Blame - clang/lib/StaticAnalyzer/Checkers/TaintTesterChecker.cpp - toolchain/llvm-project

blob: ba931f16889d35534d7e0c14d81d05033d5a855a [file] [log] [blame]

Anna Zaks	1c215d0	2011-12-05 18:58:01 +0000	[diff] [blame]	1	//== TaintTesterChecker.cpp ----------------------------------- -- C++ ---=//
				2	//
Chandler Carruth	2946cd7	2019-01-19 08:50:56 +0000	[diff] [blame]	3	// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
				4	// See https://llvm.org/LICENSE.txt for license information.
				5	// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
Anna Zaks	1c215d0	2011-12-05 18:58:01 +0000	[diff] [blame]	6	//
				7	//===----------------------------------------------------------------------===//
				8	//
				9	// This checker can be used for testing how taint data is propagated.
				10	//
				11	//===----------------------------------------------------------------------===//
Kristof Umann	76a2150	2018-12-15 16:23:51 +0000	[diff] [blame]	12	#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
Chandler Carruth	3a02247	2012-12-04 09:13:33 +0000	[diff] [blame]	13	#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
Anna Zaks	1c215d0	2011-12-05 18:58:01 +0000	[diff] [blame]	14	#include "clang/StaticAnalyzer/Core/Checker.h"
				15	#include "clang/StaticAnalyzer/Core/CheckerManager.h"
				16	#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
Anna Zaks	1c215d0	2011-12-05 18:58:01 +0000	[diff] [blame]	17
				18	using namespace clang;
				19	using namespace ento;
				20
				21	namespace {
				22	class TaintTesterChecker : public Checker< check::PostStmt<Expr> > {
				23
Ahmed Charles	b898432	2014-03-07 20:03:18 +0000	[diff] [blame]	24	mutable std::unique_ptr<BugType> BT;
Anna Zaks	1c215d0	2011-12-05 18:58:01 +0000	[diff] [blame]	25	void initBugType() const;
				26
				27	/// Given a pointer argument, get the symbol of the value it contains
				28	/// (points to).
				29	SymbolRef getPointedToSymbol(CheckerContext &C,
				30	const Expr* Arg,
				31	bool IssueWarning = true) const;
				32
				33	public:
				34	void checkPostStmt(const Expr *E, CheckerContext &C) const;
				35	};
Alexander Kornienko	ab9db51	2015-06-22 23:07:51 +0000	[diff] [blame]	36	}
Anna Zaks	1c215d0	2011-12-05 18:58:01 +0000	[diff] [blame]	37
				38	inline void TaintTesterChecker::initBugType() const {
				39	if (!BT)
Alexander Kornienko	4aca9b1	2014-02-11 21:49:21 +0000	[diff] [blame]	40	BT.reset(new BugType(this, "Tainted data", "General"));
Anna Zaks	1c215d0	2011-12-05 18:58:01 +0000	[diff] [blame]	41	}
				42
				43	void TaintTesterChecker::checkPostStmt(const Expr *E,
				44	CheckerContext &C) const {
Ted Kremenek	49b1e38	2012-01-26 21:29:00 +0000	[diff] [blame]	45	ProgramStateRef State = C.getState();
Anna Zaks	1c215d0	2011-12-05 18:58:01 +0000	[diff] [blame]	46	if (!State)
				47	return;
				48
Ted Kremenek	632e3b7	2012-01-06 22:09:28 +0000	[diff] [blame]	49	if (State->isTainted(E, C.getLocationContext())) {
Devin Coughlin	e39bd40	2015-09-16 22:03:05 +0000	[diff] [blame]	50	if (ExplodedNode *N = C.generateNonFatalErrorNode()) {
Anna Zaks	1c215d0	2011-12-05 18:58:01 +0000	[diff] [blame]	51	initBugType();
Aaron Ballman	8d3a7a5	2015-06-23 13:15:32 +0000	[diff] [blame]	52	auto report = llvm::make_unique<BugReport>(*BT, "tainted",N);
Anna Zaks	1c215d0	2011-12-05 18:58:01 +0000	[diff] [blame]	53	report->addRange(E->getSourceRange());
Aaron Ballman	8d3a7a5	2015-06-23 13:15:32 +0000	[diff] [blame]	54	C.emitReport(std::move(report));
Anna Zaks	1c215d0	2011-12-05 18:58:01 +0000	[diff] [blame]	55	}
				56	}
				57	}
				58
				59	void ento::registerTaintTesterChecker(CheckerManager &mgr) {
				60	mgr.registerChecker<TaintTesterChecker>();
				61	}
Kristof Umann	058a7a4	2019-01-26 14:23:08 +0000	[diff] [blame]	62
				63	bool ento::shouldRegisterTaintTesterChecker(const LangOptions &LO) {
				64	return true;
				65	}