summaryrefslogtreecommitdiffstats
path: root/clang/test/Analysis/security-syntax-checks.m
Commit message (Collapse)AuthorAgeFilesLines
* Enable security checks for arc4random() on CloudABI as well.Ed Schouten2015-03-111-0/+4
| | | | | | | CloudABI also supports the arc4random() function. We can enable compiler warnings for rand(), random() and *rand48() on this system as well. llvm-svn: 231914
* Check the canonical parameter type with getAs<>() in a static checkerReid Kleckner2013-06-241-1/+2
| | | | | | This will prevent breakage when I introduce the DecayedType sugar node. llvm-svn: 184755
* Allow multiple PathDiagnosticConsumers to be used with a BugReporter at the ↵Ted Kremenek2012-08-161-4/+4
| | | | | | | | | | | | | | | | | | | | | | | | | | | same time. This fixes several issues: - removes egregious hack where PlistDiagnosticConsumer would forward to HTMLDiagnosticConsumer, but diagnostics wouldn't be generated consistently in the same way if PlistDiagnosticConsumer was used by itself. - emitting diagnostics to the terminal (using clang's diagnostic machinery) is no longer a special case, just another PathDiagnosticConsumer. This also magically resolved some duplicate warnings, as we now use PathDiagnosticConsumer's diagnostic pruning, which has scope for the entire translation unit, not just the scope of a BugReporter (which is limited to a particular ExprEngine). As an interesting side-effect, diagnostics emitted to the terminal also have their trailing "." stripped, just like with diagnostics emitted to plists and HTML. This required some tests to be updated, but now the tests have higher fidelity with what users will see. There are some inefficiencies in this patch. We currently generate the report graph (from the ExplodedGraph) once per PathDiagnosticConsumer, which is a bit wasteful, but that could be pulled up higher in the logic stack. There is some intended duplication, however, as we now generate different PathDiagnostics (for the same issue) for different PathDiagnosticConsumers. This is necessary to produce the diagnostics that a particular consumer expects. llvm-svn: 162028
* [analyzer] Change the warning to suggest 'strlcat/strlcpy' asAnna Zaks2012-01-311-2/+2
| | | | | | replacements for 'starcat/strcpy' instead of 'strncat/strncpy'. llvm-svn: 149406
* Implement checker that looks for calls to mktemps and friends that have ↵Ted Kremenek2012-01-201-0/+22
| | | | | | fewer than 6 Xs. Implements <rdar://problem/6336672>. llvm-svn: 148531
* Turn 'SecuritySyntaxChecker' into a "meta" security checker for insecure ↵Ted Kremenek2012-01-201-4/+4
| | | | | | | | | APIs. Now multiple checks are exposed as separate checkers, but CheckerManager only creates one Checker object. llvm-svn: 148525
* Fix the signatures of vfork, __sigsetjmp and sigsetjmp.Rafael Espindola2011-10-191-1/+1
| | | | | | Patch by Dimitry Andric. llvm-svn: 142531
* Add returns_twice to functions that are known to return twice. This implementsRafael Espindola2011-10-121-1/+1
| | | | | | the same behavior of gcc by keeping the attribute out of the function type. llvm-svn: 141803
* [analyzer] Warn about the use of insecure, deprecated vfork() function ↵Anna Zaks2011-10-111-0/+11
| | | | | | | | PR11053 (http://llvm.org/bugs/show_bug.cgi?id=11053). A patch by Graham Lee! llvm-svn: 141643
* [analyzer] rename all experimental checker packages to have 'experimental' ↵Ted Kremenek2011-08-031-4/+4
| | | | | | be the common root package. llvm-svn: 136835
* Add security syntax checker for strcat() which causes the Static Analyzer to ↵Lenny Maiorani2011-04-051-0/+24
| | | | | | | | generate a warning any time the strcat() function is used with a note suggesting to use a function which provides bounded buffers. CWE-119. Also, brings the security syntax checker more inline with coding standards. llvm-svn: 128916
* Add security syntax checker for strcpy() which causes the Static Analyzer to ↵Lenny Maiorani2011-03-311-0/+37
| | | | | | generate a warning any time the strcpy() function is used with a note suggesting to use a function which provides bounded buffers. llvm-svn: 128679
* Rework checker "packages" and groups to be more hierarchical.Ted Kremenek2011-03-241-1/+1
| | | | llvm-svn: 128187
* [analyzer] Use the new registration mechanism on the ↵Argyrios Kyrtzidis2011-02-171-1/+1
| | | | | | | | | | | | | non-path-sensitive-checkers: DeadStoresChecker ObjCMethSigsChecker ObjCUnusedIvarsChecker SizeofPointerChecker ObjCDeallocChecker SecuritySyntaxChecker llvm-svn: 125779
* Rename -cc1 option '-warn-security-syntactic' to ↵Ted Kremenek2010-02-051-1/+1
| | | | | | '-analyzer-check-security-syntactic'. llvm-svn: 95342
* Add abort() as a builtin. This has two effects: one, we warn for incorrect Eli Friedman2009-12-161-0/+1
| | | | | | | | declarations of abort(), and two, we mark it noreturn. Missing the latter shows up in one of the "embarassing" tests (from the thread on llvmdev "detailed comparison of generated code size for LLVM and other compilers"). llvm-svn: 91515
* Update tests to use %clang_cc1 instead of 'clang-cc' or 'clang -cc1'.Daniel Dunbar2009-12-151-1/+1
| | | | | | | | | - This is designed to make it obvious that %clang_cc1 is a "test variable" which is substituted. It is '%clang_cc1' instead of '%clang -cc1' because it can be useful to redefine what gets run as 'clang -cc1' (for example, to set a default target). llvm-svn: 91446
* Replace clang-cc with clang -cc1.Zhongxing Xu2009-12-141-1/+1
| | | | llvm-svn: 91272
* Add test case for mktemp. Patch by Lei Zhang.Zhongxing Xu2009-12-061-0/+6
| | | | llvm-svn: 90706
* Add check for obsolete function call of getpw().Zhongxing Xu2009-11-091-0/+7
| | | | llvm-svn: 86537
* Implement: <rdar://problem/6337100> CWE-338: Use of cryptographically weak prngTed Kremenek2009-09-021-0/+29
| | | | | | Patch by Geoff Keating! llvm-svn: 80752
* Implement: <rdar://problem/6337132> CWE-273: Failure to Check Whether PrivilegesTed Kremenek2009-08-281-1/+32
| | | | | | | | Were Dropped Successfully Patch by Geoff Keating! llvm-svn: 80313
* Implement: <rdar://problem/6335715> rule request: gets() buffer overflowTed Kremenek2009-07-231-0/+8
| | | | llvm-svn: 76905
* Refine checking and diagnostics for use of floating point variable as a counter.Ted Kremenek2009-07-231-0/+23
This implements <rdar://problem/6336718> and checks for CERT secure coding advisory FLP30-C. llvm-svn: 76900
OpenPOWER on IntegriCloud