mythril_webapi

Web API for Mythril - a Smart Contract Security Analysis Tool.

Pre-requisites

1. Python 3.6
2. Mythril
3. Django
4. Django Rest Framework
5. Celery
6. RabbitMQ

Detailed dependencies and versions are available in the requirements.txt file.

File structure

1. mythril_webapi: Django project
2. analysis: Django REST Framework app

Deployment on Heroku

# Clone the git repo
git clone https://github.com/ynouri/mythril_webapi.git

# Login to Heroku, create app and push repo
heroku login
heroku create
git push heroku master
heroku logs --tail

# Following line is apparently run automatically by Heroku during the push. Not needed
#heroku run python manage.py collectstatic

# Migrate the model, only first push
heroku run python manage.py migrate

# Start the CloudAMPQ service
heroku addons:create cloudamqp

# Start the Celery worker within a one-off dyno
heroku run celery worker -A mythril_webapi.celery_app --loglevel=info --concurrency=1

# Open the app. The browsable REST API is available at /mythril/v1/analysis/
heroku open

Example: https://cryptic-plateau-44263.herokuapp.com/mythril/v1/analysis/

Local Deployment on MacOS

Terminal 1 - web app

# Clone the git repo
git clone https://github.com/ynouri/mythril_webapi.git deploy_test

# Deploy a virtual environment and install the dependencies
virtualenv deploy_env
source deploy_env/bin/activate
pip install -r requirements.txt

# Deploy static assets
python manage.py collectstatic --no-input

# Migrate the models
python manage.py migrate

# Run Django server
python manage.py runserver

Terminal 2 - RabbitMQ

# Make sure to have the correct rights on /usr/local/sbin, and add it to $PATH
sudo chown -R `whoami`:admin /usr/local/sbin
export PATH="/usr/local/sbin:$PATH" # or add this line in ./bash_profile and restart a shell

# Install RabbitMQ
brew install rabbitmq

# Run RabbitMQ server
rabbitmq-server

# Check if it is running correctly
rabbitmqctl status

Terminal 3 - Celery

# Go to deploy folder and switch to deploy environment
cd deploy_test
source deploy_env/bin/activate

# Run Celery worker
celery worker -A mythril_webapi.celery_app --loglevel=info --concurrency=1

Terminal 4 - Run tests

# Go to deploy folder and switch to deploy environment
cd deploy_test
source deploy_env/bin/activate

# Run the tests
./all_tests.sh

Web browser

Open http://127.0.0.1:8000/mythril/v1/analysis/. Django REST framework provides a browsable API which can be used to play with the API.

Tests

./all_tests.sh

This script will run:

1. Unit tests on Django Rest serializers
2. Unit tests on the Celery task
3. Unit tests on the Web API
4. Curl command line tests on the running Web API

Most of the tests are using smart contract bytecode source from Mythril samples or Ethernaut.

To do :)

1. Expand and enhance existing unit tests (model, serializers, views, tasks, API!!)
2. Some tests depend on the execution time of myth and are not deterministic, this has to be fixed.
3. Validate fully Heroku packaging
4. Cover remaining requirements: handle multiple contract bytecodes POST
5. Mythril seems to display no found security issues for contracts that apparently do have some. Might not have taken the right bytecode in Remix.
6. Integrate advanced Mythril settings such as the depth
7. Handle all limit cases, error messages
8. Review and enhance exception handling
9. Refine the status and report deserializers so that json response only display the relevant fields.
10. Review security around default settings and login/passwords: Django, Celery, RabbitMQ, SQLite
11. Review production settings vs test
12. Adapt the Celery workers number settings to the deployment environment target (Heroku dynos?)
13. Enhance the diplay of issues returned by myth - return them in a dictionnary
14. Review the integration of Celery data model within Django's. Better model would be to have an Analysis model which would have a one-to-one (or one-to-many) relationship with CeleryTask model