knowdit-sol 0.6.0

Smart contract auditing framework.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301

//! Tree-sitter extraction of state variables and inheritance specifiers, mirroring
//! `cg::extract_repo_contracts_functions` but yielding storage-shaped records rather than
//! callgraph-shaped ones. The output is project-local: contract ids match
//! [`crate::cg::ExtractedContract::id`] and inheritance is resolved by *name within the same
//! project*. Names that don't resolve (3rd-party imports, etc.) are dropped silently.

use std::{
    collections::{BTreeMap, HashMap},
    path::PathBuf,
};

use color_eyre::eyre::{ContextCompat, WrapErr, ensure};
use knowdit_repo_model::cg::FileChunk;
use serde::Serialize;
use tree_sitter::{Node, Parser};

use crate::cg::{ExtractedContract, SolidityContractKind};

/// One state variable declared inside a tree-sitter-extracted contract.
#[derive(Debug, Clone, Serialize)]
pub struct ExtractedStateVariable {
    pub id: i32,
    /// Project-local id of the declaring contract (matches `ExtractedContract.id`).
    pub contract_id: i32,
    /// Declaring contract name (denormalized for readability).
    pub contract_name: String,
    pub name: String,
    /// Stringified Solidity type as it appears in source (mappings/structs included verbatim).
    pub type_text: String,
    /// True for `constant` declarations; we still record them but the agent should skip them as
    /// "no storage" rows.
    pub is_constant: bool,
    /// True for `immutable` declarations; immutables are stored in code, not storage, but the
    /// agent typically treats them as state variables for read/write purposes.
    pub is_immutable: bool,
    pub relative_file_path: PathBuf,
    pub chunk: FileChunk,
}

/// One direct `is`-spec edge captured per contract. `parent_name` is the textual reference;
/// `parent_contract_id` is `None` if it doesn't resolve to any project-local contract.
#[derive(Debug, Clone, Serialize)]
pub struct ExtractedInheritance {
    pub contract_id: i32,
    pub contract_name: String,
    pub parent_name: String,
    pub parent_contract_id: Option<i32>,
}

/// Bundled output of the tree-sitter storage extractor.
#[derive(Debug, Clone, Serialize, Default)]
pub struct StorageExtractionResult {
    pub state_variables: Vec<ExtractedStateVariable>,
    pub inherits: Vec<ExtractedInheritance>,
}

/// Walk the same .sol files used by the call-graph extractor and pull out state variables and
/// inheritance specifiers. The caller is expected to have already parsed/extracted contracts
/// via [`crate::cg::extract_repo_contracts_functions`]; we reuse the (id, name) mapping so the
/// project-local ids stay consistent across the two passes.
pub async fn extract_state_variables_and_inheritance(
    repo_root: &std::path::Path,
    contracts: &[ExtractedContract],
) -> Result<StorageExtractionResult, color_eyre::Report> {
    let mut parser = Parser::new();
    let language = tree_sitter_solidity::LANGUAGE.into();
    parser
        .set_language(&language)
        .wrap_err("failed to load tree-sitter Solidity grammar")?;

    // Group contract ids by their (relative_file_path, name) so we can re-attach state vars
    // from a fresh tree-sitter pass. Names should be unique within a single .sol file in
    // well-formed projects; if there's a clash we take the first-seen contract id.
    let mut id_by_file_and_name: HashMap<(PathBuf, String), i32> = HashMap::new();
    let mut name_to_ids: BTreeMap<String, Vec<i32>> = BTreeMap::new();
    for c in contracts {
        id_by_file_and_name
            .entry((c.relative_file_path.clone(), c.name.clone()))
            .or_insert(c.id);
        name_to_ids.entry(c.name.clone()).or_default().push(c.id);
    }
    // De-dup file lists so we parse each file once.
    let mut files_to_parse: Vec<PathBuf> = contracts
        .iter()
        .map(|c| c.relative_file_path.clone())
        .collect();
    files_to_parse.sort();
    files_to_parse.dedup();

    let mut state_variables = Vec::new();
    let mut inherits = Vec::new();
    let mut next_state_var_id = 1i32;

    for relative in &files_to_parse {
        let absolute = repo_root.join(relative);
        let source = tokio::fs::read_to_string(&absolute)
            .await
            .wrap_err_with(|| format!("failed to read Solidity file {}", absolute.display()))?;
        let tree = parser
            .parse(source.as_bytes(), None)
            .wrap_err_with(|| format!("failed to parse Solidity file {}", absolute.display()))?;
        let root = tree.root_node();

        let mut contract_nodes = Vec::new();
        crate::node::collect_contract_nodes_pub(root, &mut contract_nodes);

        for cn in contract_nodes {
            if SolidityContractKind::from_node_kind(cn.kind()).is_none() {
                continue;
            }
            let Some(name_node) = cn.child_by_field_name("name") else {
                continue;
            };
            let contract_name = name_node
                .utf8_text(source.as_bytes())
                .ok()
                .map(|s| s.to_string())
                .unwrap_or_default();
            let Some(&contract_id) =
                id_by_file_and_name.get(&(relative.clone(), contract_name.clone()))
            else {
                continue;
            };

