61 unprotected mapping operation

README.md

@@ -49,13 +49,45 @@ Visit [Scout's website](https://coinfabrik.github.io/scout-soroban/) to view the
 
 | Detector ID                                                                                                              | What it Detects                                                                                                                                                                                           | Test Cases                                                                                                                                                                                                                                               | Severity    |
 | ------------------------------------------------------------------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------- |
+| [divide-before-multiply](https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/divide-before-multiply)      | Performing a division operation before a multiplication, leading to loss of precision.    | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/divide-before-multiply/divide-before-multiply-1), [2](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/divide-before-multiply/divide-before-multiply-2), [3](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/divide-before-multiply/divide-before-multiply-3) | Medium    |
+| [unsafe-unwrap](https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/unsafe-unwrap)      | Inappropriate usage of the unwrap method, causing unexpected program crashes.    | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/unsafe-unwrap/unsafe-unwrap-1)| Medium    |
+| [unsafe-expect](https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/unsafe-expect)       | Improper usage of the expect method, leading to unexpected program crashes.    | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/unsafe-expect/unsafe-expect-1)| Medium    |
+| [overflow-check](https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/overflow-check)       | An arithmetic operation overflows or underflows the available memory allocated to the variable.    | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/overflow-check/overflow-check-1)| Critical    |
+| [insufficiently-random-values](https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/insufficiently-random-values)       | Avoid using block attributes for random number generation to prevent manipulation.    | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/insufficiently-random-values/insufficiently-random-values-1)| Critical    |
+| [unprotected-update-current-contract-wasm](https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/unprotected-update-current-contract-wasm)       | If users are allowed to call `update_current_contract_wasm()`, they can intentionally modify the contract behaviour.    | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/unprotected-update-current-contract-wasm/unprotected-update-current-contract-wasm-1)| Critical    |
+| [avoid-core-mem-forget](https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/avoid-core-mem-forget)                 | The use of `core::mem::forget()` could lead to memory leaks and logic errors.                                                | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/avoid-core-mem-forget/avoid-core-mem-forget-1)  | Enhancement    |
+| [set-contract-storage](https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/set-contract-storage)                           | Insufficient access control on `env.storage()` method.                                                         | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/set-contract-storage/set-contract-storage-1), [2](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/set-contract-storage/set-contract-storage-2), [3](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/set-contract-storage/set-contract-storage-3)                                                                                                                                                | Critical    |
+| [avoid-panic-error](https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/avoid-panic-error)                           | Code panics on error instead of using descriptive enum.| [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/avoid-panic-error/avoid-panic-error-1)                                                                                                                                              | Enhancement    |
+| [avoid-unsafe-block](https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/avoid-unsafe-block)                           | Using unsafe blocks in risks code safety and reliability.| [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/avoid-unsafe-block/avoid-unsafe-block-1)                                                                                                                                              | Critical   |
+| [dos-unbounded-operation](https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/dos-unbounded-operation)                           | DoS due to unbounded operation. | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/dos-unbounded-operation/dos-unbounded-operation-1), [2](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/dos-unbounded-operation/dos-unbounded-operation-2), [3](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/dos-unbounded-operation/dos-unbounded-operation-3)                                                                                                                                              | Medium  |
+| [soroban-version](https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/soroban-version)                           | Using an old version of Soroban can be dangerous, as it may have bugs or security issues. Use the latest version available. | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/soroban-version/soroban-version-1)                 | Enhancement  |
+| [unused-return-enum](https://github.com/CoinFabrik/scout-soroban/tree/main/detectors/unused-return-enum)                           | Return enum from a function is not completely used. | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/unused-return-enum/unused-return-enum-1), [2](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/unused-return-enum/unused-return-enum-2)                   | Minor  |
+
+
+## CLI Options
+
+In the table below, we specify all the options available for the CLI.
+
+| Command/Option                                                   | Explanation                                                                                                                                       |
+|------------------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------|
+| `cargo scout-audit`                                              | Runs the static analyzer on the current directory                                                                                                 |
+| `cargo scout-audit --help`                                       | Provides a brief explanation of all the available commands and their usage.                                                                       |
+| `cargo scout-audit --manifest-path <PATH_TO_CARGO_TOML>`         | This option is used to specify the path to the Cargo.toml file that you want to analyze.                                                          |
+| `cargo scout-audit --filter <DETECTOR_LIST_SEPARATED_BY_COMAS>`  | This option allows you to analyze code using specific detectors. Provide a comma-separated list of detectors for this purpose.                    |
+| `cargo scout-audit --exclude <DETECTOR_LIST_SEPARATED_BY_COMAS>` | With this command, you can exclude specific detectors from the analysis. You need to give a comma-separated list of the detectors to be excluded. |
+| `cargo scout-audit --list-detectors`                             | Display a list of all available detectors.                                                                                                        |
+| `cargo scout-audit --version`                                    | Displays the current version of the static analyzer.                                                                                              |
+| `cargo scout-audit --verbose`                                    | Print additional information on run                                                                                                               |
+| `cargo scout-audit --local-detectors <PATH_TO_FOLDER>`           | Uses the detectors of a local folder. This considers the sub-folders as detectors.                                                                |
+| `cargo scout-audit --output-format [text\|json\|html\|sarif]`    | Sets the output format. Selecting `json`, `html` or `sarif` will create a file with the output                                                    |
+| `cargo scout-audit --output-path <PATH_TO_OUTPUT_FILE>`          | Sets the output path. If a format was selected, this will replace the default file with the given one                                             |
 | [divide-before-multiply](https://coinfabrik.github.io/scout-soroban/docs/detectors/divide-before-multiply)      | Performing a division operation before a multiplication, leading to loss of precision.    | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/divide-before-multiply/divide-before-multiply-1), [2](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/divide-before-multiply/divide-before-multiply-2), [3](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/divide-before-multiply/divide-before-multiply-3) | Medium    |
 | [unsafe-unwrap](https://coinfabrik.github.io/scout-soroban/docs/detectors/unsafe-unwrap)      | Inappropriate usage of the unwrap method, causing unexpected program crashes.    | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/unsafe-unwrap/unsafe-unwrap-1)| Medium    |
 | [unsafe-expect](https://coinfabrik.github.io/scout-soroban/docs/detectors/unsafe-expect)       | Improper usage of the expect method, leading to unexpected program crashes.    | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/unsafe-expect/unsafe-expect-1)| Medium    |
 | [overflow-check](https://coinfabrik.github.io/scout-soroban/docs/detectors/overflow-check)       | An arithmetic operation overflows or underflows the available memory allocated to the variable.    | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/overflow-check/overflow-check-1)| Critical    |
 | [insufficiently-random-values](https://coinfabrik.github.io/scout-soroban/docs/detectors/insufficiently-random-values)       | Avoid using block attributes for random number generation to prevent manipulation.    | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/insufficiently-random-values/insufficiently-random-values-1)| Critical    |
 | [unprotected-update-current-contract-wasm](https://coinfabrik.github.io/scout-soroban/docs/detectors/unprotected-update-current-contract-wasm)       | If users are allowed to call `update_current_contract_wasm()`, they can intentionally modify the contract behaviour.    | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/unprotected-update-current-contract-wasm/unprotected-update-current-contract-wasm-1)| Critical    |
-| [avoid-core-mem-forget](https://coinfabrik.github.io/scout-soroban/docs/detectors/avoid-core-mem-forget)                 | The use of `core::mem::forget()` could lead to memory leaks and logic errors.                                                | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/avoid-core-mem-forget/avoid-core-mem-forget-1)  | Enhancement    |        
+| [avoid-core-mem-forget](https://coinfabrik.github.io/scout-soroban/docs/detectors/avoid-core-mem-forget)                 | The use of `core::mem::forget()` could lead to memory leaks and logic errors.                                                | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/avoid-core-mem-forget/avoid-core-mem-forget-1)  | Enhancement    |
 | [set-contract-storage](https://coinfabrik.github.io/scout-soroban/docs/detectors/set-contract-storage)                           | Insufficient access control on `env.storage()` method.                                                         | [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/set-contract-storage/set-contract-storage-1), [2](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/set-contract-storage/set-contract-storage-2), [3](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/set-contract-storage/set-contract-storage-3)                                                                                                                                                | Critical    |
 | [avoid-panic-error](https://coinfabrik.github.io/scout-soroban/docs/detectors/avoid-panic-error)                           | Code panics on error instead of using descriptive enum.| [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/avoid-panic-error/avoid-panic-error-1)                                                                                                                                              | Enhancement    |
 | [avoid-unsafe-block](https://coinfabrik.github.io/scout-soroban/docs/detectors/avoid-unsafe-block)                           | Using unsafe blocks in risks code safety and reliability.| [1](https://github.com/CoinFabrik/scout-soroban/tree/main/test-cases/avoid-unsafe-block/avoid-unsafe-block-1)                                                                                                                                              | Critical   |

