Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Implement clarinet check-checker #185

Open
whoabuddy opened this issue Apr 19, 2022 · 3 comments
Open

Implement clarinet check-checker #185

whoabuddy opened this issue Apr 19, 2022 · 3 comments

Comments

@whoabuddy
Copy link

The check-checker is a tool from Hiro/Clarinet to help identify untrusted inputs and make sure they are filtered/checked appropriately. The current version produces a lot of false-positives, and its usage should be re-evaluated after some time.

It is currently disabled as part of #182.

Sample output from the main branch at the time of creating this issue:

citycoin-auth:96:15: warning: use of potentially unchecked data
        name: name,
              ^~~~
citycoin-auth:86:29: note: source of untrusted input here
(define-public (create-job (name (string-ascii 255)) (target principal))
                            ^~~~
citycoin-auth:97:17: warning: use of potentially unchecked data
        target: target,
                ^~~~~~
citycoin-auth:86:55: note: source of untrusted input here
(define-public (create-job (name (string-ascii 255)) (target principal))
                                                      ^~~~~~
citycoin-auth:225:41: warning: use of potentially unchecked data
      (argumentId (generate-argument-id jobId "uint"))
                                        ^~~~~
citycoin-auth:222:36: note: source of untrusted input here
(define-public (add-uint-argument (jobId uint) (argumentName (string-ascii 255)) (value uint))
                                   ^~~~~
citycoin-auth:227:31: warning: use of potentially unchecked data
    (try! (guard-add-argument jobId))
                              ^~~~~
citycoin-auth:222:36: note: source of untrusted input here
(define-public (add-uint-argument (jobId uint) (argumentName (string-ascii 255)) (value uint))
                                   ^~~~~
citycoin-auth:231:20: warning: use of potentially unchecked data
          { jobId: jobId, argumentId: argumentId }
                   ^~~~~
citycoin-auth:222:36: note: source of untrusted input here
(define-public (add-uint-argument (jobId uint) (argumentName (string-ascii 255)) (value uint))
                                   ^~~~~
citycoin-auth:231:39: warning: use of potentially unchecked data
          { jobId: jobId, argumentId: argumentId }
                                      ^~~~~~~~~~
citycoin-auth:222:36: note: source of untrusted input here
(define-public (add-uint-argument (jobId uint) (argumentName (string-ascii 255)) (value uint))
                                   ^~~~~
citycoin-auth:232:27: warning: use of potentially unchecked data
          { argumentName: argumentName, value: value }
                          ^~~~~~~~~~~~
citycoin-auth:222:49: note: source of untrusted input here
(define-public (add-uint-argument (jobId uint) (argumentName (string-ascii 255)) (value uint))
                                                ^~~~~~~~~~~~
citycoin-auth:232:48: warning: use of potentially unchecked data
          { argumentName: argumentName, value: value }
                                               ^~~~~
citycoin-auth:222:83: note: source of untrusted input here
(define-public (add-uint-argument (jobId uint) (argumentName (string-ascii 255)) (value uint))
                                                                                  ^~~~~
citycoin-auth:235:20: warning: use of potentially unchecked data
          { jobId: jobId, argumentName: argumentName }
                   ^~~~~
citycoin-auth:222:36: note: source of untrusted input here
(define-public (add-uint-argument (jobId uint) (argumentName (string-ascii 255)) (value uint))
                                   ^~~~~
citycoin-auth:235:41: warning: use of potentially unchecked data
          { jobId: jobId, argumentName: argumentName }
                                        ^~~~~~~~~~~~
citycoin-auth:222:49: note: source of untrusted input here
(define-public (add-uint-argument (jobId uint) (argumentName (string-ascii 255)) (value uint))
                                                ^~~~~~~~~~~~
citycoin-auth:236:25: warning: use of potentially unchecked data
          { argumentId: argumentId, value: value}
                        ^~~~~~~~~~
citycoin-auth:222:36: note: source of untrusted input here
(define-public (add-uint-argument (jobId uint) (argumentName (string-ascii 255)) (value uint))
                                   ^~~~~
citycoin-auth:236:44: warning: use of potentially unchecked data
          { argumentId: argumentId, value: value}
                                           ^~~~~
citycoin-auth:222:83: note: source of untrusted input here
(define-public (add-uint-argument (jobId uint) (argumentName (string-ascii 255)) (value uint))
