diff options
| author | Aaron Ballman <aaron@aaronballman.com> | 2016-02-22 16:01:06 +0000 |
|---|---|---|
| committer | Aaron Ballman <aaron@aaronballman.com> | 2016-02-22 16:01:06 +0000 |
| commit | 527a4205505155503de1fb1daecea472ba95358b (patch) | |
| tree | 188fda052a14c7f40a22c4ae9629cfba4d9a2958 /clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.cpp | |
| parent | d665a66b0f094f3f85fd30e9d7888481e3035ca0 (diff) | |
| download | bcm5719-llvm-527a4205505155503de1fb1daecea472ba95358b.tar.gz bcm5719-llvm-527a4205505155503de1fb1daecea472ba95358b.zip | |
Add a new check, cert-env33-c, that diagnoses uses of system(), popen(), and _popen() to execute a command processor. This check corresponds to the CERT secure coding rule: https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=2130132
llvm-svn: 261530
Diffstat (limited to 'clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.cpp')
| -rw-r--r-- | clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.cpp | 45 |
1 files changed, 45 insertions, 0 deletions
diff --git a/clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.cpp b/clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.cpp new file mode 100644 index 00000000000..e2dbeca20c1 --- /dev/null +++ b/clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.cpp @@ -0,0 +1,45 @@ +//===--- Env33CCheck.cpp - clang-tidy--------------------------------------===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// + +#include "CommandProcessorCheck.h" +#include "clang/AST/ASTContext.h" +#include "clang/ASTMatchers/ASTMatchFinder.h" + +using namespace clang::ast_matchers; + +namespace clang { +namespace tidy { +namespace cert { + +void CommandProcessorCheck::registerMatchers(MatchFinder *Finder) { + Finder->addMatcher( + callExpr( + callee(functionDecl(anyOf(hasName("::system"), hasName("::popen"), + hasName("::_popen"))) + .bind("func")), + // Do not diagnose when the call expression passes a null pointer + // constant to system(); that only checks for the presence of a + // command processor, which is not a security risk by itself. + unless(callExpr(callee(functionDecl(hasName("::system"))), + argumentCountIs(1), + hasArgument(0, nullPointerConstant())))) + .bind("expr"), + this); +} + +void CommandProcessorCheck::check(const MatchFinder::MatchResult &Result) { + const auto *Fn = Result.Nodes.getNodeAs<FunctionDecl>("func"); + const auto *E = Result.Nodes.getNodeAs<CallExpr>("expr"); + + diag(E->getExprLoc(), "calling %0 uses a command processor") << Fn; +} + +} // namespace cert +} // namespace tidy +} // namespace clang |
