Skip to content

Adding a new detector

Jump to bottom
Feist Josselin edited this page Feb 14, 2019 · 30 revisions

Slither's plugin architecture lets you integrate new detectors that run from the command line.

Detector Skeleton

The skeleton for a detector is:

from slither.detectors.abstract_detector import AbstractDetector, DetectorClassification


class Skeleton(AbstractDetector):
    """
    Documentation
    """

    ARGUMENT = 'mydetector' # slither will launch the detector with slither.py --mydetector
    HELP = 'Help printed by slither'
    IMPACT = DetectorClassification.HIGH
    CONFIDENCE = DetectorClassification.HIGH


    WIKI = ''

    WIKI_TITLE = ''
    WIKI_DESCRIPTION = ''
    WIKI_EXPLOIT_SCENARIO = ''
    WIKI_RECOMMENDATION = ''

    def _detect(self):
        return []
  • ARGUMENT lets you run the detector from the command line
  • HELP is the information printed from the command line
  • IMPACT indicates the impact of the issue. Allowed values are:
    • DetectorClassification.INFORMATIONAL: printed in green
    • DetectorClassification.LOW: printed in green
    • DetectorClassification.MEDIUM: printed in yellow
    • DetectorClassification.HIGH: printed in red
  • CONFIDENCE indicates your confidence in the analysis. Allowed values are:
    • DetectorClassification.LOW
    • DetectorClassification.MEDIUM
    • DetectorClassification.HIGH

detect() needs to return a list of findings. To facilitate the automation of Slither, a finding is a dictionary containing a vuln key associated with the vulnerability name and additional information according to the vulnerability itself.

An AbstractDetector object has the slither attribute, which returns the current Slither object, and the log(str) function to print the result.

Integration

You can integrate your detector into Slither by:

Test the detector

If you want to add your detector to trailofbits/slither, create a unit-test in tests and update scripts/travis_test_4.sh to run the unit-test automatically.

deepdiff is needed to run travis_test.sh:

pip install deepdiff

Example

backdoor.py will detect any function with backdoor in its name.

Clone this wiki locally