From 3883dc3f3b2d33c7519292404e4942969a4dd2f2 Mon Sep 17 00:00:00 2001
From: Ahmed Ihsan Tawfeeq <ahmed.i.tawfeeq@protonmail.com>
Date: Thu, 26 Oct 2023 06:27:12 -0600
Subject: [PATCH] ci: add slither job (#714)

* ci: add slither job
chore: fix solc remap path in slither config

* ci: use cached build for slither job

* ci: use solc 0.8.21 in slither job

* ci: revise slither job
revert: ci: use cached build for slither job

* ci: remove superfluous "solc-version" config in slither job not required when a compilation framework is used

---------

Co-authored-by: andreivladbrg <andreivladbrg@gmail.com>
---
 .github/workflows/ci.yml | 32 +++++++++++++++++++++++++++++++-
 slither.config.json      |  2 +-
 2 files changed, 32 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 7a5f6eb27..59c164541 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -284,4 +284,34 @@ jobs:
       - name: "Add coverage summary"
         run: |
           echo "## Coverage result" >> $GITHUB_STEP_SUMMARY
-          echo "✅ Uploaded to Codecov" >> $GITHUB_STEP_SUMMARY
\ No newline at end of file
+          echo "✅ Uploaded to Codecov" >> $GITHUB_STEP_SUMMARY
+
+  slither-analyze:
+    needs: ["lint", "build"]
+    runs-on: "ubuntu-latest"
+    permissions:
+      actions: "read"
+      contents: "read"
+      security-events: "write"
+    steps:
+      - name: "Check out the repo"
+        uses: "actions/checkout@v3"
+        with:
+          submodules: "recursive"
+
+      - name: "Run Slither analysis"
+        uses: "crytic/slither-action@v0.3.0"
+        id: "slither"
+        with:
+          fail-on: "none"
+          sarif: "results.sarif"
+
+      - name: "Upload SARIF file to GitHub code scanning"
+        uses: "github/codeql-action/upload-sarif@v2"
+        with:
+          sarif_file: ${{ steps.slither.outputs.sarif }}
+
+      - name: "Add Slither summary"
+        run: |
+          echo "## Slither result" >> $GITHUB_STEP_SUMMARY
+          echo "✅ Uploaded to GitHub code scanning" >> $GITHUB_STEP_SUMMARY
diff --git a/slither.config.json b/slither.config.json
index 725063073..0776b9633 100644
--- a/slither.config.json
+++ b/slither.config.json
@@ -2,7 +2,7 @@
   "detectors_to_exclude": "naming-convention,reentrancy-events,solc-version,timestamp",
   "filter_paths": "(lib|test)",
   "solc_remaps": [
-    "@openzeppelin/contracts=lib/openzeppelin-contracts/contracts/",
+    "@openzeppelin/contracts/=lib/openzeppelin-contracts/contracts/",
     "@prb/math/=lib/prb-math/",
     "@prb/test/=lib/prb-test/src/",
     "forge-std/=lib/forge-std/src/",