Add more functions as taint sources to GenericTaintChecker.
Details
Diff Detail
- Repository
- rG LLVM Github Monorepo
Event Timeline
Sorry for the wall-of-nits. Overall, looks great.
clang/docs/analyzer/checkers.rst | ||
---|---|---|
2358 | typo/dup? | |
clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp | ||
546–567 | If we handle gets, scanf, we should also model the *_s versions as well. char *gets_s(char *s, rsize_t n); int scanf_s(const char *restrict format, ...); int fscanf_s(FILE *restrict stream, const char *restrict format, ...); int sscanf_s(const char *restrict s, const char *restrict format, ...); int vscanf_s(const char *restrict format, va_list arg); int vfscanf_s(FILE *restrict stream, const char *restrict format, va_list arg); int vsscanf_s(const char *restrict s, const char *restrict format, va_list arg); | |
551–553 | IMO these functions are highly domain-specific. tldr; I'm against these three rules; or alternatively prove that my concerns are not issues on real code bases. | |
557 | We should check readlinkat as well. | |
560 | In what cases can this function introduce taint? | |
562 |
According to this, the return value index should be also tainted. | |
clang/test/Analysis/taint-generic.c | ||
491 | Well, this can never return zero. | |
498 | Sometimes we taint the fd and propagate based on that, and othertimes, we simply just return taint. | |
519 | Well, it can never be zero AFAIK. It might be -1 on error, or the number of bytes stored into buf. | |
523 | Please avoid spelling the given function in the name of the test directly in a verbatim manner. |
The pre-merge checks failed due to an unrelated test case: Driver/hip-link-bundle-archive.hip (on Windows); so I think we are good to go on that part.
- s/getcw/getwd
- add gets_s
- remove getopt variants
- add realinkat
- discuss getnameinfo?
- rename tests
- update getnameinfo
- comment on source/propagator discrepancy
- update tests where 1 / tainted, and tainted cannot be 0
- renamed tests
clang/docs/analyzer/checkers.rst | ||
---|---|---|
2358 | getwd is the right one instead of getcw | |
clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp | ||
546–567 | I have added gets_s, and will add the _s variants for the others in the other patch that deals with the propagatorsj. | |
551–553 | I agree that the handling of these should be in another checker, I remember some false positives ( mainly uninteresting, typical "just won't fix" errors ) relating to getopt, and a domain-specific checker could be more appropriate here. | |
557 | Added | |
560 | The getnameinfo converts from struct sockaddr_in { sa_family_t sin_family; /* address family: AF_INET */ in_port_t sin_port; /* port in network byte order */ struct in_addr sin_addr; /* internet address */ }; /* Internet address */ struct in_addr { uint32_t s_addr; /* address in network byte order */ }; to hostname and servername strings. I know this is a bit contrived, and more on the cybersecurity side of things, so I am not sure whether to add this here, or add this in a specific checker, or just leave altogether. Please share your opinion about this. | |
562 | Added | |
clang/test/Analysis/taint-generic.c | ||
491 | Removed | |
498 | Added a comment | |
523 | fixed the test names |
Fewer nits this time.
We are converging!
clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp | ||
---|---|---|
560 | int readlinkat(int dirfd, const char *pathname, char *buf, size_t bufsiz); | |
560 | Let it be, I don't mind. We will remove it if we find some FPs for this. | |
clang/test/Analysis/taint-generic.c | ||
372 | Please, also rename this test case. |
Please check the docs if they are still in sync with the content.
I think it looks great overall.
typo/dup?
I cannot recognize the getcw() call. Could you please refer to the specification or an instance where it was defined?