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-soroban-sdk = "20.0.0-rc2"
+soroban-sdk = "=20.0.0"
 
 [dev_dependencies]
 soroban-sdk = { version = "=20.0.0", features = ["testutils"] }
@@ -28,4 +28,4 @@ lto = true
 
 [profile.release-with-logs]
 inherits = "release"
-debug-assertions = true
+debug-assertions = true

test-cases/unprotected-update-current-contract-wasm/unprotected-update-current-contract-wasm-1/vulnerable-example/Cargo.toml

@@ -8,7 +8,7 @@ edition = "2021"
 crate-type = ["cdylib"]
 
 [dependencies]
-soroban-sdk = "20.0.0-rc2"
+soroban-sdk = "=20.0.0"
 
 [dev_dependencies]
 soroban-sdk = { version = "=20.0.0", features = ["testutils"] }
@@ -28,4 +28,4 @@ lto = true
 
 [profile.release-with-logs]
 inherits = "release"
-debug-assertions = true
+debug-assertions = true

test-cases/unprotected-update-current-contract-wasm/unprotected-update-current-contract-wasm-1/vulnerable-example/src/lib.rs

@@ -22,8 +22,6 @@ impl UpgradeableContract {
     }
 
     pub fn upgrade(e: Env, new_wasm_hash: BytesN<32>) {
-        let admin: Address = e.storage().instance().get(&DataKey::Admin).unwrap();
-
         e.deployer().update_current_contract_wasm(new_wasm_hash);
     }
 }