new infoleak detector with updated infra

README.md

@@ -93,14 +93,14 @@ options:
   This will produce the following output:
 
   ```
-  |   id | program        | function   | detector   | result   | info           |
-  |------|----------------|------------|------------|----------|----------------|
-  |    0 | infoleak0.aleo | ex0        | infoleak   | unsafe   | [('r0', 'r0')] |
-  |    1 | infoleak0.aleo | ex1        | infoleak   | safe     | []             |
-  |    2 | infoleak0.aleo | ex2        | infoleak   | unsafe   | [('r0', 'r1')] |
+  |   id | program        | function   | detector   | result   | info                 |
+  |------|----------------|------------|------------|----------|----------------------|
+  |    0 | infoleak0.aleo | ex0        | infoleak   | unsafe   | ['output r0 as u8;'] |
+  |    1 | infoleak0.aleo | ex1        | infoleak   | safe     | []                   |
+  |    2 | infoleak0.aleo | ex2        | infoleak   | unsafe   | ['output r1 as i8;'] |
   ```
 
-  where the info column provides more information about the detected vulnerability. For example, in function `ex0` there's information leakage from variable `r0` to `r0` (direct returning of input), and in `ex2` from `r0` to `r1`. 
+  where the info column provides more information about the detected vulnerability. For example, in function `ex0` there's information leakage of `r0` via output command. 
 
 ### Calling from Source
 
@@ -113,7 +113,7 @@ from .vanguard.aleo.detectors import detector_divz
 project_name = "divz0"
 function_name = "ex1"
 build_path = f"./tests/public/{project_name}/build/"
-env = AleoEnvironment(build_path) # load project
+env = AleoEnvironment.from_project(build_path) # load project
 detector_divz(env, env.main.id, function_name, readable=True) # detect
 ```
 
@@ -140,7 +140,7 @@ from vanguard.aleo.detectors import detector_divz
 project_name = "divz0"
 function_name = "ex1"
 build_path = f"./tests/public/{project_name}/build/"
-env = AleoEnvironment(build_path) # load project
+env = AleoEnvironment.from_project(build_path) # load project
 detector_divz(env, env.main.id, function_name, readable=True) # detect
 ```
 

pyproject.toml

@@ -1,6 +1,6 @@
 [project]
 name = "vanguard"
-version = "0.0.3"
+version = "0.0.4"
 authors = [
   { name="Yanju Chen", email="[email protected]" },
 ]