                                                                                  ^~~~~
citycoin-auth:264:41: warning: use of potentially unchecked data
      (argumentId (generate-argument-id jobId "principal"))
                                        ^~~~~
citycoin-auth:261:41: note: source of untrusted input here
(define-public (add-principal-argument (jobId uint) (argumentName (string-ascii 255)) (value principal))
                                        ^~~~~
citycoin-auth:266:31: warning: use of potentially unchecked data
    (try! (guard-add-argument jobId))
                              ^~~~~
citycoin-auth:261:41: note: source of untrusted input here
(define-public (add-principal-argument (jobId uint) (argumentName (string-ascii 255)) (value principal))
                                        ^~~~~
citycoin-auth:270:20: warning: use of potentially unchecked data
          { jobId: jobId, argumentId: argumentId }
                   ^~~~~
citycoin-auth:261:41: note: source of untrusted input here
(define-public (add-principal-argument (jobId uint) (argumentName (string-ascii 255)) (value principal))
                                        ^~~~~
citycoin-auth:270:39: warning: use of potentially unchecked data
          { jobId: jobId, argumentId: argumentId }
                                      ^~~~~~~~~~
citycoin-auth:261:41: note: source of untrusted input here
(define-public (add-principal-argument (jobId uint) (argumentName (string-ascii 255)) (value principal))
                                        ^~~~~
citycoin-auth:271:27: warning: use of potentially unchecked data
          { argumentName: argumentName, value: value }
                          ^~~~~~~~~~~~
citycoin-auth:261:54: note: source of untrusted input here
(define-public (add-principal-argument (jobId uint) (argumentName (string-ascii 255)) (value principal))
                                                     ^~~~~~~~~~~~
citycoin-auth:271:48: warning: use of potentially unchecked data
          { argumentName: argumentName, value: value }
                                               ^~~~~
citycoin-auth:261:88: note: source of untrusted input here
(define-public (add-principal-argument (jobId uint) (argumentName (string-ascii 255)) (value principal))
                                                                                       ^~~~~
citycoin-auth:274:20: warning: use of potentially unchecked data
          { jobId: jobId, argumentName: argumentName }
                   ^~~~~
citycoin-auth:261:41: note: source of untrusted input here
(define-public (add-principal-argument (jobId uint) (argumentName (string-ascii 255)) (value principal))
                                        ^~~~~
citycoin-auth:274:41: warning: use of potentially unchecked data
          { jobId: jobId, argumentName: argumentName }
                                        ^~~~~~~~~~~~
citycoin-auth:261:54: note: source of untrusted input here
(define-public (add-principal-argument (jobId uint) (argumentName (string-ascii 255)) (value principal))
                                                     ^~~~~~~~~~~~
citycoin-auth:275:25: warning: use of potentially unchecked data
          { argumentId: argumentId, value: value}
                        ^~~~~~~~~~
citycoin-auth:261:41: note: source of untrusted input here
(define-public (add-principal-argument (jobId uint) (argumentName (string-ascii 255)) (value principal))
                                        ^~~~~
citycoin-auth:275:44: warning: use of potentially unchecked data
          { argumentId: argumentId, value: value}
                                           ^~~~~
citycoin-auth:261:88: note: source of untrusted input here
(define-public (add-principal-argument (jobId uint) (argumentName (string-ascii 255)) (value principal))
                                                                                       ^~~~~
citycoin-auth:386:7: warning: use of potentially unchecked data
      coreContractAddress
      ^~~~~~~~~~~~~~~~~~~
citycoin-auth:378:39: note: source of untrusted input here
(define-public (initialize-contracts (coreContract <coreTrait>))
                                      ^~~~~~~~~~~~
citycoin-auth:392:27: warning: use of potentially unchecked data
    (try! (contract-call? coreContract set-city-wallet (var-get cityWallet)))
                          ^~~~~~~~~~~~
citycoin-auth:378:39: note: source of untrusted input here
(define-public (initialize-contracts (coreContract <coreTrait>))
                                      ^~~~~~~~~~~~
citycoin-auth:419:22: warning: use of potentially unchecked data
        startHeight: stacksHeight,
                     ^~~~~~~~~~~~
citycoin-auth:408:68: note: source of untrusted input here
(define-public (activate-core-contract (targetContract principal) (stacksHeight uint))
