embark-mythx/README.md

![Running MythX analyses in Status Embark](https://cdn-images-1.medium.com/max/960/1*7jwHRc5J152bz704Fg7iug.png)

[![GitHub license](https://img.shields.io/github/license/flex-dapps/embark-mythx.svg)](https://github.com/flex-dapps/embark-mythx/blob/master/LICENSE)
![npm](https://img.shields.io/npm/v/embark-mythx.svg)

# Status Embark plugin for MythX.

This plugin brings MythX to Status Embark. Simply call `verify` from the Embark console and `embark-mythx` sends your contracts off for analysis. It is inspired by `truffle-security` and uses its source mapping and reporting functions.

## QuickStart

1. Create a `.env` file in the root of your project and provide your MythX login information. Free MythX accounts can be created at https://dashboard.mythx.io/#/registration.

```json
MYTHX_USERNAME="<mythx-username>"
MYTHX_PASSWORD="<password>"
```

> **NOTE:** `MYTHX_ETH_ADDRESS` has been deprecated in favour of `MYTHX_USERNAME` and will be removed in future versions. Please update your .env file or your environment variables accordingly. 

`MYTHX_USERNAME` may be either of:
* MythX User ID (assigned by MythX API to any registered user);
* Ethereum address, if user account is associated with an address;
* A verified email address, if the user account is associated with an email address, and that address has been verified by visiting the verification link in the verification email sent by the MythX API each time when user email is set or modified in the MythX settings.

For more information, please see the [MythX API Login documentation](https://api.mythx.io/v1/openapi#operation/login).

2. Run `verify [options] [contracts]` in the Embark console. When the call returns, it will look something like this:

```bash
Embark (development) > verify
embark-mythx: Running MythX analysis in background.
embark-mythx: Submitting 'ERC20' for analysis...
embark-mythx: Submitting 'SafeMath' for analysis...
embark-mythx: Submitting 'Ownable' for analysis...

embark-mythx: 
/home/flex/mythx-plugin/testToken/.embark/contracts/ERC20.sol
  1:0  warning  A floating pragma is set  SWC-103

✖ 1 problem (0 errors, 1 warning)

embark-mythx: MythX analysis found vulnerabilities.
```

## Installation

0. Install this plugin from the root of your Embark project:

```bash
$ npm i embark-mythx
# or
$ npm i flex-dapps/embark-mythx
```

1. Add `embark-mythx` to the `plugins` section of your `embark.json` file. To have the plugin permanently ignore one or multiple contracts, add them to the configuration:

```json
"plugins": {
  "embark-mythx": {
    "ignore": ["Ownable", "Migrations"]
  }
}
``` 

## Usage

```bash
verify [--full] [--debug] [--limit] [--initial-delay] [<contracts>]
verify status <uuid>
verify help

Options:
	--full, -f		Perform full instead of quick analysis (not available on free MythX tier).
	--debug, -d		Additional debug output.
	--limit, -l		Maximum number of concurrent analyses.
	--initial-delay, -i	Time in seconds before first analysis status check.

	[<contracts>]		List of contracts to submit for analysis (default: all).
	status <uuid>		Retrieve analysis status for given MythX UUID.
	help			This help.

```

### Example Usage

```bash
# Quick analysis on all contracts in project
$ verify

# 'ERC20' and 'Ownable' full analysis
$ verify ERC20 Ownable --full

# Check status of previous or ongoing analysis
$ verify status ef5bb083-c57a-41b0-97c1-c14a54617812
```
Add header image 2019-04-29 08:28:44 +00:00			`![Running MythX analyses in Status Embark](https://cdn-images-1.medium.com/max/960/1*7jwHRc5J152bz704Fg7iug.png)`

Adding badges to readme 2019-05-07 09:35:36 +00:00			`[![GitHub license](https://img.shields.io/github/license/flex-dapps/embark-mythx.svg)](https://github.com/flex-dapps/embark-mythx/blob/master/LICENSE)`
			`![npm](https://img.shields.io/npm/v/embark-mythx.svg)`

Syntax highlighting 2019-04-26 16:28:51 +00:00			`# Status Embark plugin for MythX.`
Enabled parameters: mode, debug, cache-lookup, limit and contracts! 2019-04-22 19:15:40 +00:00
Updated readme 2019-04-26 15:47:02 +00:00			This plugin brings MythX to Status Embark. Simply call `verify` from the Embark console and `embark-mythx` sends your contracts off for analysis. It is inspired by `truffle-security` and uses its source mapping and reporting functions.