tests/environment-test.ipynb

@@ -0,0 +1,167 @@
+{
+ "cells": [
+  {
+   "cell_type": "code",
+   "execution_count": 1,
+   "id": "0c1a1d20-18ec-451f-a739-eddb4c4265cf",
+   "metadata": {},
+   "outputs": [
+    {
+     "name": "stdout",
+     "output_type": "stream",
+     "text": [
+      "# parsing: treasure_hunt_v006.aleo ... 0.34779787063598633s\n",
+      "# parsing: aleo_monopoly_workshop.aleo ... 0.12547612190246582s\n",
+      "# parsing: treasure_hunt_v010.aleo ... 0.2432699203491211s\n",
+      "# parsing: zk_sra_encryption_v0_0_2.aleo ... 0.16161203384399414s\n",
+      "# parsing: aleo_monopoly_workshop4.aleo ... 0.11990594863891602s\n",
+      "# parsing: football_game_v008.aleo ... 0.5488848686218262s\n",
+      "# parsing: uniswap_v5.aleo ... 0.2239542007446289s\n",
+      "# parsing: wheres_alex_v018.aleo ... 0.12740397453308105s\n",
+      "# parsing: aleo_name_service_registry_v2.aleo ... 0.24753427505493164s\n",
+      "# parsing: aleo_monopoly_game4.aleo ... 0.12900400161743164s\n",
+      "# parsing: arcane_rfq_amm_v000004.aleo ... 0.1556079387664795s\n",
+      "# parsing: aleo_monopoly_workshop8.aleo ... 0.18530797958374023s\n",
+      "# parsing: aleo_monopoly_workshop10.aleo ... 0.16002297401428223s\n",
+      "# parsing: football_game_v004.aleo ... 0.4669189453125s\n",
+      "# parsing: who_is_dash_pash_v20203.aleo ... 0.1273338794708252s\n",
+      "# parsing: wheres_alex_v014.aleo ... 0.14441990852355957s\n",
+      "# parsing: football_game_v012.aleo ... 0.45942187309265137s\n",
+      "# parsing: tyron_app_test1.aleo ... 0.11498069763183594s\n",
+      "# parsing: distrofund_private_transfer_v2.aleo ... 0.19888782501220703s\n",
+      "# parsing: wheres_alex_v015.aleo ... 0.12262892723083496s\n",
+      "# parsing: football_game_v005.aleo ... 0.5159265995025635s\n",
+      "# parsing: zk_deck_shuffle_v0_0_1.aleo ... 3.3427340984344482s\n",
+      "# parsing: aleo_monopoly_workshop9.aleo ... 0.40294814109802246s\n",
+      "# parsing: arcane_rfq_amm_v000005.aleo ... 0.14778709411621094s\n",
+      "# parsing: aleo_name_service_registry_v3.aleo ... 0.24942994117736816s\n",
+      "# parsing: wheres_the_babycat.aleo ... 0.13100290298461914s\n",
+      "# parsing: wheres_alex_v019.aleo ... 0.15442514419555664s\n",
+      "# parsing: football_game_v009.aleo ... 0.5510199069976807s\n",
+      "# parsing: aleo_monopoly_workshop5.aleo ... 0.12297701835632324s\n",
+      "# parsing: credits.aleo ... 0.07080316543579102s\n",
+      "# parsing: treasure_hunt_v007.aleo ... 0.32471489906311035s\n",
+      "# parsing: council_v0001.aleo ... 0.11010289192199707s\n",
+      "# parsing: arcane_rfq_amm_v000002.aleo ... 0.2603728771209717s\n",
+      "# parsing: aleoswap05.aleo ... 0.31355762481689453s\n",
+      "# parsing: aleo_game_shop.aleo ... 0.1441662311553955s\n",
+      "# parsing: football_game_v002.aleo ... 0.32427000999450684s\n",
+      "# parsing: wheres_alex_v012.aleo ... 0.12132596969604492s\n",
+      "# parsing: aleo_store_nft.aleo ... 0.16173624992370605s\n",
+      "# parsing: whos_the_father_v002.aleo ... 0.1543598175048828s\n",
+      "# parsing: graph_coloring_v1.aleo ... 1.006282091140747s\n",
+      "# parsing: whoes_the_dragon_v01.aleo ... 0.20656824111938477s\n",
+      "# parsing: aleo_monopoly_workshop2.aleo ... 0.11718130111694336s\n",
+      "# parsing: zk_bitwise_stack_v0_0_1.aleo ... 0.4026181697845459s\n",
+      "# parsing: distrofund_private_transfer.aleo ... 0.21562480926513672s\n",
+      "# parsing: wheres_luna_v020.aleo ... 0.16715312004089355s\n",
+      "# parsing: aleo_monopoly_workshop3.aleo ... 0.1257779598236084s\n",
+      "# parsing: king_of_cat_v001.aleo ... 0.1271648406982422s\n",
+      "# parsing: treasure_hunt_v001.aleo ... 0.24799370765686035s\n",
+      "# parsing: whos_the_father_v003.aleo ... 0.12563395500183105s\n",
+      "# parsing: graph_coloring.aleo ... 1.125340223312378s\n",
+      "# parsing: wheres_alex_v013.aleo ... 0.1239628791809082s\n",
+      "# parsing: aleo_monopoly_game16.aleo ... 0.1281447410583496s\n",
+      "# parsing: arcane_rfq_amm_v000003.aleo ... 0.15100908279418945s\n",
+      "# parsing: zk_ml_dna_v0.aleo ... 0.16376709938049316s\n",
+      "# parsing: double_color_ball.aleo ... 2.8149960041046143s\n",
+      "# parsing: wheres_alex_v010.aleo ... 0.11389803886413574s\n",
+      "# parsing: lymphography_decision_tree_v1.aleo ... 0.17242002487182617s\n",
