Skip to content

Commit

Permalink
Merge pull request #224 from CoinFabrik/220-update-documentation-link…
Browse files Browse the repository at this point in the history
…s-within-detectors

220 update documentation links within detectors
  • Loading branch information
matiascabello authored May 15, 2024
2 parents 7020dfb + cde5d3f commit cf7a338
Show file tree
Hide file tree
Showing 21 changed files with 21 additions and 21 deletions.
2 changes: 1 addition & 1 deletion detectors/assert-violation/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -29,7 +29,7 @@ dylint_linting::impl_pre_expansion_lint! {
name: "Assert Violation",
long_message: "Assert causes panic. Instead, return a proper error.",
severity: "Medium",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/assert-violation",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/assert-violation",
vulnerability_class: "Panic",
}
}
Expand Down
2 changes: 1 addition & 1 deletion detectors/avoid-core-mem-forget/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@ dylint_linting::impl_pre_expansion_lint! {
name: "Avoid core::mem::forget usage",
long_message: "The core::mem::forget function is used to forget about a value without running its destructor. This could lead to memory leaks and logic errors.",
severity: "Enhancement",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/avoid-core-mem-forget",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/avoid-core-mem-forget",
vulnerability_class: "Best practices",
}
}
Expand Down
2 changes: 1 addition & 1 deletion detectors/avoid-panic-error/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -63,7 +63,7 @@ dylint_linting::impl_pre_expansion_lint! {
name: "Avoid panic! macro",
long_message: "The use of the panic! macro to stop execution when a condition is not met is useful for testing and prototyping but should be avoided in production code. Using Result as the return type for functions that can fail is the idiomatic way to handle errors in Rust. ",
severity: "Enhancement",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/avoid-panic-error",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/avoid-panic-error",
vulnerability_class: "Validations and error handling",
}
}
Expand Down
2 changes: 1 addition & 1 deletion detectors/avoid-unsafe-block/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ dylint_linting::declare_late_lint! {
name: "Avoid unsafe block",
long_message: "The unsafe block is used to bypass Rust's safety checks. It is recommended to avoid using unsafe blocks as much as possible, and to use them only when necessary. ",
severity: "Enhancement",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/avoid-unsafe-block",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/avoid-unsafe-block",
vulnerability_class: "Best practices",
}
}
Expand Down
2 changes: 1 addition & 1 deletion detectors/divide-before-multiply/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -56,7 +56,7 @@ dylint_linting::declare_late_lint! {
name: "Divide Before Multiply",
long_message: "Performing a division operation before a multiplication can lead to a loss of precision. This issue becomes significant in programs like smart contracts where numerical precision is crucial.",
severity: "Medium",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/divide-before-multiply",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/divide-before-multiply",
vulnerability_class: "Arithmetic",
}
}
Expand Down
2 changes: 1 addition & 1 deletion detectors/dos-unbounded-operation/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ dylint_linting::declare_late_lint!(
name: "Denial of Service: Unbounded Operation",
long_message: "In order to prevent a single transaction from consuming all the gas in a block, unbounded operations must be avoided. This includes loops that do not have a bounded number of iterations, and recursive calls. ",
severity: "Medium",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/dos-unbounded-operation",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/dos-unbounded-operation",
vulnerability_class: "Denial of Service",
}
);
Expand Down
2 changes: 1 addition & 1 deletion detectors/dos-unexpected-revert-with-vector/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ dylint_linting::impl_late_lint! {
name: "Unexpected Revert Inserting to Storage",
long_message: " It occurs by preventing transactions by other users from being successfully executed forcing the blockchain state to revert to its original state.",
severity: "Medium",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/dos-unexpected-revert-with-vector",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/dos-unexpected-revert-with-vector",
vulnerability_class: "Denial of Service",
}
}
Expand Down
2 changes: 1 addition & 1 deletion detectors/incorrect-exponentiation/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -24,7 +24,7 @@ dylint_linting::declare_late_lint! {
name: "Incorrect Exponentiation",
long_message: LINT_MESSAGE,
severity: "Critical",
help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/incorrect-exponentiation",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/incorrect-exponentiation",
vulnerability_class: "Arithmetic",
}