detectors/Cargo.toml

@@ -1,10 +1,9 @@
 [workspace]
-members = ["*"]
 exclude = [".cargo", "target"]
+members = ["*"]
 resolver = "2"
 
 [workspace.dependencies]
 dylint_linting = { package = "scout-audit-dylint-linting", version = "3.0.1" }
 if_chain = "1.0.2"
-
 scout-audit-clippy-utils = { version = "=0.2.3" }

detectors/assert-violation/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2021"
 name = "assert-violation"
 version = "0.1.0"
-edition = "2021"
 
 [lib]
 crate-type = ["cdylib"]
@@ -11,6 +11,5 @@ dylint_linting = { workspace = true }
 if_chain = { workspace = true }
 scout-audit-clippy-utils = { workspace = true }
 
-
 [package.metadata.rust-analyzer]
 rustc_private = true

detectors/avoid-core-mem-forget/Cargo.toml

@@ -1,15 +1,14 @@
 [package]
+edition = "2021"
 name = "avoid-core-mem-forget"
 version = "0.1.0"
-edition = "2021"
 
 [lib]
 crate-type = ["cdylib"]
 
 [dependencies]
 dylint_linting = { workspace = true }
 if_chain = { workspace = true }
-
 scout-audit-clippy-utils = { workspace = true }
 
 [package.metadata.rust-analyzer]

detectors/avoid-panic-error/Cargo.toml

@@ -1,15 +1,14 @@
 [package]
+edition = "2021"
 name = "avoid-panic-error"
 version = "0.1.0"
-edition = "2021"
 
 [lib]
 crate-type = ["cdylib"]
 
 [dependencies]
 dylint_linting = { workspace = true }
 if_chain = { workspace = true }
-
 scout-audit-clippy-utils = { workspace = true }
 
 [package.metadata.rust-analyzer]

detectors/avoid-unsafe-block/Cargo.toml

@@ -1,15 +1,14 @@
 [package]
+edition = "2021"
 name = "avoid-unsafe-block"
 version = "0.1.0"
-edition = "2021"
 
 [lib]
 crate-type = ["cdylib"]
 
 [dependencies]
 dylint_linting = { workspace = true }
 if_chain = { workspace = true }
-
 scout-audit-clippy-utils = { workspace = true }
 
 [package.metadata.rust-analyzer]

detectors/divide-before-multiply/Cargo.toml

@@ -1,15 +1,14 @@
 [package]
+edition = "2021"
 name = "divide-before-multiply"
 version = "0.1.0"
-edition = "2021"
 
 [lib]
 crate-type = ["cdylib"]
 
 [dependencies]
 dylint_linting = { workspace = true }
 if_chain = { workspace = true }
-
 scout-audit-clippy-utils = { workspace = true }
 
 [package.metadata.rust-analyzer]

detectors/dos-unbounded-operation/Cargo.toml

@@ -1,15 +1,14 @@
 [package]
+edition = "2021"
 name = "dos-unbounded-operation"
 version = "0.1.0"
-edition = "2021"
 
 [lib]
 crate-type = ["cdylib"]
 
 [dependencies]
 dylint_linting = { workspace = true }
 if_chain = { workspace = true }
-
 scout-audit-clippy-utils = { workspace = true }
 
 [package.metadata.rust-analyzer]

detectors/insufficiently-random-values/Cargo.toml

@@ -1,15 +1,14 @@
 [package]
+edition = "2021"
 name = "insufficiently-random-values"
 version = "0.1.0"
-edition = "2021"
 
 [lib]
 crate-type = ["cdylib"]
 
 [dependencies]
 dylint_linting = { workspace = true }
 if_chain = { workspace = true }
-
 scout-audit-clippy-utils = { workspace = true }
 
 [package.metadata.rust-analyzer]

detectors/iterators-over-indexing/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
+edition = "2021"
 name = "iterators-over-indexing"
 version = "0.1.0"
-edition = "2021"
 
 [lib]
 crate-type = ["cdylib"]

detectors/overflow-check/Cargo.toml

@@ -1,17 +1,16 @@
 [package]
+edition = "2021"
 name = "overflow-check"
 version = "0.1.0"
-edition = "2021"
 
 [lib]
 crate-type = ["cdylib"]
 
 [dependencies]
 dylint_linting = { workspace = true }
 if_chain = { workspace = true }
-toml = "0.8.8"
-
 scout-audit-clippy-utils = { workspace = true }
+toml = "0.8.8"
 
 [package.metadata.rust-analyzer]
 rustc_private = true

detectors/set-contract-storage/Cargo.toml

@@ -1,17 +1,16 @@
 [package]
+edition = "2021"
 name = "set-contract-storage"
 version = "0.1.0"
-edition = "2021"
 
 [lib]
 crate-type = ["cdylib"]
 
 [dependencies]
 dylint_linting = { workspace = true }
 if_chain = { workspace = true }
-utils = { path = "../../utils" }
-
 scout-audit-clippy-utils = { workspace = true }
+utils = { path = "../../utils" }
 
 [package.metadata.rust-analyzer]
 rustc_private = true

detectors/soroban-version/Cargo.toml

@@ -1,18 +1,17 @@
 [package]
+edition = "2021"
 name = "soroban-version"
 version = "0.1.0"
-edition = "2021"
 
 [lib]
 crate-type = ["cdylib"]
 
 [dependencies]
 dylint_linting = { workspace = true }
+scout-audit-clippy-utils = { workspace = true }
 semver = "1.0.4"
 serde_json = "1.0"
 ureq = { version = "2.7.1", features = ["json"] }
 
-scout-audit-clippy-utils = { workspace = true }
-
 [package.metadata.rust-analyzer]
 rustc_private = true

detectors/unprotected-mapping-operation/Cargo.toml

@@ -0,0 +1,16 @@
+[package]
+edition = "2021"
+name = "unprotected-mapping-operation"
+version = "0.1.0"
+
+[lib]
+crate-type = ["cdylib"]
+
+[dependencies]
+dylint_linting = { workspace = true }
+if_chain = { workspace = true }
+scout-audit-clippy-utils = { workspace = true }
+utils = { path = "../../utils" }
+
+[package.metadata.rust-analyzer]
+rustc_private = true