+      "# parsing: arcane_amm_v2_0.aleo ... 0.19998979568481445s\n",
+      "# parsing: zk_bitwise_stack_v0_0_3.aleo ... 0.7781190872192383s\n",
+      "# parsing: imma_find_alex_v01.aleo ... 0.12848210334777832s\n",
+      "# parsing: sklearn_mlp_mnist_1.aleo ... 0.14882493019104004s\n",
+      "# parsing: treasure_hunt_v002.aleo ... 0.23104190826416016s\n",
+      "# parsing: wheres_luna_v019.aleo ... 0.1290280818939209s\n",
+      "# parsing: whos_the_father_v001.aleo ... 0.12782502174377441s\n",
+      "# parsing: treasure_hunt_v003.aleo ... 0.295212984085083s\n",
+      "# parsing: zk_bitwise_stack_v0_0_2.aleo ... 0.412182092666626s\n",
+      "# parsing: wheres_jojo_v008.aleo ... 0.13227605819702148s\n",
+      "# parsing: arcane_rfq_amm_v000001.aleo ... 0.17067408561706543s\n",
+      "# parsing: zk_ml_dna_1700237585_v0.aleo ... 0.15897893905639648s\n",
+      "# parsing: aleoswap06.aleo ... 0.3017849922180176s\n",
+      "# parsing: nft_store_yong.aleo ... 0.16585206985473633s\n",
+      "# parsing: wheres_alex_v011.aleo ... 0.11071419715881348s\n",
+      "# parsing: football_random_v011.aleo ... 0.3941667079925537s\n",
+      "# parsing: testalphav1x1.aleo ... 0.4517788887023926s\n",
+      "# parsing: zk_bitwise_stack_v0_0_5.aleo ... 0.9719009399414062s\n",
+      "# parsing: hialstestv1.aleo ... 0.3391139507293701s\n",
+      "# parsing: what_does_gary_do_v001.aleo ... 0.13190793991088867s\n",
+      "# parsing: aleo_monopoly_workshop6.aleo ... 0.14983606338500977s\n",
+      "# parsing: treasure_hunt_v004.aleo ... 0.2787461280822754s\n",
+      "# parsing: zk_ml_dna_1700246715_v0.aleo ... 0.15949177742004395s\n",
+      "# parsing: football_game_v010.aleo ... 0.5402669906616211s\n",
+      "# parsing: wheres_alex_v016.aleo ... 0.1281871795654297s\n",
+      "# parsing: football_game_v006.aleo ... 0.5075030326843262s\n",
+      "# parsing: arcane_rfq_amm_v000006.aleo ... 0.17911505699157715s\n",
+      "# parsing: treasure_hunt_v008.aleo ... 0.29166197776794434s\n",
+      "# parsing: aleo_name_service_registry_v1.aleo ... 0.25179481506347656s\n",
+      "# parsing: treasure_hunt_v009.aleo ... 0.3150472640991211s\n",
+      "# parsing: lymphography_xgboost_v1.aleo ... 0.33880114555358887s\n",
+      "# parsing: football_game_v007.aleo ... 0.5076649188995361s\n",
+      "# parsing: wheres_alex_v017.aleo ... 0.13222599029541016s\n",
+      "# parsing: wheres_alex_probably_weeds.aleo ... 0.13173818588256836s\n",
+      "# parsing: treasure_hunt_v005.aleo ... 0.3213942050933838s\n",
+      "# parsing: zk_sra_encryption_v0_0_1.aleo ... 0.09100961685180664s\n",
+      "# parsing: twoalkilining.aleo ... 0.176069974899292s\n",
+      "# parsing: zkhack_mnist_v2.aleo ... 0.1515669822692871s\n",
+      "# parsing: wheres_joe_v019.aleo ... 0.12791705131530762s\n",
+      "# parsing: wheres_alex_by_joey11_v1.aleo ... 0.12585806846618652s\n",
+      "# parsing: aleo_monopoly_workshop7.aleo ... 0.12298393249511719s\n",
+      "# parsing: zk_bitwise_stack_v0_0_4.aleo ... 0.7650339603424072s\n",
+      "# parsing: alphaswap_v1.aleo ... 0.519434928894043s\n"
+     ]
+    }
+   ],
+   "source": [
+    "import os\n",
+    "import time\n",
+    "os.chdir(\"..\")\n",
+    "\n",
+    "from vanguard.aleo.grammar import AleoEnvironment\n",
+    "\n",
+    "# for dp, _, fns in os.walk(\"tests/explorer/haruka/\"):\n",
+    "for dp, _, fns in os.walk(\"tests/explorer/aleo/\"):\n",
+    "    for fn in fns:\n",
+    "        p = os.path.abspath(os.path.join(dp, fn))\n",
+    "        # print(f\"# parsing: {p} ... \", end=\"\")\n",
+    "        print(f\"# parsing: {fn} ... \", end=\"\")\n",
+    "        s = time.time()\n",
+    "\n",
+    "        _env = AleoEnvironment.from_program(p)\n",
+    "        \n",
+    "        e = time.time()\n",
+    "        print(f\"{e-s}s\")"
+   ]
+  },
+  {
+   "cell_type": "code",
+   "execution_count": null,
+   "id": "c75a2be4-e814-40fc-a128-8d879df646b5",
+   "metadata": {},
+   "outputs": [],
+   "source": []
+  }
+ ],
+ "metadata": {
+  "kernelspec": {
+   "display_name": "Python 3 (ipykernel)",
+   "language": "python",
+   "name": "python3"
+  },
+  "language_info": {
+   "codemirror_mode": {
+    "name": "ipython",
+    "version": 3
+   },
+   "file_extension": ".py",
+   "mimetype": "text/x-python",
+   "name": "python",
+   "nbconvert_exporter": "python",
+   "pygments_lexer": "ipython3",
+   "version": "3.12.0"
+  }
+ },
+ "nbformat": 4,
+ "nbformat_minor": 5
+}