Expand Down
2 changes: 1 addition & 1 deletion detectors/insufficiently-random-values/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -30,7 +30,7 @@ dylint_linting::declare_late_lint! {
name: "Insufficiently Random Values",
long_message: "Use env.prng() to generate random numbers, and remember that all random numbers are under the control of validators.",
severity: "Critical",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/insufficiently-random-values",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/insufficiently-random-values",
vulnerability_class: "Block attributes",
}
}
Expand Down
2 changes: 1 addition & 1 deletion detectors/iterators-over-indexing/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ dylint_linting::declare_late_lint! {
name: "Iterators Over Indexing",
long_message: "Instead, use an iterator or index to `.len()`.",
severity: "Medium",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/iterators-over-indexing",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/iterators-over-indexing",
vulnerability_class: "Incorrect Use of Indexing",
}
}
Expand Down
2 changes: 1 addition & 1 deletion detectors/overflow-check/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -33,7 +33,7 @@ dylint_linting::declare_early_lint! {
name: "Overflow Check",
long_message: "An overflow/underflow is typically caught and generates an error. When it is not caught, the operation will result in an inexact result which could lead to serious problems.",
severity: "Critical",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/overflow-check",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/overflow-check",
vulnerability_class: "Arithmetic",
}
}
Expand Down
2 changes: 1 addition & 1 deletion detectors/set-contract-storage/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ dylint_linting::impl_late_lint! {
name: "Set Contract Storage",
long_message: "Functions using keys as variables without proper access control or input sanitation can allow users to perform changes in arbitrary memory locations.",
severity: "Critical",
help: "https://coinfabrik.github.io/scout/docs/vulnerabilities/set-contract-storage",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/set-contract-storage",
vulnerability_class: "Authorization",
}
}
Expand Down
2 changes: 1 addition & 1 deletion detectors/soroban-version/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@ dylint_linting::declare_early_lint! {
name: "Check Soroban version",
long_message: "Using a older version of Soroban can be dangerous, as it may have bugs or security issues. Use the latest version available.",
severity: "Enhancement",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/soroban-version",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/soroban-version",
vulnerability_class: "Best practices",
}
}
Expand Down
2 changes: 1 addition & 1 deletion detectors/unprotected-mapping-operation/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ dylint_linting::impl_late_lint! {
name: "Unprotected Mapping Operation",
long_message: "This mapping operation is called without access control on a different key than the caller's address",
severity: "Critical",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/unprotected-mapping-operation",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/unprotected-mapping-operation",
vulnerability_class: "Access Control",
}
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ dylint_linting::impl_late_lint! {
name: "Unprotected Update Current Contract Wasm",
long_message: "If users are allowed to call update_current_contract_wasm, they can intentionally modify the contract behaviour, leading to the loss of all associated data/tokens and functionalities given by this contract or by others that depend on it. To prevent this, the function should be restricted to administrators or authorized users only. ",
severity: "Critical",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/unprotected-update-current-contract-wasm",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/unprotected-update-current-contract-wasm",
vulnerability_class: "Authorization",
}
}
Expand Down
2 changes: 1 addition & 1 deletion detectors/unrestricted-transfer-from/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ dylint_linting::impl_late_lint! {
name: "Unrestricted Transfer From",
long_message: "In an smart contract, allowing unrestricted transfer_from operations poses a significant vulnerability. When from arguments for that function is provided directly by the user, this might enable the withdrawal of funds from any actor with token approval on the contract. This could result in unauthorized transfers and loss of funds. To mitigate this vulnerability, instead of allowing an arbitrary from address, the from address should be restricted.",
severity: "Critical",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/unrestricted-transfer-from",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/unrestricted-transfer-from",
vulnerability_class: "Validations and error handling",
}
}
Expand Down
2 changes: 1 addition & 1 deletion detectors/unsafe-expect/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ dylint_linting::declare_late_lint! {
name: "Unsafe Expect",
long_message: "In Rust, the expect method is commonly used for error handling. It retrieves the value from a Result or Option and panics with a specified error message if an error occurs. However, using expect can lead to unexpected program crashes. ",
severity: "Medium",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/unsafe-expect",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/unsafe-expect",
vulnerability_class: "Validations and error handling",
}
}
Expand Down
2 changes: 1 addition & 1 deletion detectors/unsafe-map-get/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -26,7 +26,7 @@ dylint_linting::declare_late_lint! {
name: "Unsafe Map Get",
long_message: "This vulnerability class pertains to the inappropriate usage of the get method for Map in soroban",
severity: "Medium",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/unsafe-map-get",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/unsafe-map-get",
vulnerability_class: "Validations and error handling",
}
}
Expand Down
2 changes: 1 addition & 1 deletion detectors/unsafe-unwrap/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ dylint_linting::declare_late_lint! {
name: "Unsafe Unwrap",
long_message: "This vulnerability class pertains to the inappropriate usage of the unwrap method in Rust, which is commonly employed for error handling. The unwrap method retrieves the inner value of an Option or Result, but if an error or None occurs, it triggers a panic and crashes the program. ",
severity: "Medium",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/unsafe-unwrap",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/unsafe-unwrap",
vulnerability_class: "Validations and error handling",
}
}
Expand Down
2 changes: 1 addition & 1 deletion detectors/unused-return-enum/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ dylint_linting::declare_late_lint! {
name: "Unused Return Enum",
long_message: "Soroban functions can return a Result enum with a custom error type. This is useful for the caller to know what went wrong when the message fails. The definition of the Result type enum consists of two variants: Ok and Err. If any of the variants is not used, the code could be simplified or it could imply a bug. ",
severity: "Minor",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/unused-return-enum",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/unused-return-enum",
vulnerability_class: "Validations and error handling",
}
}
Expand Down
2 changes: 1 addition & 1 deletion detectors/zero-address/src/lib.rs
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,7 @@ dylint_linting::declare_late_lint! {
name: "Zero Address",
long_message: "In the elliptic curve used by Soroban (Ed25519), the zero address has a known private key. Using this address as a null value (for example, for a contract's administrative account) is a common mistake, and can lead to losing control of the contract, instead of the contract being locked.",
severity: "Minor",
help: "https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/zero-address",
help: "https://coinfabrik.github.io/scout-soroban/docs/detectors/zero-address",
vulnerability_class: "Validations and error handling",
}
}
Expand Down

0 comments on commit cf7a338

Please sign in to comment.