                                                                   ^~~~~~~~~~~~
citycoin-auth:512:25: warning: use of potentially unchecked data
    (var-set cityWallet newCityWallet)
                        ^~~~~~~~~~~~~
citycoin-auth:504:63: note: source of untrusted input here
(define-public (set-city-wallet (targetContract <coreTrait>) (newCityWallet principal))
                                                              ^~~~~~~~~~~~~
citycoin-auth:527:25: warning: use of potentially unchecked data
    (var-set cityWallet newCityWallet)
                        ^~~~~~~~~~~~~
citycoin-auth:518:46: note: source of untrusted input here
(define-public (execute-set-city-wallet-job (jobId uint) (targetContract <coreTrait>))
                                             ^~~~~
citycoin-auth:543:40: warning: use of potentially unchecked data
    (as-contract (try! (contract-call? targetContract set-token-uri newUri)))
                                       ^~~~~~~~~~~~~~
citycoin-auth:540:32: note: source of untrusted input here
(define-public (set-token-uri (targetContract <tokenTrait>) (newUri (optional (string-utf8 256))))
                               ^~~~~~~~~~~~~~
citycoin-auth:557:24: warning: use of potentially unchecked data
    (map-set Approvers oldApprover false)
                       ^~~~~~~~~~~
citycoin-auth:550:47: note: source of untrusted input here
(define-public (execute-replace-approver-job (jobId uint))
                                              ^~~~~
citycoin-auth:558:24: warning: use of potentially unchecked data
    (map-set Approvers newApprover true)
                       ^~~~~~~~~~~
citycoin-auth:550:47: note: source of untrusted input here
(define-public (execute-replace-approver-job (jobId uint))
                                              ^~~~~
citycoin-auth:583:7: warning: use of potentially unchecked data
      coreContractAddress
      ^~~~~~~~~~~~~~~~~~~
citycoin-auth:575:44: note: source of untrusted input here
(define-public (test-initialize-contracts (coreContract <coreTrait>))
                                           ^~~~~~~~~~~~
citycoin-auth:589:27: warning: use of potentially unchecked data
    (try! (contract-call? coreContract set-city-wallet (var-get cityWallet)))
                          ^~~~~~~~~~~~
citycoin-auth:575:44: note: source of untrusted input here
(define-public (test-initialize-contracts (coreContract <coreTrait>))
                                           ^~~~~~~~~~~~
citycoin-auth:611:7: warning: use of potentially unchecked data
      coreContractAddress
      ^~~~~~~~~~~~~~~~~~~
citycoin-auth:604:47: note: source of untrusted input here
(define-public (test-set-core-contract-state (coreContract <coreTrait>) (state uint))
                                              ^~~~~~~~~~~~
citycoin-token:34:29: warning: use of potentially unchecked data
    (ft-transfer? citycoins amount from to)
                            ^~~~~~
citycoin-token:27:27: note: source of untrusted input here
(define-public (transfer (amount uint) (from principal) (to principal) (memo (optional (buff 34))))
                          ^~~~~~
citycoin-token:34:41: warning: use of potentially unchecked data
    (ft-transfer? citycoins amount from to)
                                        ^~
citycoin-token:27:58: note: source of untrusted input here
(define-public (transfer (amount uint) (from principal) (to principal) (memo (optional (buff 34))))
                                                         ^~
citycoin-token:91:33: warning: use of potentially unchecked data
    (var-set coinbaseThreshold1 (+ stacksHeight TOKEN_HALVING_BLOCKS))
                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
citycoin-token:83:58: note: source of untrusted input here
(define-public (activate-token (coreContract principal) (stacksHeight uint))
                                                         ^~~~~~~~~~~~
citycoin-token:92:33: warning: use of potentially unchecked data
    (var-set coinbaseThreshold2 (+ stacksHeight (* u2 TOKEN_HALVING_BLOCKS)))
                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
citycoin-token:83:58: note: source of untrusted input here
(define-public (activate-token (coreContract principal) (stacksHeight uint))
                                                         ^~~~~~~~~~~~
citycoin-token:93:33: warning: use of potentially unchecked data
    (var-set coinbaseThreshold3 (+ stacksHeight (* u3 TOKEN_HALVING_BLOCKS)))
                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
citycoin-token:83:58: note: source of untrusted input here
(define-public (activate-token (coreContract principal) (stacksHeight uint))
                                                         ^~~~~~~~~~~~