Sample usage in Readme 2019-04-26 16:26:30 +00:00			`## QuickStart`
Enabled parameters: mode, debug, cache-lookup, limit and contracts! 2019-04-22 19:15:40 +00:00
fix: Remove trial credentials and update MYTHX_ETH_ADDRESS to MYTHX_USERNAME Remove automatically provided trial credentials when MythX API login environment variables are not provided by the user. Deprecate the use of `MYTHX_ETH_ADDRESS` in favour of `MYTHX_USERNAME` environment variable. 2020-03-13 05:07:21 +00:00			1. Create a `.env` file in the root of your project and provide your MythX login information. Free MythX accounts can be created at https://dashboard.mythx.io/#/registration.
Fixing help string; cleanup 2019-04-26 15:28:30 +00:00
Syntax highlighting 2019-04-26 16:28:51 +00:00			```json
fix: Remove trial credentials and update MYTHX_ETH_ADDRESS to MYTHX_USERNAME Remove automatically provided trial credentials when MythX API login environment variables are not provided by the user. Deprecate the use of `MYTHX_ETH_ADDRESS` in favour of `MYTHX_USERNAME` environment variable. 2020-03-13 05:07:21 +00:00			`MYTHX_USERNAME="<mythx-username>"`
Fixing help string; cleanup 2019-04-26 15:28:30 +00:00			`MYTHX_PASSWORD="<password>"`
			```

fix: README and env variable warning update 2020-03-14 03:08:07 +00:00			> NOTE: `MYTHX_ETH_ADDRESS` has been deprecated in favour of `MYTHX_USERNAME` and will be removed in future versions. Please update your .env file or your environment variables accordingly.
fix: Remove trial credentials and update MYTHX_ETH_ADDRESS to MYTHX_USERNAME Remove automatically provided trial credentials when MythX API login environment variables are not provided by the user. Deprecate the use of `MYTHX_ETH_ADDRESS` in favour of `MYTHX_USERNAME` environment variable. 2020-03-13 05:07:21 +00:00
			`MYTHX_USERNAME` may be either of:
			`* MythX User ID (assigned by MythX API to any registered user);`
			`* Ethereum address, if user account is associated with an address;`
			`* A verified email address, if the user account is associated with an email address, and that address has been verified by visiting the verification link in the verification email sent by the MythX API each time when user email is set or modified in the MythX settings.`

			`For more information, please see the [MythX API Login documentation](https://api.mythx.io/v1/openapi#operation/login).`

npm package installation instructions 2019-04-30 09:27:16 +00:00			2. Run `verify [options] [contracts]` in the Embark console. When the call returns, it will look something like this:
Enabled parameters: mode, debug, cache-lookup, limit and contracts! 2019-04-22 19:15:40 +00:00
Syntax highlighting 2019-04-26 16:28:51 +00:00			```bash
Enabled parameters: mode, debug, cache-lookup, limit and contracts! 2019-04-22 19:15:40 +00:00			`Embark (development) > verify`
			`embark-mythx: Running MythX analysis in background.`
			`embark-mythx: Submitting 'ERC20' for analysis...`
			`embark-mythx: Submitting 'SafeMath' for analysis...`
			`embark-mythx: Submitting 'Ownable' for analysis...`

			`embark-mythx:`
			`/home/flex/mythx-plugin/testToken/.embark/contracts/ERC20.sol`
			`1:0 warning A floating pragma is set SWC-103`

			`✖ 1 problem (0 errors, 1 warning)`

			`embark-mythx: MythX analysis found vulnerabilities.`
			```

Sample usage in Readme 2019-04-26 16:26:30 +00:00			`## Installation`
Implemented command. Implemented filter. 2019-04-22 21:22:15 +00:00
npm package installation instructions 2019-04-30 09:27:16 +00:00			`0. Install this plugin from the root of your Embark project:`

			```bash
			`$ npm i embark-mythx`
			`# or`
			`$ npm i flex-dapps/embark-mythx`
			```

			1. Add `embark-mythx` to the `plugins` section of your `embark.json` file. To have the plugin permanently ignore one or multiple contracts, add them to the configuration:
Implemented command. Implemented filter. 2019-04-22 21:22:15 +00:00
Syntax highlighting 2019-04-26 16:28:51 +00:00			```json
Implemented command. Implemented filter. 2019-04-22 21:22:15 +00:00			`"plugins": {`
			`"embark-mythx": {`
			`"ignore": ["Ownable", "Migrations"]`
			`}`
			`}`
			```

Sample usage in Readme 2019-04-26 16:26:30 +00:00			`## Usage`
Documenting parameters 2019-04-22 21:46:52 +00:00
Syntax highlighting 2019-04-26 16:28:51 +00:00			```bash
Removed cache lookup option 2020-01-28 16:30:26 +00:00			`verify [--full] [--debug] [--limit] [--initial-delay] [<contracts>]`
Updated readme 2019-04-26 15:47:02 +00:00			`verify status <uuid>`
			`verify help`

			`Options:`
Removed cache lookup option 2020-01-28 16:30:26 +00:00			`--full, -f Perform full instead of quick analysis (not available on free MythX tier).`
Indentation 2019-04-29 09:46:38 +00:00			`--debug, -d Additional debug output.`
			`--limit, -l Maximum number of concurrent analyses.`
			`--initial-delay, -i Time in seconds before first analysis status check.`
Updated readme 2019-04-26 15:47:02 +00:00
			`[<contracts>] List of contracts to submit for analysis (default: all).`
			`status <uuid> Retrieve analysis status for given MythX UUID.`
			`help This help.`

Sample usage in Readme 2019-04-26 16:26:30 +00:00			```

			`### Example Usage`

Syntax highlighting 2019-04-26 16:28:51 +00:00			```bash
Sample usage in Readme 2019-04-26 16:26:30 +00:00			`# Quick analysis on all contracts in project`
npm package installation instructions 2019-04-30 09:27:16 +00:00			`$ verify`
Sample usage in Readme 2019-04-26 16:26:30 +00:00
			`# 'ERC20' and 'Ownable' full analysis`
npm package installation instructions 2019-04-30 09:27:16 +00:00			`$ verify ERC20 Ownable --full`
Sample usage in Readme 2019-04-26 16:26:30 +00:00
Language 2019-04-29 08:31:21 +00:00			`# Check status of previous or ongoing analysis`
npm package installation instructions 2019-04-30 09:27:16 +00:00			`$ verify status ef5bb083-c57a-41b0-97c1-c14a54617812`
Updated readme 2019-04-26 15:47:02 +00:00			```