            // Inheritance specifiers
            let mut cursor = cn.walk();
            for child in cn.named_children(&mut cursor) {
                if child.kind() == "inheritance_specifier" {
                    let parent_name = parent_name_of_inheritance_specifier(child, &source);
                    let Some(parent_name) = parent_name else {
                        continue;
                    };
                    // Resolve by name. If multiple contracts share the name, keep them all (one
                    // row per resolution); typically there's one.
                    let parent_ids = name_to_ids.get(&parent_name).cloned().unwrap_or_default();
                    if parent_ids.is_empty() {
                        inherits.push(ExtractedInheritance {
                            contract_id,
                            contract_name: contract_name.clone(),
                            parent_name,
                            parent_contract_id: None,
                        });
                    } else {
                        for pid in parent_ids {
                            if pid == contract_id {
                                continue;
                            }
                            inherits.push(ExtractedInheritance {
                                contract_id,
                                contract_name: contract_name.clone(),
                                parent_name: parent_name.clone(),
                                parent_contract_id: Some(pid),
                            });
                        }
                    }
                }
            }

            // State variables
            if let Some(body) = cn.child_by_field_name("body") {
                let mut cursor = body.walk();
                for child in body.named_children(&mut cursor) {
                    if child.kind() != "state_variable_declaration" {
                        continue;
                    }
                    let Some(state_var) = parse_state_variable(
                        child,
                        &source,
                        next_state_var_id,
                        contract_id,
                        contract_name.clone(),
                        relative.clone(),
                    )?
                    else {
                        continue;
                    };
                    next_state_var_id += 1;
                    state_variables.push(state_var);
                }
            }
        }
    }

    Ok(StorageExtractionResult {
        state_variables,
        inherits,
    })
}

fn parent_name_of_inheritance_specifier(node: Node<'_>, source: &str) -> Option<String> {
    let mut cursor = node.walk();
    for child in node.named_children(&mut cursor) {
        if child.kind() == "user_defined_type" {
            let mut cur2 = child.walk();
            // Take the last identifier — for `Foo.Bar` it's the inner name; if a single
            // identifier, that's the parent name.
            let mut last_id: Option<Node<'_>> = None;
            for c in child.named_children(&mut cur2) {
                if c.kind() == "identifier" {
                    last_id = Some(c);
                }
            }
            if let Some(id_node) = last_id
                && let Ok(text) = id_node.utf8_text(source.as_bytes())
            {
                return Some(text.to_string());
            }
        } else if child.kind() == "identifier"
            && let Ok(text) = child.utf8_text(source.as_bytes())
        {
            return Some(text.to_string());
        }
    }
    None
}

fn parse_state_variable(
    node: Node<'_>,
    source: &str,
    id: i32,
    contract_id: i32,
    contract_name: String,
    relative_file_path: PathBuf,
) -> Result<Option<ExtractedStateVariable>, color_eyre::Report> {
    let raw = node
        .utf8_text(source.as_bytes())
        .wrap_err("state_variable_declaration is not utf-8")?;

    // Name: last named identifier child (after type_name). Skip identifiers nested inside
    // type_name (e.g. user-defined struct name).
    let mut name: Option<String> = None;
    let mut type_text: Option<String> = None;
    let mut cursor = node.walk();
    for child in node.named_children(&mut cursor) {
        match child.kind() {
            "type_name" => {
                let text = child
                    .utf8_text(source.as_bytes())
                    .wrap_err("type_name not utf-8")?;
                type_text = Some(text.trim().to_string());
            }
            "identifier" => {
                let text = child
                    .utf8_text(source.as_bytes())
                    .wrap_err("identifier not utf-8")?;
                name = Some(text.to_string());
            }
            _ => {}
        }
    }
    let Some(name) = name else {
        return Ok(None);
    };
    let type_text = type_text.unwrap_or_default();

    let is_constant = contains_keyword(raw, "constant");
    let is_immutable = contains_keyword(raw, "immutable");

    ensure!(
        source.is_char_boundary(node.start_byte()) && source.is_char_boundary(node.end_byte()),
        "tree-sitter produced non-UTF-8-boundary state variable range {}..{}",
        node.start_byte(),
        node.end_byte()
    );
    let chunk = crate::node::node_chunk_pub(node, source)?;

    Ok(Some(ExtractedStateVariable {
        id,
        contract_id,
        contract_name,
        name,
        type_text,
        is_constant,
        is_immutable,
        relative_file_path,
        chunk,
    }))
}

fn contains_keyword(haystack: &str, kw: &str) -> bool {
    let mut idx = 0usize;
    while let Some(found) = haystack[idx..].find(kw) {
        let pos = idx + found;
        let before = pos
            .checked_sub(1)
            .and_then(|p| haystack.as_bytes().get(p))
            .copied();
        let after = haystack.as_bytes().get(pos + kw.len()).copied();
        let lhs_ok = before.is_none_or(|b| !is_id_byte(b));
        let rhs_ok = after.is_none_or(|b| !is_id_byte(b));
        if lhs_ok && rhs_ok {
            return true;
        }
        idx = pos + kw.len();
    }
    false
}

fn is_id_byte(b: u8) -> bool {
    b.is_ascii_alphanumeric() || b == b'_'
}