citycoin-token:94:33: warning: use of potentially unchecked data
    (var-set coinbaseThreshold4 (+ stacksHeight (* u4 TOKEN_HALVING_BLOCKS)))
                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
citycoin-token:83:58: note: source of untrusted input here
(define-public (activate-token (coreContract principal) (stacksHeight uint))
                                                         ^~~~~~~~~~~~
citycoin-token:95:33: warning: use of potentially unchecked data
    (var-set coinbaseThreshold5 (+ stacksHeight (* u5 TOKEN_HALVING_BLOCKS)))
                                ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
citycoin-token:83:58: note: source of untrusted input here
(define-public (activate-token (coreContract principal) (stacksHeight uint))
                                                         ^~~~~~~~~~~~
citycoin-token:125:27: warning: use of potentially unchecked data
    (ok (var-set tokenUri newUri))
                          ^~~~~~
citycoin-token:122:32: note: source of untrusted input here
(define-public (set-token-uri (newUri (optional (string-utf8 256))))
                               ^~~~~~
citycoin-token:135:25: warning: use of potentially unchecked data
    (ft-mint? citycoins amount recipient)
                        ^~~~~~
citycoin-token:130:23: note: source of untrusted input here
(define-public (mint (amount uint) (recipient principal))
                      ^~~~~~
citycoin-token:135:32: warning: use of potentially unchecked data
    (ft-mint? citycoins amount recipient)
                               ^~~~~~~~~
citycoin-token:130:37: note: source of untrusted input here
(define-public (mint (amount uint) (recipient principal))
                                    ^~~~~~~~~
citycoin-token:142:25: warning: use of potentially unchecked data
    (ft-burn? citycoins amount owner)
                        ^~~~~~
citycoin-token:139:23: note: source of untrusted input here
(define-public (burn (amount uint) (owner principal))
                      ^~~~~~
citycoin-token:184:23: warning: use of potentially unchecked data
  (ft-mint? citycoins amount recipient)
                      ^~~~~~
citycoin-token:183:28: note: source of untrusted input here
(define-public (test-mint (amount uint) (recipient principal))
                           ^~~~~~
citycoin-token:184:30: warning: use of potentially unchecked data
  (ft-mint? citycoins amount recipient)
                             ^~~~~~~~~
citycoin-token:183:42: note: source of untrusted input here
(define-public (test-mint (amount uint) (recipient principal))
                                         ^~~~~~~~~
citycoin-core-v1:47:29: warning: use of potentially unchecked data
    (ok (var-set cityWallet newCityWallet))
                            ^~~~~~~~~~~~~
citycoin-core-v1:44:34: note: source of untrusted input here
(define-public (set-city-wallet (newCityWallet principal))
                                 ^~~~~~~~~~~~~
citycoin-core-v1:285:53: warning: use of potentially unchecked data
    (try! (mine-tokens-at-block userId block-height amountUstx memo))
                                                    ^~~~~~~~~~
citycoin-core-v1:280:30: note: source of untrusted input here
(define-public (mine-tokens (amountUstx uint) (memo (optional (buff 34))))
                             ^~~~~~~~~~
citycoin-core-v1:285:64: warning: use of potentially unchecked data
    (try! (mine-tokens-at-block userId block-height amountUstx memo))
                                                               ^~~~
citycoin-core-v1:280:48: note: source of untrusted input here
(define-public (mine-tokens (amountUstx uint) (memo (optional (buff 34))))
                                               ^~~~
citycoin-core-v1:656:51: warning: use of potentially unchecked data
    (try! (stack-tokens-at-cycle tx-sender userId amountTokens block-height lockPeriod))
                                                  ^~~~~~~~~~~~
citycoin-core-v1:651:31: note: source of untrusted input here
(define-public (stack-tokens (amountTokens uint) (lockPeriod uint))
                              ^~~~~~~~~~~~
citycoin-core-v1:656:77: warning: use of potentially unchecked data
    (try! (stack-tokens-at-cycle tx-sender userId amountTokens block-height lockPeriod))
                                                                            ^~~~~~~~~~
citycoin-core-v1:651:51: note: source of untrusted input here
(define-public (stack-tokens (amountTokens uint) (lockPeriod uint))
                                                  ^~~~~~~~~~
citycoin-core-v1:759:66: warning: use of potentially unchecked data
    (try! (claim-stacking-reward-at-cycle tx-sender block-height targetCycle))
                                                                 ^~~~~~~~~~~
citycoin-core-v1:757:40: note: source of untrusted input here
