| Name | tealer JSON |
| Version |
0.1.2
JSON |
| download |
| home_page | |
| Summary | Teal analyzer. |
| upload_time | 2024-02-08 14:13:23 |
| maintainer | |
| docs_url | None |
| author | Trail of Bits |
| requires_python | >=3.9 |
| license | AGPL-3.0 |
| keywords |
|
| VCS |
 |
| bugtrack_url |
|
| requirements |
No requirements were recorded.
|
| Travis-CI |
No Travis.
|
| coveralls test coverage |
No coveralls.
|
# Tealer
Tealer is a static analyzer for [Teal](https://developer.algorand.org/docs/features/asc1/) code.
It parses the Teal program, and builds its CFG. The analyzer comes with a set of vulnerabilities detectors and printers allowing to quickly review the contracts.
In addition, tealer allows for custom path discovery through [regular expression](#regular-expression), and can be configured to follow the [group information](#group-configuration) of the application.
- [Usage](#Usage)
- [Detectors](#detectors): Vulnerabilities detectors
- [Printers](#printers): Visual information
- [Regular expression](#regular-expression): Regular expression engine
- [How to install](#how-to-install)
- [Group configuration](#group-configuration)
## Usage
To detect vulnerabilities
```bash
tealer detect --contracts file.teal
```
To run a printer
```bash
tealer print <printer_name> --contracts file.teal
```
To run the regular expression engine
```bash
tealer regex <regex_file.txt> --contracts file.teal
```
For additional configuration, see the [Usage](https://github.com/crytic/tealer/wiki/Usage) documentation.
### Detectors
| Num | Detector | What it detects | Applies To | Impact | Confidence |
|-----|-------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|---------------------|--------------|------------|
| 1 | `is-deletable` | [Deletable Applications](https://github.com/crytic/tealer/wiki/Detector-Documentation#deletable-application) | Stateful | High | High |
| 2 | `is-updatable` | [Upgradable Applications](https://github.com/crytic/tealer/wiki/Detector-Documentation#upgradable-application) | Stateful | High | High |
| 3 | `unprotected-deletable` | [Unprotected Deletable Applications](https://github.com/crytic/tealer/wiki/Detector-Documentation#unprotected-deletable-application) | Stateful | High | High |
| 4 | `unprotected-updatable` | [Unprotected Upgradable Applications](https://github.com/crytic/tealer/wiki/Detector-Documentation#unprotected-updatable-application) | Stateful | High | High |
| 5 | `group-size-check` | [Usage of absolute indexes without validating GroupSize](https://github.com/crytic/tealer/wiki/Detector-Documentation#missing-groupsize-validation) | Stateless, Stateful | High | High |
| 6 | `can-close-account` | [Missing CloseRemainderTo field Validation](https://github.com/crytic/tealer/wiki/Detector-Documentation#missing-closeremainderto-field-validation) | Stateless | High | High |
| 7 | `can-close-asset` | [Missing AssetCloseTo Field Validation](https://github.com/crytic/tealer/wiki/Detector-Documentation#missing-assetcloseto-field-validation) | Stateless | High | High |
| 8 | `missing-fee-check` | [Missing Fee Field Validation](https://github.com/crytic/tealer/wiki/Detector-Documentation#missing-fee-field-validation) | Stateless | High | High |
| 9 | `rekey-to` | [Rekeyable Logic Signatures](https://github.com/crytic/tealer/wiki/Detector-Documentation#rekeyable-logicsig) | Stateless | High | High |
| 10 | `constant-gtxn` | [Unoptimized Gtxn](https://github.com/crytic/tealer/wiki/Detector-Documentation#Unoptimized-Gtxn) | Stateless | Optimization | High |
| 11 | `self-access` | [Unoptimized self access](https://github.com/crytic/tealer/wiki/Detector-Documentation#Unoptimized-self-access) | Stateless | Optimization | High |
| 12 | `sender-access` | [Unoptimized Gtxn](https://github.com/crytic/tealer/wiki/Detector-Documentation#Unoptimized-sender-access) | Stateless | Optimization | High |
For more information, see
- The [Detector Documentation](https://github.com/crytic/tealer/wiki/Detector-Documentation) for information on each detector
- The [Detection Selection](https://github.com/crytic/tealer/wiki/Usage#detector-selection) to run only selected detectors. By default, all the detectors are ran.
