Amarna

Add support for Cairo [v0.10.0](https://github.com/starkware-libs/cairo-lang/releases/tag/v0.10.0)

What's Changed
* Migrate to cairo v10 by coolhill in https://github.com/crytic/amarna/pull/76
* workflows/pip-audit: update slug to pypa by woodruffw in https://github.com/crytic/amarna/pull/78
* Bump github/super-linter from 4.9.6 to 4.9.7 by dependabot in https://github.com/crytic/amarna/pull/82
* Check namespace decorators for interfaces by fcasal in https://github.com/crytic/amarna/pull/85
* Add rule deprecation. by fcasal in https://github.com/crytic/amarna/pull/87


**Full Changelog**: https://github.com/crytic/amarna/compare/v0.1.4...v0.1.5

What's Changed
* Remove explicitly imported function from implicit imports. by fcasal in https://github.com/crytic/amarna/pull/75
* Update tuple grammar. by fcasal in https://github.com/crytic/amarna/pull/79
* Release for v0.1.4 by fcasal in https://github.com/crytic/amarna/pull/81

What's Changed
* Fix CodeQL warnings by fcasal in https://github.com/crytic/amarna/pull/51
* Dependabot: Automatically upgrade GitHub Actions by woodruffw in https://github.com/crytic/amarna/pull/56
* Bump actions/checkout from 2 to 3 by dependabot in https://github.com/crytic/amarna/pull/60
* Bump actions/setup-python from 2 to 4 by dependabot in https://github.com/crytic/amarna/pull/58
* Bump github/super-linter from 4.9.0 to 4.9.5 by dependabot in https://github.com/crytic/amarna/pull/59
* Bump trailofbits/gh-action-pip-audit from 0.0.4 to 1.0.0 by dependabot in https://github.com/crytic/amarna/pull/61
* Improve arithmetic rules by fcasal in https://github.com/crytic/amarna/pull/55
* Add amarna-action to the readme. by fcasal in https://github.com/crytic/amarna/pull/63
* Bump github/super-linter from 4.9.5 to 4.9.6 by dependabot in https://github.com/crytic/amarna/pull/64
* Cairo 0.9.1 support by coolhill in https://github.com/crytic/amarna/pull/67
* Test sarif generation by coolhill in https://github.com/crytic/amarna/pull/68
* feat(cli): file is optional by LucasLvy in https://github.com/crytic/amarna/pull/65
* fix: deadstore FP where use happens after first return statement by coolhill in https://github.com/crytic/amarna/pull/72
* Prepare fix release for cairo 0.9.1 support by coolhill in https://github.com/crytic/amarna/pull/73

New Contributors
* dependabot made their first contribution in https://github.com/crytic/amarna/pull/60
* LucasLvy made their first contribution in https://github.com/crytic/amarna/pull/65

**Full Changelog**: https://github.com/crytic/amarna/compare/v0.1.2...v0.1.3

Amarna

Amarna is a static-analyzer and linter for the Cairo programming language.

Features
- Finds code-smells and potential vulnerabilities in Cairo code
- Compiler-identical parsing of Cairo code and StarkNet contracts
- Supports creating local and global rules
- Exports the parsed AST of a Cairo file
- Exports static-analysis results to the [SARIF](https://sarifweb.azurewebsites.net/) format.


Currently supported rules

| | Rule | What it finds | Impact | Precision |
| --- | --------------------------- | ------------------------------------------------------------------------------------------------------------------------- | ------- | --------- |
| 1 | Arithmetic operations | All uses of arithmetic operations +, -, *, and / | Info | High |
| 2 | Unused arguments | Function arguments that are not used in the functions in which they appear | Warning | High |
| 3 | Unused imports | Unused imports | Info | High |
| 4 | Mistyped decorators | Mistyped code decorators | Info | High |
| 5 | Unused functions | Functions that are never called | Info | Medium |
| 6 | Error codes | Function calls that have return values that must be checked | Info | High |
| 7 | Inconsistent assert usage | Asserts that use the same constant in different ways, e.g., `assert_le(amount, BOUND)` and `assert_le(amount, BOUND - 1)` | Warning | High |
| 8 | Dead stores | Variables that are assigned values but not used before a return statement | Info | Medium |
| 9 | Unchecked overflows | Function calls that ignore the returned overflow flags, e.g., `uint256_add` | Warning | High |
| 10 | Caller address return value | Function calls to the `get_caller_address` function. | Info | High |
| 11 | Storage variable collision | Multiple `storage_var` with the same name. | Warning | High |
| 12 | Implicit function import | Function with decorator `external, view, l1_handler` that is being implicitly imported. | Info | High |
| 13 | Unenforced view function | State modification within a `view` function | Info | High |
| 14 | Uninitialized variable | Local variables that are never initialized. | Info | High |

Amarna Action

This action allows you to run the [Amarna static analyzer](https://github.com/crytic/amarna) against your project, from within a GitHub Actions workflow.

How to use

Create `.github/workflows/amarna.yml`:
yaml
name: Amarna Analysis
on: [push]
jobs:
analyze:
runs-on: ubuntu-latest
steps:
- uses: actions/checkoutv3
- uses: crytic/amarna-actionv0.1.1


Options

| Key | Description
|------------------|------------
| `sarif` | If provided, the path of the SARIF file to produce, relative to the repo root (see [Github Code Scanning integration](github-code-scanning-integration)).
| `amarna-args` | Extra arguments to pass to Amarna.
| `amarna-version` | The version of amarna-analyzer to use. By default, the latest release in PyPI is used.
| `target` | The path to the root of the project to be analyzed by Amarna. Can be a directory or a file. Defaults to the repo root.