From 2280d3c8dc698ebc700f83337e7fb16de42403c9 Mon Sep 17 00:00:00 2001 From: Devashish Tomar Date: Mon, 20 Dec 2021 13:05:16 +0530 Subject: [PATCH 01/13] added support for ranged compiler versions for install flag --- solc_select/__main__.py | 2 +- solc_select/constants.py | 5 +++ solc_select/solc_select.py | 76 ++++++++++++++++++++++++++++++-------- 3 files changed, 66 insertions(+), 17 deletions(-) diff --git a/solc_select/__main__.py b/solc_select/__main__.py index cc0bd80..112a693 100644 --- a/solc_select/__main__.py +++ b/solc_select/__main__.py @@ -31,7 +31,7 @@ def solc_select() -> None: ) parser_install.add_argument( INSTALL_VERSIONS, - help='specific versions you want to install "0.4.25" or "all"', + help='specific versions you want to install "0.4.25" or "0.4.24-0.4.25" for multiple versions or "all"', nargs="*", default=list(), type=valid_install_arg, diff --git a/solc_select/constants.py b/solc_select/constants.py index 3c0d0f3..301823f 100644 --- a/solc_select/constants.py +++ b/solc_select/constants.py @@ -16,3 +16,8 @@ WINDOWS_AMD64 = "windows-amd64" EARLIEST_RELEASE = {"macosx-amd64": "0.3.6", "linux-amd64": "0.4.0", "windows-amd64": "0.4.5"} + +# Regexes +SOLC_VERSION_REGEX = r"[\d]+.[\d]+.[\d]+" +SOLC_VERSION_RANGE_REGEX = f"({SOLC_VERSION_REGEX}){{1}}-({SOLC_VERSION_REGEX}){{1}}" +INSTALL_VERSIONS_INPUT_REGEX = f"^({SOLC_VERSION_RANGE_REGEX})|({SOLC_VERSION_REGEX})$" diff --git a/solc_select/solc_select.py b/solc_select/solc_select.py index f536b38..dd7c3a3 100644 --- a/solc_select/solc_select.py +++ b/solc_select/solc_select.py @@ -62,10 +62,14 @@ def installed_versions() -> [str]: def install_artifacts(versions: [str]) -> None: releases = get_available_versions() + match, version_from, version_to = should_install_artifacts_range(versions) for version, artifact in releases.items(): if "all" not in versions: - if versions and version not in versions: + if match: + if not version_from <= StrictVersion(version) <= version_to: + continue + elif versions and version not in versions: continue (url, _) = get_url(version, artifact) @@ -165,32 +169,47 @@ def switch_global_version(version: str, always_install: bool) -> None: raise argparse.ArgumentTypeError(f"Unknown version '{version}'") -def valid_version(version: str) -> str: - match = re.search(r"^(\d+)\.(\d+)\.(\d+)$", version) +def valid_version(install_input: str, string_version: bool = True) -> str: + match = re.search(INSTALL_VERSIONS_INPUT_REGEX, install_input) - if match is None: - raise argparse.ArgumentTypeError(f"Invalid version '{version}'.") - - if StrictVersion(version) < StrictVersion(EARLIEST_RELEASE[soliditylang_platform()]): - raise argparse.ArgumentTypeError( - f"Invalid version - only solc versions above '{EARLIEST_RELEASE[soliditylang_platform()]}' are available" - ) + if match is None or (not match.group(4) and string_version): + raise argparse.ArgumentTypeError(f"Invalid version '{install_input}'.") (_, list_url) = get_url() list_json = urllib.request.urlopen(list_url).read() latest_release = json.loads(list_json)["latestRelease"] - if StrictVersion(version) > StrictVersion(latest_release): - raise argparse.ArgumentTypeError( - f"Invalid version '{latest_release}' is the latest available version" - ) - return version + def check_available_version(version: str): + if StrictVersion(version) < StrictVersion(EARLIEST_RELEASE[soliditylang_platform()]): + raise argparse.ArgumentTypeError( + f"Invalid version - only solc versions above '{EARLIEST_RELEASE[soliditylang_platform()]}' are