### Printers
| Num | Printer | What it prints |
|-----|-----------------------|---------------------------------------------------|
| 1 | `call-graph` | Export the call graph of contract to a dot file |
| 2 | `cfg` | Export the CFG of entire contract |
| 3 | `human-summary` | Print a human-readable summary of the contract |
| 4 | `subroutine-cfg` | Export the CFG of each subroutine |
| 5 | `transaction-context` | Output possible values of GroupIndices, GroupSize |
Printers output [`dot`](https://graphviz.org/) files.
Use `xdot` to open the files (`sudo apt install xdot`).
### Regular expression
Tealer can detect if there is a path between a given label and a set of instruction using the `regex` subcommand: `tealer regex regex.txt --contracts file.teal`.
The Regular expression file must be on the form:
```txt
label =>
ins1
ins2
```
If there is a match, tealer will generate a DOT file with the graph.
For an example, run `tealer regex tests/regex/regex.txt --contract tests/regex/vote_approval.teal`, with:
- [tests/regex/regex.txt](./tests/regex/regex.txt)
- [tests/regex/vote_approval.teal](./tests/regex/vote_approval.teal)
Which will generate `regex_result.dot`.
## How to install
`pip3 install tealer`
### Using Git
```bash
git clone https://github.com/crytic/tealer.git && cd tealer
make dev
```
## Group configuration
To help tealer reasons about applications that are meant to be run in a group of transaction, the user can provide the group information through a configuration file:
- See the [ANS configuration](tests/group_transactions/ans/ans_config.yaml) example
- See [Lightweight group information specification](https://forum.algorand.org/t/lightweight-group-information-specification/9735) discussion.
The file format is still in development, and it is likely to evolve in the future
## License
Tealer is licensed and distributed under the AGPLv3 license. [Contact us](opensource@trailofbits.com) if you're looking for an exception to the terms.
Raw data
{
"_id": null,
"home_page": "",
"name": "tealer",
"maintainer": "",
"docs_url": null,
"requires_python": ">=3.9",
"maintainer_email": "",
"keywords": "",
"author": "Trail of Bits",
"author_email": "",
"download_url": "https://files.pythonhosted.org/packages/4f/76/b57850592e4f79a44554b49eea6ae3e5a28f1f4001d6122fea936967ba55/tealer-0.1.2.tar.gz",
"platform": null,
"description": "# Tealer\n\nTealer is a static analyzer for [Teal](https://developer.algorand.org/docs/features/asc1/) code.\nIt parses the Teal program, and builds its CFG. The analyzer comes with a set of vulnerabilities detectors and printers allowing to quickly review the contracts.\nIn addition, tealer allows for custom path discovery through [regular expression](#regular-expression), and can be configured to follow the [group information](#group-configuration) of the application.\n\n- [Usage](#Usage)\n - [Detectors](#detectors): Vulnerabilities detectors\n - [Printers](#printers): Visual information\n - [Regular expression](#regular-expression): Regular expression engine\n- [How to install](#how-to-install)\n- [Group configuration](#group-configuration)\n\n## Usage\n\nTo detect vulnerabilities\n\n```bash\ntealer detect --contracts file.teal\n```\n\nTo run a printer\n\n```bash\ntealer print <printer_name> --contracts file.teal\n```\n\nTo run the regular expression engine\n\n```bash\ntealer regex <regex_file.txt> --contracts file.teal\n```\n\n\nFor additional configuration, see the [Usage](https://github.com/crytic/tealer/wiki/Usage) documentation.