Merge branch 'master' of https://github.com/tintinweb/solgrep

README.md

@@ -24,6 +24,8 @@ Probably the most common way to use this tool is to run it with the `--find=<js-
 
 ⚠️ Make sure to only allow trusted inputs to `--find=<js-filter-statement>` as this argument is being evaluated as javascript!
 
+⚠️ Check out the proper order for arguments when using `--find`, `--rule`. See [Usage](#usage).
+
 ### Examples
 
 Run the default rules and display some stats?
@@ -139,7 +141,7 @@ Special contract functions can be references as:
 ```javascript
 
 ⇒  solgrep --help
-Usage: solgrep [options] <folder|...>
+Usage: solgrep <folder|...> [options]
 
 Options:
   -r, --rule        Enable rules                           [array] [default: []]
@@ -152,6 +154,19 @@ Options:
 
   ```
 
+⚠️ when using multi-options (`--find`, `--rule`) make sure to use this format:
+
+```
+⇒  solgrep <folder|...> [options]
+```
+
+or
+
+```
+⇒  solgrep [options] -- <folder|...> 
+```
+
+or else additional options might be interpreted as additional `--find` options!
 
 ## Library 
 

src/rules/builtin.js

@@ -38,6 +38,8 @@ class GenericGrep extends BaseRule {
     _getPatternType(p) {
         if (p.includes("function.")) {
             return "function"
+        } else if (p.includes("modifier.")) {
+            return "modifier"
         } else if (p.includes("contract.")) {
             return "contract"
         } else if (p.includes("sourceUnit")) {
@@ -49,13 +51,14 @@ class GenericGrep extends BaseRule {
         let context = {
             sourceUnit: sourceUnit,
             contract: undefined,
-            function: undefined
+            _function: undefined,
+            modifier: undefined
         }
 
 
         for (let pat of this.patterns) {
 
-            let patternType = this._getPatternType(pat);
+            var patternType = this._getPatternType(pat);
             if (patternType === "sourceUnit") {
                 let ret = safeEval(pat, context);
                 if (ret) { //allows match & extract (fuzzy)
@@ -93,6 +96,19 @@ class GenericGrep extends BaseRule {
                         }
                     }
                 });
+
+                Object.values(contract.modifiers).forEach(_modifier => {
+                    // Modifier
+                    //update context
+                    context.modifier = _modifier;
+
+                    if (patternType === "modifier") {
+                        let ret = safeEval(pat, context);
+                        if (ret) {
+                            this.solgrep.report(sourceUnit, this, `match-modifier: ${contract.name}.${_modifier.name}`, `${ret}`, typeof ret === 'object' && ret.hasOwnKey('loc') ? ret.loc : _modifier.ast.loc);
+                        }
+                    }
+                });
             });
         }
     }

src/rules/tincustom.js

@@ -36,7 +36,23 @@ class IsInitializable extends BaseRule {
 IsInitializable.description = "Checks if a contract is initializable by anyone and not auto-initialized in __constr__";
 
 
+class IsMultipleBalanceOfSameFunc extends BaseRule{
+    onProcess(sourceUnit){
+        Object.values(sourceUnit.contracts).forEach(contract => {
+            //for every contract in the SU
+            contract.functions.forEach(f => {
+                if(Object.keys(f.modifiers).includes("nonReentrant")) return; //ignore nonReentrant
+                const funcbody = f.getSource();
+                if( (funcbody.split('.balanceOf').length -1 >= 2) && funcbody.split('diff').length -1 >= 2){
+                    this.solgrep.report(sourceUnit, this, "DBL_BALANCEOF", `${f.name} - balanceOf() called multiple times within same func`, f.ast.loc);
+                }
+            })
+        })
+    }
+}
+IsMultipleBalanceOfSameFunc.description = "Checks if a contract has multiple balanceOf() calls within same function";
+
 module.exports = {
     IsInitializable,
-
+    IsMultipleBalanceOfSameFunc
 }