(define-public (claim-stacking-reward (targetCycle uint))
                                       ^~~~~~~~~~~
citycoin-core-v1:916:27: warning: use of potentially unchecked data
  (ok (var-set cityWallet newCityWallet))
                          ^~~~~~~~~~~~~
citycoin-core-v1:915:46: note: source of untrusted input here
(define-public (test-unsafe-set-city-wallet (newCityWallet principal))
                                             ^~~~~~~~~~~~~
citycoin-core-v1:920:36: warning: use of potentially unchecked data
  (ok (var-set activationThreshold newThreshold))
                                   ^~~~~~~~~~~~
citycoin-core-v1:919:48: note: source of untrusted input here
(define-public (test-set-activation-threshold (newThreshold uint))
                                               ^~~~~~~~~~~~
citycoin-core-v1:924:30: warning: use of potentially unchecked data
  (ok (get-or-create-user-id user))
                             ^~~~
citycoin-core-v1:923:40: note: source of untrusted input here
(define-public (test-generate-user-id (user principal))
                                       ^~~~
citycoin-core-v1:949:29: warning: use of potentially unchecked data
    (var-set shutdownHeight stacksHeight)
                            ^~~~~~~~~~~~
citycoin-core-v1:945:41: note: source of untrusted input here
(define-public (test-shutdown-contract (stacksHeight uint))
                                        ^~~~~~~~~~~~
citycoin-core-v2:47:29: warning: use of potentially unchecked data
    (ok (var-set cityWallet newCityWallet))
                            ^~~~~~~~~~~~~
citycoin-core-v2:44:34: note: source of untrusted input here
(define-public (set-city-wallet (newCityWallet principal))
                                 ^~~~~~~~~~~~~
citycoin-core-v2:285:53: warning: use of potentially unchecked data
    (try! (mine-tokens-at-block userId block-height amountUstx memo))
                                                    ^~~~~~~~~~
citycoin-core-v2:280:30: note: source of untrusted input here
(define-public (mine-tokens (amountUstx uint) (memo (optional (buff 34))))
                             ^~~~~~~~~~
citycoin-core-v2:285:64: warning: use of potentially unchecked data
    (try! (mine-tokens-at-block userId block-height amountUstx memo))
                                                               ^~~~
citycoin-core-v2:280:48: note: source of untrusted input here
(define-public (mine-tokens (amountUstx uint) (memo (optional (buff 34))))
                                               ^~~~
citycoin-core-v2:656:51: warning: use of potentially unchecked data
    (try! (stack-tokens-at-cycle tx-sender userId amountTokens block-height lockPeriod))
                                                  ^~~~~~~~~~~~
citycoin-core-v2:651:31: note: source of untrusted input here
(define-public (stack-tokens (amountTokens uint) (lockPeriod uint))
                              ^~~~~~~~~~~~
citycoin-core-v2:656:77: warning: use of potentially unchecked data
    (try! (stack-tokens-at-cycle tx-sender userId amountTokens block-height lockPeriod))
                                                                            ^~~~~~~~~~
citycoin-core-v2:651:51: note: source of untrusted input here
(define-public (stack-tokens (amountTokens uint) (lockPeriod uint))
                                                  ^~~~~~~~~~
citycoin-core-v2:759:66: warning: use of potentially unchecked data
    (try! (claim-stacking-reward-at-cycle tx-sender block-height targetCycle))
                                                                 ^~~~~~~~~~~
citycoin-core-v2:757:40: note: source of untrusted input here
(define-public (claim-stacking-reward (targetCycle uint))
                                       ^~~~~~~~~~~
citycoin-core-v2:916:27: warning: use of potentially unchecked data
  (ok (var-set cityWallet newCityWallet))
                          ^~~~~~~~~~~~~
citycoin-core-v2:915:46: note: source of untrusted input here
(define-public (test-unsafe-set-city-wallet (newCityWallet principal))
                                             ^~~~~~~~~~~~~
citycoin-core-v2:920:36: warning: use of potentially unchecked data
  (ok (var-set activationThreshold newThreshold))
                                   ^~~~~~~~~~~~
citycoin-core-v2:919:48: note: source of untrusted input here
(define-public (test-set-activation-threshold (newThreshold uint))
                                               ^~~~~~~~~~~~
citycoin-core-v2:924:30: warning: use of potentially unchecked data
  (ok (get-or-create-user-id user))
                             ^~~~
citycoin-core-v2:923:40: note: source of untrusted input here
(define-public (test-generate-user-id (user principal))
                                       ^~~~
citycoin-core-v2:939:29: warning: use of potentially unchecked data
    (var-set shutdownHeight stacksHeight)
                            ^~~~~~~~~~~~
citycoin-core-v2:935:41: note: source of untrusted input here
(define-public (test-shutdown-contract (stacksHeight uint))
                                        ^~~~~~~~~~~~
citycoin-core-v3:47:29: warning: use of potentially unchecked data
    (ok (var-set cityWallet newCityWallet))
                            ^~~~~~~~~~~~~
citycoin-core-v3:44:34: note: source of untrusted input here
(define-public (set-city-wallet (newCityWallet principal))
                                 ^~~~~~~~~~~~~
citycoin-core-v3:285:53: warning: use of potentially unchecked data
    (try! (mine-tokens-at-block userId block-height amountUstx memo))
                                                    ^~~~~~~~~~
citycoin-core-v3:280:30: note: source of untrusted input here
(define-public (mine-tokens (amountUstx uint) (memo (optional (buff 34))))
                             ^~~~~~~~~~
citycoin-core-v3:285:64: warning: use of potentially unchecked data
    (try! (mine-tokens-at-block userId block-height amountUstx memo))
                                                               ^~~~
citycoin-core-v3:280:48: note: source of untrusted input here
(define-public (mine-tokens (amountUstx uint) (memo (optional (buff 34))))
                                               ^~~~
citycoin-core-v3:656:51: warning: use of potentially unchecked data
    (try! (stack-tokens-at-cycle tx-sender userId amountTokens block-height lockPeriod))
                                                  ^~~~~~~~~~~~
citycoin-core-v3:651:31: note: source of untrusted input here
(define-public (stack-tokens (amountTokens uint) (lockPeriod uint))
                              ^~~~~~~~~~~~
citycoin-core-v3:656:77: warning: use of potentially unchecked data
    (try! (stack-tokens-at-cycle tx-sender userId amountTokens block-height lockPeriod))
                                                                            ^~~~~~~~~~
citycoin-core-v3:651:51: note: source of untrusted input here
(define-public (stack-tokens (amountTokens uint) (lockPeriod uint))
                                                  ^~~~~~~~~~
citycoin-core-v3:759:66: warning: use of potentially unchecked data
    (try! (claim-stacking-reward-at-cycle tx-sender block-height targetCycle))
                                                                 ^~~~~~~~~~~
citycoin-core-v3:757:40: note: source of untrusted input here
(define-public (claim-stacking-reward (targetCycle uint))
                                       ^~~~~~~~~~~
citycoin-core-v3:916:27: warning: use of potentially unchecked data
  (ok (var-set cityWallet newCityWallet))
                          ^~~~~~~~~~~~~
citycoin-core-v3:915:46: note: source of untrusted input here
(define-public (test-unsafe-set-city-wallet (newCityWallet principal))
                                             ^~~~~~~~~~~~~
citycoin-core-v3:920:36: warning: use of potentially unchecked data
  (ok (var-set activationThreshold newThreshold))
                                   ^~~~~~~~~~~~
citycoin-core-v3:919:48: note: source of untrusted input here
(define-public (test-set-activation-threshold (newThreshold uint))
                                               ^~~~~~~~~~~~
citycoin-core-v3:924:30: warning: use of potentially unchecked data
  (ok (get-or-create-user-id user))
                             ^~~~
citycoin-core-v3:923:40: note: source of untrusted input here
(define-public (test-generate-user-id (user principal))
                                       ^~~~
citycoin-core-v3:939:29: warning: use of potentially unchecked data
    (var-set shutdownHeight stacksHeight)
                            ^~~~~~~~~~~~
citycoin-core-v3:935:41: note: source of untrusted input here
(define-public (test-shutdown-contract (stacksHeight uint))
                                        ^~~~~~~~~~~~
@lgalabru
Copy link

In the latest version of the check-checker, there are a few options (explained here https://github.com/hirosystems/clarinet/#static-analysis) that you can tweak that should help you handle false positives.
Feel free to open an issue in clarinet for the remaining false positives, we'd be happy to consider adding more rules!

@mtfuji25
Copy link

Is this completed?

@whoabuddy
Copy link
Author

No this one could still be done, but the code here will eventually be replaced by the work starting in citycoins/protocol to implement CCIP-012/013. That repo is using the latest Clarinet structure and will include the check-checker moving forward.

@whoabuddy whoabuddy mentioned this issue Sep 30, 2022
Open
@whoabuddy whoabuddy mentioned this issue Dec 7, 2022
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@lgalabru @whoabuddy @mtfuji25