\n\n### Detectors\n\n| Num | Detector | What it detects | Applies To | Impact | Confidence |\n|-----|-------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------|---------------------|--------------|------------|\n| 1 | `is-deletable` | [Deletable Applications](https://github.com/crytic/tealer/wiki/Detector-Documentation#deletable-application) | Stateful | High | High |\n| 2 | `is-updatable` | [Upgradable Applications](https://github.com/crytic/tealer/wiki/Detector-Documentation#upgradable-application) | Stateful | High | High |\n| 3 | `unprotected-deletable` | [Unprotected Deletable Applications](https://github.com/crytic/tealer/wiki/Detector-Documentation#unprotected-deletable-application) | Stateful | High | High |\n| 4 | `unprotected-updatable` | [Unprotected Upgradable Applications](https://github.com/crytic/tealer/wiki/Detector-Documentation#unprotected-updatable-application) | Stateful | High | High |\n| 5 | `group-size-check` | [Usage of absolute indexes without validating GroupSize](https://github.com/crytic/tealer/wiki/Detector-Documentation#missing-groupsize-validation) | Stateless, Stateful | High | High |\n| 6 | `can-close-account` | [Missing CloseRemainderTo field Validation](https://github.com/crytic/tealer/wiki/Detector-Documentation#missing-closeremainderto-field-validation) | Stateless | High | High |\n| 7 | `can-close-asset` | [Missing AssetCloseTo Field Validation](https://github.com/crytic/tealer/wiki/Detector-Documentation#missing-assetcloseto-field-validation) | Stateless | High | High |\n| 8 | `missing-fee-check` | [Missing Fee Field Validation](https://github.com/crytic/tealer/wiki/Detector-Documentation#missing-fee-field-validation) | Stateless | High | High |\n| 9 | `rekey-to` | [Rekeyable Logic Signatures](https://github.com/crytic/tealer/wiki/Detector-Documentation#rekeyable-logicsig) | Stateless | High | High |\n| 10 | `constant-gtxn` | [Unoptimized Gtxn](https://github.com/crytic/tealer/wiki/Detector-Documentation#Unoptimized-Gtxn) | Stateless | Optimization | High |\n| 11 | `self-access` | [Unoptimized self access](https://github.com/crytic/tealer/wiki/Detector-Documentation#Unoptimized-self-access) | Stateless | Optimization | High |\n| 12 | `sender-access` | [Unoptimized Gtxn](https://github.com/crytic/tealer/wiki/Detector-Documentation#Unoptimized-sender-access) | Stateless | Optimization | High |\n\n\nFor more information, see\n\n- The [Detector Documentation](https://github.com/crytic/tealer/wiki/Detector-Documentation) for information on each detector\n- The [Detection Selection](https://github.com/crytic/tealer/wiki/Usage#detector-selection) to run only selected detectors. By default, all the detectors are ran.\n\n### Printers\n\n| Num | Printer | What it prints |\n|-----|-----------------------|---------------------------------------------------|\n| 1 | `call-graph` | Export the call graph of contract to a dot file |\n| 2 | `cfg` | Export the CFG of entire contract |\n| 3 | `human-summary` | Print a human-readable summary of the contract |\n| 4 | `subroutine-cfg` | Export the CFG of each subroutine |\n| 5 | `transaction-context` | Output possible values of GroupIndices, GroupSize |\n\n\nPrinters output [`dot`](https://graphviz.org/) files.\nUse `xdot` to open the files (`sudo apt install xdot`).\n\n### Regular expression\n\nTealer can detect if there is a path between a given label and a set of instruction using the `regex` subcommand: `tealer regex regex.txt --contracts file.teal`.\n\nThe Regular expression file must be on the form:\n```txt\nlabel =>\n ins1\n ins2\n```\n\nIf there is a match, tealer will generate a DOT file with the graph.\n\nFor an example, run `tealer regex tests/regex/regex.txt --contract tests/regex/vote_approval.teal`, with:\n- [tests/regex/regex.txt](./tests/regex/regex.txt)\n- [tests/regex/vote_approval.teal](./tests/regex/vote_approval.teal)\n\nWhich will generate `regex_result.dot`.\n\n## How to install\n\n`pip3 install tealer`\n\n### Using Git\n\n```bash\ngit clone https://github.com/crytic/tealer.git && cd tealer\nmake dev\n```\n\n\n## Group configuration\n\nTo help tealer reasons about applications that are meant to be run in a group of transaction, the user can provide the group information through a configuration file:\n- See the [ANS configuration](tests/group_transactions/ans/ans_config.yaml) example\n- See [Lightweight group information specification](https://forum.algorand.org/t/lightweight-group-information-specification/9735) discussion.\n\nThe file format is still in development, and it is likely to evolve in the future\n\n## License\n\nTealer is licensed and distributed under the AGPLv3 license. [Contact us](opensource@trailofbits.com) if you're looking for an exception to the terms.\n",
"bugtrack_url": null,
"license": "AGPL-3.0",
"summary": "Teal analyzer.",
"version": "0.1.2",
"project_urls": {
"Homepage": "https://github.com/crytic/tealer"
},
"split_keywords": [],
"urls": [
{
"comment_text": "",
"digests": {
"blake2b_256": "34ec092f9c51d712437fb6e704d142d6fdeb9a66401e03f6b3134cf1d3a1d094",
"md5": "d7e1026e5f304f6750f41351b890c2e0",
"sha256": "78f9922b13837b3e1bf7e48bf55392a8f222d21cab62fe4ce2434441fed24a18"
},
"downloads": -1,
"filename": "tealer-0.1.2-py3-none-any.whl",
"has_sig": false,
"md5_digest": "d7e1026e5f304f6750f41351b890c2e0",
"packagetype": "bdist_wheel",
"python_version": "py3",
"requires_python": ">=3.9",
"size": 242487,
"upload_time": "2024-02-08T14:13:22",
"upload_time_iso_8601": "2024-02-08T14:13:22.132954Z",
"url": "https://files.pythonhosted.org/packages/34/ec/092f9c51d712437fb6e704d142d6fdeb9a66401e03f6b3134cf1d3a1d094/tealer-0.1.2-py3-none-any.whl",
"yanked": false,
"yanked_reason": null
},
{
"comment_text": "",
"digests": {
"blake2b_256": "4f76b57850592e4f79a44554b49eea6ae3e5a28f1f4001d6122fea936967ba55",
"md5": "9dba10aa849672fb4c4575efcc85f120",
"sha256": "ba393a2d5fed0446e5bae791460bb8e2313f666a8db6f0405c29e3faa417c856"
},
"downloads": -1,
"filename": "tealer-0.1.2.tar.gz",
"has_sig": false,
"md5_digest": "9dba10aa849672fb4c4575efcc85f120",
"packagetype": "sdist",
"python_version": "source",
"requires_python": ">=3.9",
"size": 179331,
"upload_time": "2024-02-08T14:13:23",
"upload_time_iso_8601": "2024-02-08T14:13:23.605687Z",
"url": "https://files.pythonhosted.org/packages/4f/76/b57850592e4f79a44554b49eea6ae3e5a28f1f4001d6122fea936967ba55/tealer-0.1.2.tar.gz",
"yanked": false,
"yanked_reason": null
}
],
"upload_time": "2024-02-08 14:13:23",
"github": true,
"gitlab": false,
"bitbucket": false,
"codeberg": false,
"github_user": "crytic",
"github_project": "tealer",
"travis_ci": false,
"coveralls": false,
"github_actions": true,
"lcname": "tealer"
}