available" + ) + + if StrictVersion(version) > StrictVersion(latest_release): + raise argparse.ArgumentTypeError( + f"Invalid version '{latest_release}' is the latest available version" + ) + + if match.group(4): + check_available_version(install_input) + else: + version_from = match.group(2) + version_to = match.group(3) + check_available_version(version_from) + check_available_version(version_to) + + if StrictVersion(version_from) == StrictVersion(version_to): + return version_from + elif StrictVersion(version_from) > StrictVersion(version_to): + return f"{version_to}-{version_from}" + + return install_input def valid_install_arg(arg: str) -> str: if arg == "all": return arg - return valid_version(arg) + return valid_version(arg, False) def get_installable_versions() -> [str]: @@ -222,3 +241,28 @@ def soliditylang_platform() -> str: else: raise argparse.ArgumentTypeError("Unsupported platform") return platform + + +def should_install_artifacts_range(versions: [str]) -> (bool, StrictVersion, StrictVersion): + match: bool = False + version_from: StrictVersion + version_to: StrictVersion + + for version in versions: + curr_match = re.search(SOLC_VERSION_RANGE_REGEX, version) + if curr_match: + new_version_from = StrictVersion(curr_match.group(1)) + new_version_to = StrictVersion(curr_match.group(2)) + + if match: + if new_version_from < version_from: + version_from = new_version_from + + if new_version_to > version_to: + version_to = new_version_to + else: + version_from = new_version_from + version_to = new_version_to + match = True + + return match, version_from, version_to From ff74580464a2b9ba6b60b26d1351062ea6a9aea3 Mon Sep 17 00:00:00 2001 From: Devashish Tomar Date: Mon, 20 Dec 2021 13:50:10 +0530 Subject: [PATCH 02/13] initialized local variables in should_install_artifacts_range function --- solc_select/solc_select.py | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/solc_select/solc_select.py b/solc_select/solc_select.py index dd7c3a3..aa476ed 100644 --- a/solc_select/solc_select.py +++ b/solc_select/solc_select.py @@ -245,8 +245,8 @@ def soliditylang_platform() -> str: def should_install_artifacts_range(versions: [str]) -> (bool, StrictVersion, StrictVersion): match: bool = False - version_from: StrictVersion - version_to: StrictVersion + version_from: StrictVersion = StrictVersion("") + version_to: StrictVersion = StrictVersion("") for version in versions: curr_match = re.search(SOLC_VERSION_RANGE_REGEX, version) From 5aa3745183dd994acb3a77bddf78f5ccc0c9836e Mon Sep 17 00:00:00 2001 From: Nat Chin Date: Tue, 25 Jan 2022 12:15:27 -0500 Subject: [PATCH 03/13] Fixed keccak256 check on binaries (#90) --- setup.py | 3 +++ solc_select/solc_select.py | 9 +++++---- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/setup.py b/setup.py index 307902f..23c485d 100644 --- a/setup.py +++ b/setup.py @@ -16,4 +16,7 @@ "solc = solc_select.__main__:solc", ] }, + install_requires=[ + 'pysha3' + ] ) diff --git a/solc_select/solc_select.py b/solc_select/solc_select.py index aa476ed..2115890 100644 --- a/solc_select/solc_select.py +++ b/solc_select/solc_select.py @@ -1,5 +1,6 @@ import argparse import hashlib +import sha3 import json from zipfile import ZipFile import os @@ -111,7 +112,7 @@ def verify_checksum(version: str) -> None: # calculate sha256 and keccak256 checksum of the local file with open(ARTIFACTS_DIR.joinpath(f"solc-{version}", f"solc-{version}"), "rb") as f: sha256_factory = hashlib.sha256() - keccak_factory = hashlib.sha3_256() + keccak_factory = sha3.keccak_256() # 1024000(~1MB chunk) for chunk in iter(lambda: f.read(1024000), b""): @@ -120,14 +121,14 @@ def verify_checksum(version: str) -> None: local_sha256_file_hash = f"0x{sha256_factory.hexdigest()}" local_keccak256_file_hash = f"0x{keccak_factory.hexdigest()}" - - if sha256_hash != local_sha256_file_hash and keccak256_hash != local_keccak256_file_hash: + + if sha256_hash != local_sha256_file_hash or keccak256_hash != local_keccak256_file_hash: raise argparse.ArgumentTypeError( f"Error: Checksum mismatch {soliditylang_platform()} - {version}" ) -def get_soliditylang_checksums(version: str): +def get_soliditylang_checksums(version: str) -> (str, str): (_, list_url) = get_url(version=version) list_json = urllib.request.urlopen(list_url).read() builds = json.loads(list_json)["builds"] From 0597389602e9124a0cb4abc3f1a5db652aaa613e Mon Sep 17 00:00:00 2001 From: Nat Chin Date: Fri, 11 Mar 2022 10:26:30 -0500 Subject: [PATCH 04/13] Update python version (#94) --- .github/workflows/windows-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/windows-ci.yml b/.github/workflows/windows-ci.yml index 3c695f6..0db9fe4 100644 --- a/.github/workflows/windows-ci.yml +++ b/.github/workflows/windows-ci.yml @@ -12,16 +12,16 @@ on: jobs: tests: - runs-on: windows-latest + runs-on: windows-2022 strategy: matrix: type: ["windows","solc"] steps: - uses: actions/checkout@v1 - - name: Set up Python 3.6 + - name: Set up Python 3.9.10 uses: actions/setup-python@v1 with: - python-version: 3.6 + python-version: 3.9.10 - name: Install solc-select run: | python3 setup.py install --user From 13451c53f9f383bb724927597b5637d067501e86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Emilio=20L=C3=B3pez?= <2642849+elopez@users.noreply.github.com> Date: Tue, 22 Mar 2022 17:18:07 -0300 Subject: [PATCH 05/13] Fix multiple installations with `solc-select use` + `--always-install` (#96) A single version string was passed to install_artifacts instead of a version list. This caused install_artifacts to install other versions contained in the requested version (e.g. 0.4.2 was installed as well when 0.4.25 was requested). Call the installation function with a list as intended, so that the correct version and that version only is installed now. Test case: * `rm ~/.solc-select -rf` * `solc-select use 0.4.25 --always-install` Fixes: #95 --- solc_select/solc_select.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/solc_select/solc_select.py b/solc_select/solc_select.py index 2115890..02efa4a 100644 --- a/solc_select/solc_select.py +++ b/solc_select/solc_select.py @@ -162,7 +162,7 @@ def switch_global_version(version: str, always_install: bool) -> None: print("Switched global version to", version) elif version in get_available_versions(): if always_install: - install_artifacts(version) + install_artifacts([version]) switch_global_version(version, always_install) else: raise argparse.ArgumentTypeError(f"'{version}' must be installed prior to use.") From 3f23b282ae20c72a57c938bd524a6af127cb21d1 Mon Sep 17 00:00:00 2001 From: alpharush <0xalpharush@protonmail.com> Date: Tue, 22 Mar 2022 15:19:10 -0500 Subject: [PATCH 06/13] add support for use within virtualenv (#86) --- solc_select/constants.py | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/solc_select/constants.py b/solc_select/constants.py index 301823f..dba9eb2 100644 --- a/solc_select/constants.py +++ b/solc_select/constants.py @@ -1,7 +1,11 @@ +import os from pathlib import Path # DIRs path -HOME_DIR = Path.home() +if "VIRTUAL_ENV" in os.environ: + HOME_DIR = Path(os.environ["VIRTUAL_ENV"]) +else: + HOME_DIR = Path.home() SOLC_SELECT_DIR = HOME_DIR.joinpath(".solc-select") ARTIFACTS_DIR = SOLC_SELECT_DIR.joinpath("artifacts") From ba015803ef17277054d7b5804c5de07531e87916 Mon Sep 17 00:00:00 2001 From: Nat Chin Date: Mon, 30 May 2022 16:16:37 -0400 Subject: [PATCH 07/13] Github workflow python bump (#98) --- .github/workflows/mac-ci.yml | 4 ++-- .github/workflows/windows-ci.yml | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/mac-ci.yml b/.github/workflows/mac-ci.yml index 02c588e..2d0c4ff 100644 --- a/.github/workflows/mac-ci.yml +++ b/.github/workflows/mac-ci.yml @@ -18,10 +18,10 @@ jobs: type: ["solc_upgrade", "macos", "solc"] steps: - uses: actions/checkout@v1 - - name: Set up Python 3.7.12 + - name: Set up Python 3.10.4 uses: actions/setup-python@v1 with: - python-version: 3.7.12 + python-version: 3.10.4 - name: Install solc-select run: | sudo python3 setup.py install diff --git a/.github/workflows/windows-ci.yml b/.github/workflows/windows-ci.yml index 0db9fe4..48f36f0 100644 --- a/.github/workflows/windows-ci.yml +++ b/.github/workflows/windows-ci.yml @@ -18,10 +18,10 @@ jobs: type: ["windows","solc"] steps: - uses: actions/checkout@v1 - - name: Set up Python 3.9.10 + - name: Set up Python 3.10.4 uses: actions/setup-python@v1 with: - python-version: 3.9.10 + python-version: 3.10.4 - name: Install solc-select run: | python3 setup.py install --user From bd2ba534a867f398119855f72453082ffa06b047 Mon Sep 17 00:00:00 2001 From: Nat Chin Date: Tue, 31 May 2022 15:42:22 -0400 Subject: [PATCH 08/13] Update README.md (#101) --- README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/README.md b/README.md index d51b4fe..716e599 100644 --- a/README.md +++ b/README.md @@ -99,6 +99,21 @@ Try downgrading to `solc-select version 0.2.0`. Our `0.2.1` version of `solc-select` pulls older Linux binaries from [crytic/solc](https://github.com/crytic/solc) which seems to have introduced unexpected behavior in certain instances. +### `solc-select` version changes, but `solc --version does not match` + +Users seem to be experiencing situations in which the following command is successful: +``` +solc-select use +``` +However, when running the following command, it points to an older version of Solidity. +``` +solc --version +``` + +`solc-select` is intended to work with custom binaries. This means that Solidity installed through other means (i.e: `brew install solidity` will _not_ work!). + +Uninstall other versions Solidity from your computer. + ## License `solc-select` is licensed and distributed under the [AGPLv3](LICENSE) license. [Contact us](mailto:opensource@trailofbits.com) if you’re looking for an exception to the terms. From ea70efd0dcea2e2643bd873e6da58b7191d52f86 Mon Sep 17 00:00:00 2001 From: Nat Chin Date: Mon, 6 Jun 2022 07:15:25 -0400 Subject: [PATCH 09/13] Update README.md (#102) --- README.md | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/README.md b/README.md index 716e599..b306d8c 100644 --- a/README.md +++ b/README.md @@ -75,6 +75,19 @@ Feel free to stop by our [Slack channel](https://empirehacking.slack.com/) for h Uninstall other installations of solc on your machine. `solc-select` re-installs solc binaries for your operating system and acts as a wrapper for solc. With duplicate solc installations, this may result in your `solc` version not being up to date. +### "Unsupported Platform" on Windows + +The solc-select version that supports Windows is currently in beta. Uninstall `solc-select` through `pip3 