chaincodeanalyzer

command module
v0.0.0-...-0a3dc58 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Feb 28, 2020 License: Apache-2.0 Imports: 8 Imported by: 0

README

Chaincode Analyzer

Chaincode Analyzer is a CLI tool to detect the codes which can be risks potentially such as nondeterminism in Chaincode (i.e., smart contract in Hyperledger Fabric) written in Golang.

How to use

  1. Clone this repository
  2. go build ccanalyzer.go
  3. ./ccanalyzer [file | directory]

How to read the output

If Chaincode Analyzer find any risk, it outputs the followings.

  1. Category
    • The type of risk
    • e.g., Rand
  2. Function
    • The function name which includes the risk
    • e.g., init => func init() {}
  3. VarName
    • The name of variable which related to the risk
    • e.g., Aval
  4. Position
    • The position of the code related to the risk
    • e.g., example.go:122:14 Aval = rand.Float32()
  5. Affected Position
    • The position of the code which is affected by the risk
    • e.g., example.go:151:25 err = stub.PutState(A, Aval)

What can this tool detect

Currently, the tool can detect following risks. For more information about risks, please refer the paper.

  • Random value
  • Timestamp
  • Iteration on map object
  • Calling external API
  • File access
  • Pointer
  • Global variable
  • External library
  • System commands
  • Goroutine
  • Range query risk
  • Field declaration
  • Read your write
  • Cross channel Invocation

License

This tool is distributed under the Apache License Version 2.0, see LICENSE file.

Documentation

The Go Gopher

There is no documentation for this package.

Directories

Path Synopsis

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL