Skip to content
forked from Auditware/radar

A static analysis tool for anchor rust programs.

License

Notifications You must be signed in to change notification settings

Hackthings/radar

 
 

Repository files navigation

radar

GitHub Actions Workflow Status Issues Templates Radar Jupyter Notebook Rule Running Playground Audit Wizard Discord Wiki

A static analysis tool for anchor rust programs.

radar allows you to write, share, and utilize templates to identify security issues in rust-based smart contracts using a powerful python based rule engine that enables automating detection of vulnerable code patterns through logical expressions.

⚙️ Installation

  1. Install and start docker

  2. Install git

  3. Install radar either from install script or from source

curl -L https://raw.githubusercontent.com/auditware/radar/main/install-radar.sh | bash
radar -p <your-contract-folder>

OR

git clone https://github.com/auditware/radar.git
cd radar
./radar -p <your-contract-folder>

👀 First run

A good contract to first test radar against is the beautiful repo sealevel-attacks

git clone https://github.com/coral-xyz/sealevel-attacks
radar -p sealevel-attacks

🔂 GitHub Action !

In a 10 seconds setup you can integrate radar-action and be alerted with radar's insights continuously through your contract repository.

Radar GitHub Action

After fixing issues, you could share that the action completes successfully each run by pasting a link similar to this in your repo's README.md:

<img src="https://img.shields.io/github/actions/workflow/status/<USER>/<REPO>/<RADAR-WORKFLOW-NAME>.yaml">

🔙 Pre-commit hook

If you're using pre-commit, you could also add radar to your workflow by adding radar to your .pre-commit-config.yaml configuration like so:

repos:
- repo: local
  hooks:
    - id: run-radar
      name: Run Radar Static Analysis
      entry: radar -p . --ignore low
      language: system
      stages: [commit]
      pass_filenames: false
      always_run: true

Contribution

Either if you have a vulnerability to test in mind, or if you want to improve the quality of an existing one, templates are the best way to contribute to this repo! Open a PR to add your template to the built-ins.

How to write templates

We'd love to assist with writing your first template, and provide guidance.

Check out the Wiki for more details. For support reach out to the Audit Wizard Discord.

About

A static analysis tool for anchor rust programs.

Resources

License

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 82.4%
  • Shell 8.8%
  • Jupyter Notebook 3.1%
  • Dockerfile 2.9%
  • Rust 1.5%
  • Makefile 1.3%