An extension that supports developers in writing secure and well understood code
This extension contributes security centric syntax and semantic highlighting, a detailed class outline, specialized views, advanced Solidity code insights and augmentation to Visual Studio Code.
⚠️ Note: Customize this extension to fit your needs! Show/Hide/Enable/Disable features in Preference → Settings → Solidity Visual Developer: solidity-va.*
, select one of the customized security-aware color themes in Preferences → Color Themes
.
We ❤ feedback → get in touch!
Marketplace: ext tintinweb.solidity-visual-auditor
Semantic highlighting and solidity insights for passive security awareness. Most features are configurable (preferences -> Settings -> Solidity Visual Developer
)
Themes (preferences -> Color Theme
):
Syntax Highlighting
external
, public
, payable
, ...)address.call()
, tx.origin
, msg.data
, block.*
, now
)memory
, storage
)TODO
, FIXME
, HACK
, ...)Code fragments passively draw your attention to statements that typically reduce risk or need your attention .
Semantic Highlighting
Review Features
@audit - <msg>
@audit-ok - <msg>
(see below)Graph- and Reporting Features
Code Augmentation
Views
Method 1: Install by going to Visual Studio Market Place and click Install
.
Method 2: Bring up the Extension view in VS Code and search for Solidity Visual Developer
and click Install
Method 3 (Manual):
code --install-extension "solidity-visual-auditor-0.0.x.vsix"
Scroll down and take the tour.
@audit
tagsFeature: Ethereum Account Address Actions
open
the account on etherscan.iocode
VerifiedContract
source codedecompile
the byte-code. requires vscode-decompilerFeature: Semantic function argument highlighting
Feature: Inline Bookmarks
This feature is provided by Inline Bookmarks.
@audit - <msg>
... flag lines for security review or start a security review discussion@audit-ok - <msg>
... flag that a line was checked for security or a security discussion on that line turned out to be a non-issueFeature: Code Augmentation / Annotations / Hover / Tooltip
Feature: State Variable Highlighting
Approval
)Feature: CodeLenses
Feature: Outline View
T
and declarationsFeature: Cockpit View
We've been working on a new cockpit view that allows you to navigate large codebases more efficiently. Check out the new icon in the activity bar to your left.
So, what can you do with it?
truffle-flattener
may require an npm install
of the project for flattening to work)And there is more to come 🙌 stay tuned!
Note: The cockpit view is fully customizable. You can hide both the sidebar menu or any view in the cockpit that you do not need (right-click → hide).
BuiltIn: Commands
Please refer to the extension's contribution section to show an up-to-date list of commands.
Theme: Solidity Visual Developer Light (VSCode)
Theme: Solidity Visual Developer Dark
Simple DAO
Vulnerable Contract
Theme: Solidity Visual Developer Solarized Light
Simple DAO
Configuration: Settings & Customizations
solidity-va.mode.active
.. Enable/Disable all active components of this extension (emergency master-switch).Solidity-va.parser.parseImports
... Whether to recursively parse imports or notSolidity-va.hover
... Enable or Disable generic onHover information (asm instruction signatures, security notes)Solidity-va.deco.statevars
... decorate statevars in code view (golden, green, blue boxes)Solidity-va.deco.arguments
... enable/disable or select the mode for semantic highlighting of function arguments. (default: 'enable' = 'color and arrow')Solidity-va.deco.argumentsMode
... select the mode for semantic highlighting of function arguments (may require a reload)Solidity-va.deco.argumentsSuffix
... a custom Suffix/Symbol that is appended to the decoration when performing semantic highlighting for function argumentsSolidity-va.outline.enable
... enable/disable outline and symbolproviderSolidity-va.outline.decorations
... decorate functions according to state mutability function visibilitySolidity-va.outline.inheritance.show
... add inherited functions to outline viewSolidity-va.outline.extras
... annotate functions with extra information (complexity, statevar access)Solidity-va.outline.var.storage_annotations
... Whether to show/hide storage annotations for variables in the outline viewSolidity-va.outline.pragmas.show
... Whether to show/hide pragmas in the outline viewSolidity-va.outline.imports.show
... Whether to show/hide imports in the outline viewSolidity-va.diagnostics.import.cdili-json
... Automatically import diagnostic issues from external scanners using the cdili-issue.json
format:{
"onInputFile": "contracts/BountiesMetaTxRelayer.sol",
"atLineNr": "10",
"ruleType": "code_smell",
"severity": "major",
"linterVersion": "0.1",
"linterName": "maru",
"message": "State Variable Default Visibility - It is best practice to set the visibility of state variables explicitly. The default visibility for \"bountiesContract\" is internal. Other possible visibility values are public and private.",
"forRule": "State_Variable_Default_Visibility"
}
Solidity-va.codelens.enable
... enable/disable codelens support (inline code actions)solidity-va.preview.dot
... open dot output in graphviz rendered formsolidity-va.preview.markdown
... open markdown output in rendered formSolidity-va.tools.surya.input.contracts
... Define whether surya should take cached files or all contracts in the workspace as inputPlease refer to the extension's contribution section to show an up-to-date list of settings.
uml
feature does not seem to work. How can I set it up?Solarized Light
Release Notes
View on GitHub: https://github.com/Consensys/vscode-solidity-auditor