tests/parser-test.ipynb

@@ -89,7 +89,7 @@
     "lexer = AleoLexer(input_stream)\n",
     "stream = CommonTokenStream(lexer)\n",
     "parser = AleoParser(stream)\n",
-    "tree = parser.start()\n"
+    "tree = parser.start()"
    ]
   },
   {

tests/public/divz0/src/main.leo

@@ -87,7 +87,7 @@ program divz0.aleo {
 
     // compilable, runnable
     // label: bad
-    const label_ex7: bool = false;
+    const label_ex7: bool = true;
     transition ex7() -> u8 {
         let a: u8 = 225u8;
         let b: u8 = 0u8;

tests/public/infoleak0/build/main.aleo

@@ -46,7 +46,7 @@ mapping account_ex11:
 	value as u8.public;
 
 function vanguard_helper:
-    cast  true false true true true true true false true true true false true true true true true true true true true true true true true into r0 as [boolean; 25u32];
+    cast  true false true true true true true false true true true false true true true true true true true true true true true true false into r0 as [boolean; 25u32];
     output r0 as [boolean; 25u32].private;
 
 

tests/public/infoleak0/src/main.leo

@@ -291,8 +291,8 @@ program infoleak0.aleo {
 
     // record leak
     // compilable, runnable
-    // label: bad
-    const label_ex24: bool = true;
+    // label: good (actual input record has all public fields)
+    const label_ex24: bool = false;
     record rec_ex24 {
         public owner: address,
         public data: u8,

tests/scripts/parsing.py

@@ -3,6 +3,6 @@
 if __name__ == "__main__":
     project_name = "divz0"
     build_path = f"./tests/public/{project_name}/build/"
-    env = AleoEnvironment(build_path)
+    env = AleoEnvironment.from_project(build_path)
     main = env.main
     print("# Done.")

tests/scripts/test-divz.py

@@ -4,7 +4,7 @@
 if __name__ == "__main__":
     project_name = "divz0"
     build_path = f"./tests/public/{project_name}/build/"
-    env = AleoEnvironment(build_path)
+    env = AleoEnvironment.from_project(build_path)
     main = env.main
     fid = "ex0"
     res, info = detector_divz(env, main.id, fid)

tests/scripts/test-infoleak.py

@@ -4,7 +4,7 @@
 if __name__ == "__main__":
     project_name = "infoleak0"
     build_path = f"./tests/public/{project_name}/build/"
-    env = AleoEnvironment(build_path)
+    env = AleoEnvironment.from_project(build_path)
     main = env.main
 
     fid = "ex0"

tests/scripts/test-rtcnst.py

@@ -4,7 +4,7 @@
 if __name__ == "__main__":
     project_name = "rtcnst0"
     build_path = f"./tests/public/{project_name}/build/"
-    env = AleoEnvironment(build_path)
+    env = AleoEnvironment.from_project(build_path)
     main = env.main
     fid = "ex0"
     res, info = detector_rtcnst(env, main.id, fid)

tests/scripts/test-unused.py

@@ -4,7 +4,7 @@
 if __name__ == "__main__":
     project_name = "unused0"
     build_path = f"./tests/public/{project_name}/build/"
-    env = AleoEnvironment(build_path)
+    env = AleoEnvironment.from_project(build_path)
     main = env.main
 
     fid = "ex0"