uninstall solc-select` and run + +```bash +pip install solc-select==1.0.0b1 +``` + +Alternatively, for the most up-to-date version, clone this repository and run +```bash +python3 setup.py install +``` + ## Known Issues ### `SSL: CERTIFICATE_VERIFY_FAILED` on running `solc-select` commands [investigation ongoing] From 807ab0016e819076243ab8fc2e96c970f4f35045 Mon Sep 17 00:00:00 2001 From: William Woodruff Date: Thu, 30 Jun 2022 15:37:03 -0400 Subject: [PATCH 10/13] Add a `pip-audit` workflow (#104) * Add a `pip-audit` workflow * Fixing stale python CI version by dropping specific version * Wrap version in quotes * Unify python versions * Bumping setup and python versions for mac * Bypass setuptools for installation Co-authored-by: Natalie Chin --- .github/workflows/mac-ci.yml | 16 ++++++++------ .github/workflows/pip-audit.yml | 37 ++++++++++++++++++++++++++++++++ .github/workflows/windows-ci.yml | 4 ++-- 3 files changed, 49 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/pip-audit.yml diff --git a/.github/workflows/mac-ci.yml b/.github/workflows/mac-ci.yml index 2d0c4ff..a97b506 100644 --- a/.github/workflows/mac-ci.yml +++ b/.github/workflows/mac-ci.yml @@ -15,19 +15,23 @@ jobs: runs-on: macos-latest strategy: matrix: + python: + - "3.7" + - "3.8" + - "3.9" + - "3.10" type: ["solc_upgrade", "macos", "solc"] steps: - - uses: actions/checkout@v1 - - name: Set up Python 3.10.4 - uses: actions/setup-python@v1 + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 with: - python-version: 3.10.4 + python-version: ${{ matrix.python }} - name: Install solc-select run: | - sudo python3 setup.py install + sudo pip install . solc-select install all - name: Run Tests env: TEST_TYPE: ${{ matrix.type }} run: | - bash scripts/test_${TEST_TYPE}.sh \ No newline at end of file + bash scripts/test_${TEST_TYPE}.sh diff --git a/.github/workflows/pip-audit.yml b/.github/workflows/pip-audit.yml new file mode 100644 index 0000000..9c32162 --- /dev/null +++ b/.github/workflows/pip-audit.yml @@ -0,0 +1,37 @@ +name: Scan dependencies for vulnerabilities with pip-audit + +on: + push: + branches: [ "dev" ] + pull_request: + branches: [ "dev" ] + schedule: + - cron: "0 12 * * *" + +jobs: + pip-audit: + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v3 + + - name: Install Python + uses: actions/setup-python@v4 + with: + python-version: "3.x" + + - name: Install project + run: | + python -m venv /tmp/pip-audit-env + source /tmp/pip-audit-env/bin/activate + + python -m pip install --upgrade pip + python -m pip install . + + + - name: Run pip-audit + uses: trailofbits/gh-action-pip-audit@v0.0.4 + with: + virtual-environment: /tmp/pip-audit-env + diff --git a/.github/workflows/windows-ci.yml b/.github/workflows/windows-ci.yml index 48f36f0..5e7e7c9 100644 --- a/.github/workflows/windows-ci.yml +++ b/.github/workflows/windows-ci.yml @@ -18,10 +18,10 @@ jobs: type: ["windows","solc"] steps: - uses: actions/checkout@v1 - - name: Set up Python 3.10.4 + - name: Set up Python 3.10 uses: actions/setup-python@v1 with: - python-version: 3.10.4 + python-version: "3.10" - name: Install solc-select run: | python3 setup.py install --user From 3de81f62b82aa04da43379ebf6843c8e202efc2a Mon Sep 17 00:00:00 2001 From: Nat Chin Date: Thu, 30 Jun 2022 16:04:18 -0400 Subject: [PATCH 11/13] Update workflows to test 3.7-3.11 python versions on Windows and Linux (#107) * Update workflows to test 3.7-3.11 python versions * Run pip install . instead of setuptools --- .github/workflows/linux-ci.yml | 16 ++++++++++------ .github/workflows/windows-ci.yml | 16 ++++++++++------ README.md | 2 +- 3 files changed, 21 insertions(+), 13 deletions(-) diff --git a/.github/workflows/linux-ci.yml b/.github/workflows/linux-ci.yml index 0763bf9..53ea423 100644 --- a/.github/workflows/linux-ci.yml +++ b/.github/workflows/linux-ci.yml @@ -15,16 +15,20 @@ jobs: runs-on: ubuntu-latest strategy: matrix: + python: + - "3.7" + - "3.8" + - "3.9" + - "3.10" type: ["solc_upgrade", "linux","solc"] - steps: - - uses: actions/checkout@v1 - - name: Set up Python 3.6 - uses: actions/setup-python@v1 + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 with: - python-version: 3.6 + python-version: ${{ matrix.python }} - name: Install solc-select run: | - sudo python3 setup.py install + sudo pip install . solc-select install all - name: Run Tests env: diff --git a/.github/workflows/windows-ci.yml b/.github/workflows/windows-ci.yml index 5e7e7c9..27056c1 100644 --- a/.github/workflows/windows-ci.yml +++ b/.github/workflows/windows-ci.yml @@ -15,16 +15,20 @@ jobs: runs-on: windows-2022 strategy: matrix: + python: + - "3.7" + - "3.8" + - "3.9" + - "3.10" type: ["windows","solc"] - steps: - - uses: actions/checkout@v1 - - name: Set up Python 3.10 - uses: actions/setup-python@v1 + steps: + - uses: actions/checkout@v3 + - uses: actions/setup-python@v4 with: - python-version: "3.10" + python-version: ${{ matrix.python }} - name: Install solc-select run: | - python3 setup.py install --user + pip install . --user solc-select install all - name: Run Tests env: diff --git a/README.md b/README.md index b306d8c..9669ff0 100644 --- a/README.md +++ b/README.md @@ -85,7 +85,7 @@ pip install solc-select==1.0.0b1 Alternatively, for the most up-to-date version, clone this repository and run ```bash -python3 setup.py install +pip install . --user ``` ## Known Issues From bbcf52b299487b4378488f526b13c941ad770f6d Mon Sep 17 00:00:00 2001 From: Kyle Baker Date: Thu, 30 Jun 2022 22:27:37 +0200 Subject: [PATCH 12/13] Update README.md (#103) --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 9669ff0..83f78c1 100644 --- a/README.md +++ b/README.md @@ -123,7 +123,7 @@ However, when running the following command, it points to an older version of So solc --version ``` -`solc-select` is intended to work with custom binaries. This means that Solidity installed through other means (i.e: `brew install solidity` will _not_ work!). +`solc-select` is intended to work with custom binaries. This means that Solidity installed through other means (i.e: `brew install solidity`) will _not_ work!. Uninstall other versions Solidity from your computer. From 29d96ca8717cef61679ea44a734afba4f52f7fe5 Mon Sep 17 00:00:00 2001 From: Nat Chin Date: Thu, 30 Jun 2022 16:36:09 -0400 Subject: [PATCH 13/13] Returns true on install artifacts (#108) --- solc_select/solc_select.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/solc_select/solc_select.py b/solc_select/solc_select.py index 02efa4a..267cd38 100644 --- a/solc_select/solc_select.py +++ b/solc_select/solc_select.py @@ -61,7 +61,7 @@ def installed_versions() -> [str]: ] -def install_artifacts(versions: [str]) -> None: +def install_artifacts(versions: [str]) -> bool: releases = get_available_versions() match, version_from, version_to = should_install_artifacts_range(versions) @@ -92,6 +92,7 @@ def install_artifacts(versions: [str]) -> None: else: Path.chmod(artifact_file_dir.joinpath(f"solc-{version}"), 0o775) print(f"Version '{version}' installed.") + return True def is_older_linux(version: str) -> bool: